Episode 120: SpaceRaccoon - From Day Zero to Zero Day
Critical Thinking - Bug Bounty Podcast1 Maj 2025

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker User Store

https://www.criticalthinkingpodcast.io

/tl-userstore

Today’s guest: https://x.com/spaceraccoonsec

====== Resources ======

Buy SpaceRaccoon's Book: From Day Zero to Zero Day

https://nostarch.com/zero-day

USE CODE 'ZERODAYDEAL' for 30% OFF

Pwning Millions of Smart Weighing Machines with API and Hardware Hacking

https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/

====== Timestamps ======

(00:00:00) Introduction

(00:04:58) From Day Zero to Zero Day

(00:12:06) Mapping Code to Attack Surface

(00:17:59) Day Zero and Taint Analysis

(00:22:43) Automated Variant Analysis & Binary Taxonomy

(00:31:35) Source and Sink Discovery

(00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing

(00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero

(01:02:16) Bug bounty, Vuln research, & Governmental work

(01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines

Avsnitt(161)

Episode 33: The Master of Hacker Show&Tell: Inti De Ceukelaire

Episode 33: The Master of Hacker Show&Tell: Inti De Ceukelaire

Episode 33: In this episode of Critical Thinking - Bug Bounty Podcast, we welcome Inti De Ceukelaire, a seasoned bug hunter known for his creative storytelling and impactful show-and-tell bugs…and let...

24 Aug 20231h 22min

Episode 32: The Great Write-up Low-down

Episode 32: The Great Write-up Low-down

Episode 32: In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hack...

17 Aug 20231h 1min

Episode 31: Alex Chapman - The Man of Many Crits

Episode 31: Alex Chapman - The Man of Many Crits

Episode 31: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by Alex Chapman, a seasoned InfoSec hacker and bug bounty hunter. We kick off with Alex sharing his h...

10 Aug 20231h 24min

Episode 30: Recon Legend Shubs - From Burgers to Bounties

Episode 30: Recon Legend Shubs - From Burgers to Bounties

Episode 30: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by renowned bug bounty hunter Shubs. We kick off with him sharing his journey from burgers to bugs, a...

3 Aug 20231h 19min

Episode 29: Live Episode with Sean Yeoh - Assetnote Engineer

Episode 29: Live Episode with Sean Yeoh - Assetnote Engineer

Episode 29: In this episode of Critical Thinking - Bug Bounty Podcast sit down with Assetnote Engineer Sean Yeoh, and pick his brain about what he's learned on his development journey. We talk about t...

27 Juli 202359min

Episode 28: Surfin' with CSRFs

Episode 28: Surfin' with CSRFs

Episode 28: In this episode of Critical Thinking - Bug Bounty Podcast, the CSRF’s up, dude! We kick off with a debate about whether or not deep link vulns in mobile apps can be considered CSRF. We als...

20 Juli 20231h 18min

Episode 27: Top 7 Esoteric Web Vulnerabilities

Episode 27: Top 7 Esoteric Web Vulnerabilities

Episode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and tal...

13 Juli 20231h 20min

Episode 26: Client-side Quirks & Browser Hacks

Episode 26: Client-side Quirks & Browser Hacks

In this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We compare the different vibes of each LHE, then...

6 Juli 20231h 33min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
bilar-med-sladd
natets-morka-sida
rss-elektrikerpodden
rss-laddstationen-med-elbilen-i-sverige
rss-veckans-ai
skogsforum-podcast
bli-saker-podden
bosse-bildoktorn-och-hasse-p
rss-uppgang-och-fall
rss-en-ai-till-kaffet
rss-ai-med-katarina-gospic-och-viggo-cavling
rss-technokratin
developers-mer-an-bara-kod
rss-digitala-influencer-podden
rss-sogeti-sweden-podcasts
rss-fabriken-2
rss-snacka-om-ai