logo
episode-header-image
Jul 2024
2h 49m

Episode 80: Pwn2Own VS H1 Live Hacking E...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne Events

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker

Today’s Guest: https://x.com/SinSinology

Blog: https://sinsinology.medium.com/

Resources:

WhatsUp Gold Pre-Auth RCE

Advanced .NET Exploitation Training

dnSpyEx

QEMU

Unicorn Engine

Qiling

libAFL

Alex Plaskett interview

TippingPoint

Flashback Team

Timestamps:

(00:00:00) Introduction

(00:12:45) Learning, Mentorship, and Failure

(00:29:34) Pentesting and Pwn2Own

(00:40:05) Hacking methodology

(01:01:57) Debuggers and shells in IoT Devices

(01:35:40) Differences between ZDI and HackerOne

(02:02:27) Pwn2Own Steps and Stories

(02:14:06) Master of Pwn Title

(02:29:54) Bug reports

Up next
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 26
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel fre ... Show More
58m 6s
Jun 19
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More
Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the awesome intro music!Today's Sponsor: Adobe====== This Week In Bug Bounty ====== ... Show More
1h 7m
Recommended Episodes
Mar 2016
Episode 214: 214: Atrophic Cohost
Sean, Kyle, and a chorus of small frogs discuss the Game Developers Conference, eating alone, atrophic organs, Slack vs Basecamp, the cost of abstractions, and tips for adding new team members. Braintree: An easy way to accept multiple payment types with one integration. Quick, k ... Show More
1h 23m
Oct 2024
The Ultimate Guide to Knowing Your Users as a PM | George Harter, 20+ Years of PM
As a PM, you have to be the expert in your user.In this episode, 20+ year PM George Harter (a 'Super IC PM') breaks down his two part strategy to knowing your users:Listening tourSurveysTune in for his methodology and much more - like navigating leadership challenges to the futur ... Show More
1h 23m
May 19
Redacted realities: Inside the MoJ hack.
The UK’s Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia-based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular ... Show More
33m 20s
May 2019
SLP70 Matt Odell - Putting Bitcoin into practice for noobs
Matt Odell, Bitcoin podcast co-host of the Rabbit Hole Recap joins me in this fun episode to talk about ways Bitcoiners can put theory into practice. Along the way we chat:  Challenges in educating noobs Common pitfalls and scams Approaches to take going forward How to avoid scam ... Show More
1h 3m
Nov 2024
#485: Secure coding for Python with SheHacksPurple
What do developers need to know about AppSec and building secure software? We have Tonya Janca (AKA SheHacksPurple) on the show to tell us all about it. We talk about what developers should expect from threat modeling events as well as concrete tips for security your apps and ser ... Show More
1h 9m
Feb 2025
SN 1014: FREEDOM Administration Login - Apple's UK Privacy Showdown, $1.5 Billion Crypto Heist
Apple disables Advanced Data Protection for new UK users. Paying ransoms is not as cut and dried as we might imagine. Elon Musk's "X" social media blocks "Signal.me" links. Spain's soccer league blocks Cloudflare and causes a mess. Two new (and rare) vulnerabilities discovered in ... Show More
2h 39m
Apr 2023
Changing Culture, Career Insights and Outcomes with Jason Lengstorf
Our 100th episode special with Jason Lengstorf! It's been a while since we've done an in-person episode, but Jason happened to be in the neighbourhood, so we made it happen 🙌 We had a blast and kept rolling longer than usual with exciting discussions on various topics 🚀 ... Show More
1h 51m
Jul 2019
SLP90 Pavlenex - BTCPayServer for Merchants
Episode 2 of the SLP BTCPayServer series! Pavlenex (BTCPayServer contributor and Operator of BitcoinShirt.co) joins me to talk about his journey in becoming a bitcoiner, and becoming a BTCPayServer contributor. We talk: How BTCPayServer helps a merchant accept Bitcoin Creating BT ... Show More
1h 1m
Listen to millions of songs and podcasts on Anghami