logo
episode-header-image
Nov 2024
1h 43m

Episode 98: Team 82 Sharon Brizinov - Th...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker: Check out Network Control!

https://www.criticalthinkingpodcast.io/tl-nc

And AssetNote: Check out their ASMR board (no not that kind!)

https://assetnote.io/asmr

Today’s Guest: https://sharonbrizinov.com/

Resources

The Claroty Research Team

https://claroty.com/team82

Pwntools

https://github.com/Gallopsled/pwntools

Scan My SMS

http://scanmysms.com

Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS

https://www.youtube.com/watch?v=EhNsXXbDp3U

Timestamps

(00:00:00) Introduction

(00:03:31) Sharon's Origin Story

(00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne

(00:47:05) IoT/ICS Hacking Methodology

(01:10:13) Cloud to Device Communication

(01:18:15) Bug replication and uncommon attack surfaces

(01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS

Up next
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 26
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel fre ... Show More
58m 6s
Jun 19
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More
Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the awesome intro music!Today's Sponsor: Adobe====== This Week In Bug Bounty ====== ... Show More
1h 7m
Recommended Episodes
Mar 2016
Episode 214: 214: Atrophic Cohost
Sean, Kyle, and a chorus of small frogs discuss the Game Developers Conference, eating alone, atrophic organs, Slack vs Basecamp, the cost of abstractions, and tips for adding new team members. Braintree: An easy way to accept multiple payment types with one integration. Quick, k ... Show More
1h 23m
Dec 2024
ShopTalk & Friends (Changelog & Friends #72)
Chris Coyier and Dave Rupert join Adam and Jerod for a ShopTalk & Friends conversation on the viability of the web, making content, ads to support that content, Codepen’s future plans, books, side quests, and social networks devaluing links. Join the discussionChangelog++ members ... Show More
1h 34m
Jan 2015
17: Somewhere on The Monorail
This week Jason and Myke discuss Apple's software quality issues and the difficulty in diagnosing problems from outside an organization, why Family Sharing is a problematic feature, and what's good and bad about CES. Plus, Jason listens to Hello Internet and Myke listens ... Show More
1h 41m
Apr 2023
As a scammer, sometimes you need to fake it till you make it. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies an ... Show More
29m 55s
Apr 2023
SCaLE20x
In this episode we bring you with us to Southern California Linux Expo, or SCaLE20x in Pasadena, California. We interviewed several attendees about their experience at the conference. Featuring: Robin Phantomhive, attendee at SCaLE and community member Mofi Rahman, Developer Advo ... Show More
24m 14s
Apr 2023
Changing Culture, Career Insights and Outcomes with Jason Lengstorf
Our 100th episode special with Jason Lengstorf! It's been a while since we've done an in-person episode, but Jason happened to be in the neighbourhood, so we made it happen 🙌 We had a blast and kept rolling longer than usual with exciting discussions on various topics 🚀 ... Show More
1h 51m
Oct 2024
The Ultimate Guide to Knowing Your Users as a PM | George Harter, 20+ Years of PM
As a PM, you have to be the expert in your user.In this episode, 20+ year PM George Harter (a 'Super IC PM') breaks down his two part strategy to knowing your users:Listening tourSurveysTune in for his methodology and much more - like navigating leadership challenges to the futur ... Show More
1h 23m
May 2019
SLP70 Matt Odell - Putting Bitcoin into practice for noobs
Matt Odell, Bitcoin podcast co-host of the Rabbit Hole Recap joins me in this fun episode to talk about ways Bitcoiners can put theory into practice. Along the way we chat:  Challenges in educating noobs Common pitfalls and scams Approaches to take going forward How to avoid scam ... Show More
1h 3m
Listen to millions of songs and podcasts on Anghami