Critical Thinking - Bug Bounty Podcast

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

May 1, 2025
In this engaging discussion, Eugene Lim, aka SpaceRaccoon, a vulnerability research expert and author of 'From Day Zero to Zero Day', tackles fascinating topics like binary analysis and fuzzing techniques. He highlights the crucial relationship between code interconnectedness and security vulnerabilities. The conversation also delves into dynamic analysis methods and the evolving landscape of IoT security, using unique case studies. Eugene's personal anecdotes and practical insights make the complex world of cybersecurity accessible and exciting for listeners.
Ask episode
AI Snips
Chapters
Books
Transcript
Episode notes
INSIGHT

Binaries Are Not Just One Type

  • Binary files are diverse, ranging from JavaScript bundled with Electron to compiled Golang executables.
  • Understanding binary types opens many easier reverse engineering opportunities than jumping straight into assembly code.
ADVICE

Expand Attack Surface Horizons

  • Explore and expand your definition of an application's attack surface beyond standard HTTP endpoints.
  • Investigate adjacent technologies like WebRTC and browser APIs to uncover more vulnerabilities.
ADVICE

Apply Practical Taint Analysis

  • Use taint analysis to trace inputs (sources) through code to vulnerable functions (sinks).
  • Abstract complex flows like sanitizers or propagations to better identify exploitable code paths.
Get the Snipd Podcast app to discover more snips from this episode
Get the app