logo
episode-header-image
Nov 2024
1h 43m

Episode 98: Team 82 Sharon Brizinov - Th...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker: Check out Network Control!

https://www.criticalthinkingpodcast.io/tl-nc

And AssetNote: Check out their ASMR board (no not that kind!)

https://assetnote.io/asmr

Today’s Guest: https://sharonbrizinov.com/

Resources

The Claroty Research Team

https://claroty.com/team82

Pwntools

https://github.com/Gallopsled/pwntools

Scan My SMS

http://scanmysms.com

Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS

https://www.youtube.com/watch?v=EhNsXXbDp3U

Timestamps

(00:00:00) Introduction

(00:03:31) Sharon's Origin Story

(00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne

(00:47:05) IoT/ICS Hacking Methodology

(01:10:13) Cloud to Device Communication

(01:18:15) Bug replication and uncommon attack surfaces

(01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS

Up next
Aug 21
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecuri ... Show More
50m 53s
Aug 14
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twi ... Show More
1h 26m
Aug 4
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego ... Show More
1h 53m
Recommended Episodes
Mar 2016
Episode 214: 214: Atrophic Cohost
Sean, Kyle, and a chorus of small frogs discuss the Game Developers Conference, eating alone, atrophic organs, Slack vs Basecamp, the cost of abstractions, and tips for adding new team members. Braintree: An easy way to accept multiple payment types with one integration. Quick, k ... Show More
1h 23m
Dec 2024
ShopTalk & Friends (Changelog & Friends #72)
Chris Coyier and Dave Rupert join Adam and Jerod for a ShopTalk & Friends conversation on the viability of the web, making content, ads to support that content, Codepen’s future plans, books, side quests, and social networks devaluing links. Join the discussionChangelog++ members ... Show More
1h 34m
Jan 2015
17: Somewhere on The Monorail
This week Jason and Myke discuss Apple's software quality issues and the difficulty in diagnosing problems from outside an organization, why Family Sharing is a problematic feature, and what's good and bad about CES. Plus, Jason listens to Hello Internet and Myke listens ... Show More
1h 41m
Apr 2023
As a scammer, sometimes you need to fake it till you make it. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies an ... Show More
29m 55s
Jul 13
295: Hacker Tourism
Wired 04.12, December 1996: https://archive.org/details/wired-magazine-04.12-1996-decemberShow notes with page numbers for everything we discuss: https://tinyurl.com/techpod-295-wired-dec-96 Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord ... Show More
1h 20m
Apr 2023
SCaLE20x
In this episode we bring you with us to Southern California Linux Expo, or SCaLE20x in Pasadena, California. We interviewed several attendees about their experience at the conference. Featuring: Robin Phantomhive, attendee at SCaLE and community member Mofi Rahman, Developer Advo ... Show More
24m 14s
Apr 2023
Changing Culture, Career Insights and Outcomes with Jason Lengstorf
Our 100th episode special with Jason Lengstorf! It's been a while since we've done an in-person episode, but Jason happened to be in the neighbourhood, so we made it happen 🙌 We had a blast and kept rolling longer than usual with exciting discussions on various topics 🚀 ... Show More
1h 51m
Oct 2024
The Ultimate Guide to Knowing Your Users as a PM | George Harter, 20+ Years of PM
As a PM, you have to be the expert in your user.In this episode, 20+ year PM George Harter (a 'Super IC PM') breaks down his two part strategy to knowing your users:Listening tourSurveysTune in for his methodology and much more - like navigating leadership challenges to the futur ... Show More
1h 23m
Listen to millions of songs and podcasts on Anghami