Episode 120: SpaceRaccoon - From Day Zero to Zero Day
Critical Thinking - Bug Bounty Podcast1 Maj 2025

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker User Store

https://www.criticalthinkingpodcast.io

/tl-userstore

Today’s guest: https://x.com/spaceraccoonsec

====== Resources ======

Buy SpaceRaccoon's Book: From Day Zero to Zero Day

https://nostarch.com/zero-day

USE CODE 'ZERODAYDEAL' for 30% OFF

Pwning Millions of Smart Weighing Machines with API and Hardware Hacking

https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/

====== Timestamps ======

(00:00:00) Introduction

(00:04:58) From Day Zero to Zero Day

(00:12:06) Mapping Code to Attack Surface

(00:17:59) Day Zero and Taint Analysis

(00:22:43) Automated Variant Analysis & Binary Taxonomy

(00:31:35) Source and Sink Discovery

(00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing

(00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero

(01:02:16) Bug bounty, Vuln research, & Governmental work

(01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines

Avsnitt(168)

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and ...

28 Mars 20241h 8min

Episode 63: JHaddix Returns

Episode 63: JHaddix Returns

Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own ...

21 Mars 20241h 21min

Episode 62: Frontend Language Oddities

Episode 62: Frontend Language Oddities

Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth look...

14 Mars 202458min

Episode 61: A Hacker on Wall Street - JR0ch17

Episode 61: A Hacker on Wall Street - JR0ch17

Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. ...

7 Mars 20241h 27min

Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023

Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023

Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.Follow us on twitter at: @ctbbpodcas...

29 Feb 20241h 24min

Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition

Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition

Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through...

22 Feb 20241h 39min

Episode 58: Youssef Sammouda - Client-Side & ATO War Stories

Episode 58: Youssef Sammouda - Client-Side & ATO War Stories

Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and p...

15 Feb 20241h 54min

Episode 57: Technical breakdown from Miami Hacking Event - H1-305

Episode 57: Technical breakdown from Miami Hacking Event - H1-305

Episode 57: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are live from Miami, and recap their experience and share takeaways from the live hacking event. They highlight t...

8 Feb 202432min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
bilar-med-sladd
rss-elektrikerpodden
har-vi-akt-till-mars-an
skogsforum-podcast
rss-technokratin
rss-veckans-ai
natets-morka-sida
rss-en-ai-till-kaffet
rss-laddstationen-med-elbilen-i-sverige
hej-bruksbil
rss-powerboat-sverige-podcast
gubbar-som-tjotar-om-bilar
teknikveckan
bli-saker-podden
rss-sakerhetspodcasten
rss-upplyst-entreprenordirektor
developers-mer-an-bara-kod