logo
episode-header-image
Sep 2024
1h 58m

Episode 89: The Untapped Bug Bounty Land...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt’s personal Methodology. Then we switch over to touch on BGA Reballing, Certificate Pinning and Validation, and some of his own bug stories.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder

Today’s Guess Matt Brown: https://x.com/nmatt0

Resources:

Decrypting SSL to Chinese Cloud Servers

https://www.youtube.com/watch?v=3qSxxNvuEtg

mitmrouter

https://github.com/nmatt0/mitmrouter

certmitm Automatic Exploitation of TLS Certificate Validation Vulns

https://www.youtube.com/watch?v=w_l2q_Gyqfo

and

https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Aapo%20Oksman%20-%20certmitm%20automatic%20exploitation%20of%20TLS%20certificate%20validation%20vulnerabilities.pdf

https://github.com/aapooksman/certmitm

HackerOne Detailed Platform Standards

https://docs.hackerone.com/en/articles/8369826-detailed-platform-standards

Timestamps:

(00:00:00) Introduction

(00:13:33) Specialization and Challenges of IOT Hacking

(00:33:03) Decrypting SSL to Chinese Cloud Servers

(00:47:00) General IoT Hacking Methodology

(01:26:00) Certificate Pinning and Certificate Validation

(01:34:35) BGA Reballing

(01:43:26) Bug Stories

Up next
Aug 21
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecuri ... Show More
50m 53s
Aug 14
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twi ... Show More
1h 26m
Aug 4
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego ... Show More
1h 53m
Recommended Episodes
Apr 2023
SCaLE20x
In this episode we bring you with us to Southern California Linux Expo, or SCaLE20x in Pasadena, California. We interviewed several attendees about their experience at the conference. Featuring: Robin Phantomhive, attendee at SCaLE and community member Mofi Rahman, Developer Advo ... Show More
24m 14s
Dec 2021
Rabbit Hole Recap #176: Party rip
This week Marty and Matt discuss: - Swan adds taproot support and api, no longer supporting ny - Major swiss tech company ceo runs surveillance operation - Malicious actor appears to be attacking Tor - Sparrow Wallet v1.5.3 - Mercury Wallet v0.4.62 - btc-rpc-explorer v3.3.0 - Zap ... Show More
1h 59m
Nov 2024
Mozilla's GenAI Bug Bounty And Education Program - Serious Exploits: Interview With Marco Figueroa, GenAI Bug Bounty Program Manager for Mozilla's ODIN Project. Cyber Security Today Weekend for Nov 9,
Jailbreaking AI: Behind the Guardrails with Mozilla's Marco Figueroa In this episode of 'Cyber Security Today,' host Jim Love talks with Marco Figueroa, the Gen AI Bug Bounty Program Manager for Mozilla's ODIN project. They explore the challenges and methods of bypassing guardrai ... Show More
38m 24s
Nov 2020
SLP231 Stepan Snigirev Build Your Own Hardware Wallet with Specter DIY
Stepan Snigirev (CTO Crypto Advance), and renowned hardware wallet maker rejoins me on the show to talk about Specter DIY and Specter Desktop updates. We chat: Why make your own Security model vs other HWWs Airgapping with QR Use in multi sig setups Specter Desktop updates Links: ... Show More
1h 10m
Apr 2025
CVE program gets last-minute lifeline.
The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SE ... Show More
33m 39s
Dec 2020
SLP238 Zach Herbert & Ken Carpenter - Passport by Foundation Devices: Air Gapped Hardware Wallet
The market for high quality hardware wallets is becoming more competitive with new entrants over time. Zach Herbert & Ken Carpenter of Foundation Devices join me to talk about their new upcoming product, Passport. Passport is fully air gapped (QR or microSD), PSBT, and designed w ... Show More
1h 3m
Sep 2020
SLP215 Michael Flaxman - 10x Your Bitcoin Security With Multisig
After terrifying everyone with his prior SLP appearance re: hardware wallet security, Michael Flaxman rejoins me on the show to talk about his new multisig guide to help users secure their coins without any single point of failure. We cover: What’s improved in the space since las ... Show More
2h 33m
Feb 2021
SLP252 NVK Bitcoin Hardware Wallets vs Air Gapped Computers
NVK, CEO of CoinKite joins me on the show to talk about hardware wallets, air gapped computers and all kinds of useful security questions. This episode will help you learn about the kinds of attacks possible against air gapped computers and hardware wallets, as well as bring some ... Show More
1h 2m
Listen to millions of songs and podcasts on Anghami