Episode 120: SpaceRaccoon - From Day Zero to Zero Day
Critical Thinking - Bug Bounty Podcast1 Touko 2025

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker User Store

https://www.criticalthinkingpodcast.io

/tl-userstore

Today’s guest: https://x.com/spaceraccoonsec

====== Resources ======

Buy SpaceRaccoon's Book: From Day Zero to Zero Day

https://nostarch.com/zero-day

USE CODE 'ZERODAYDEAL' for 30% OFF

Pwning Millions of Smart Weighing Machines with API and Hardware Hacking

https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/

====== Timestamps ======

(00:00:00) Introduction

(00:04:58) From Day Zero to Zero Day

(00:12:06) Mapping Code to Attack Surface

(00:17:59) Day Zero and Taint Analysis

(00:22:43) Automated Variant Analysis & Binary Taxonomy

(00:31:35) Source and Sink Discovery

(00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing

(00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero

(01:02:16) Bug bounty, Vuln research, & Governmental work

(01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines

Jaksot(161)

Episode 65: Motivation and Methodology with Sam Curry (Zlz)

Episode 65: Motivation and Methodology with Sam Curry (Zlz)

Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and ...

4 Huhti 20242h 29min

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and ...

28 Maalis 20241h 8min

Episode 63: JHaddix Returns

Episode 63: JHaddix Returns

Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own ...

21 Maalis 20241h 21min

Episode 62: Frontend Language Oddities

Episode 62: Frontend Language Oddities

Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth look...

14 Maalis 202458min

Episode 61: A Hacker on Wall Street - JR0ch17

Episode 61: A Hacker on Wall Street - JR0ch17

Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. ...

7 Maalis 20241h 27min

Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023

Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023

Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.Follow us on twitter at: @ctbbpodcas...

29 Helmi 20241h 24min

Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition

Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition

Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through...

22 Helmi 20241h 39min

Episode 58: Youssef Sammouda - Client-Side & ATO War Stories

Episode 58: Youssef Sammouda - Client-Side & ATO War Stories

Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and p...

15 Helmi 20241h 54min