logo
episode-header-image
Jul 2024
2h 49m

Episode 80: Pwn2Own VS H1 Live Hacking E...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne Events

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker

Today’s Guest: https://x.com/SinSinology

Blog: https://sinsinology.medium.com/

Resources:

WhatsUp Gold Pre-Auth RCE

Advanced .NET Exploitation Training

dnSpyEx

QEMU

Unicorn Engine

Qiling

libAFL

Alex Plaskett interview

TippingPoint

Flashback Team

Timestamps:

(00:00:00) Introduction

(00:12:45) Learning, Mentorship, and Failure

(00:29:34) Pentesting and Pwn2Own

(00:40:05) Hacking methodology

(01:01:57) Debuggers and shells in IoT Devices

(01:35:40) Differences between ZDI and HackerOne

(02:02:27) Pwn2Own Steps and Stories

(02:14:06) Master of Pwn Title

(02:29:54) Bug reports

Up next
Aug 21
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecuri ... Show More
50m 53s
Aug 14
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twi ... Show More
1h 26m
Aug 4
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego ... Show More
1h 53m
Recommended Episodes
Mar 2016
Episode 214: 214: Atrophic Cohost
Sean, Kyle, and a chorus of small frogs discuss the Game Developers Conference, eating alone, atrophic organs, Slack vs Basecamp, the cost of abstractions, and tips for adding new team members. Braintree: An easy way to accept multiple payment types with one integration. Quick, k ... Show More
1h 23m
Oct 2024
The Ultimate Guide to Knowing Your Users as a PM | George Harter, 20+ Years of PM
As a PM, you have to be the expert in your user.In this episode, 20+ year PM George Harter (a 'Super IC PM') breaks down his two part strategy to knowing your users:Listening tourSurveysTune in for his methodology and much more - like navigating leadership challenges to the futur ... Show More
1h 23m
May 19
Redacted realities: Inside the MoJ hack.
The UK’s Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia-based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular ... Show More
33m 20s
May 2019
SLP70 Matt Odell - Putting Bitcoin into practice for noobs
Matt Odell, Bitcoin podcast co-host of the Rabbit Hole Recap joins me in this fun episode to talk about ways Bitcoiners can put theory into practice. Along the way we chat:  Challenges in educating noobs Common pitfalls and scams Approaches to take going forward How to avoid scam ... Show More
1h 3m
Nov 2024
#485: Secure coding for Python with SheHacksPurple
What do developers need to know about AppSec and building secure software? We have Tonya Janca (AKA SheHacksPurple) on the show to tell us all about it. We talk about what developers should expect from threat modeling events as well as concrete tips for security your apps and ser ... Show More
1h 9m
Feb 2025
SN 1014: FREEDOM Administration Login - Apple's UK Privacy Showdown, $1.5 Billion Crypto Heist
Apple disables Advanced Data Protection for new UK users. Paying ransoms is not as cut and dried as we might imagine. Elon Musk's "X" social media blocks "Signal.me" links. Spain's soccer league blocks Cloudflare and causes a mess. Two new (and rare) vulnerabilities discovered in ... Show More
2h 39m
Apr 2023
Changing Culture, Career Insights and Outcomes with Jason Lengstorf
Our 100th episode special with Jason Lengstorf! It's been a while since we've done an in-person episode, but Jason happened to be in the neighbourhood, so we made it happen 🙌 We had a blast and kept rolling longer than usual with exciting discussions on various topics 🚀 ... Show More
1h 51m
Jul 2019
SLP90 Pavlenex - BTCPayServer for Merchants
Episode 2 of the SLP BTCPayServer series! Pavlenex (BTCPayServer contributor and Operator of BitcoinShirt.co) joins me to talk about his journey in becoming a bitcoiner, and becoming a BTCPayServer contributor. We talk: How BTCPayServer helps a merchant accept Bitcoin Creating BT ... Show More
1h 1m
Listen to millions of songs and podcasts on Anghami