Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor - ThreatLocker User Store
https://www.criticalthinkingpodcast.io
/tl-userstore
Today’s guest: https://x.com/spaceraccoonsec
====== Resources ======
Buy SpaceRaccoon's Book: From Day Zero to Zero Day
https://nostarch.com/zero-day
USE CODE 'ZERODAYDEAL' for 30% OFF
Pwning Millions of Smart Weighing Machines with API and Hardware Hacking
https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/
====== Timestamps ======
(00:00:00) Introduction
(00:04:58) From Day Zero to Zero Day
(00:12:06) Mapping Code to Attack Surface
(00:17:59) Day Zero and Taint Analysis
(00:22:43) Automated Variant Analysis & Binary Taxonomy
(00:31:35) Source and Sink Discovery
(00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing
(00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero
(01:02:16) Bug bounty, Vuln research, & Governmental work
(01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines
