Critical Thinking - Bug Bounty Podcast

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

May 1, 2025

In this engaging discussion, Eugene Lim, aka SpaceRaccoon, a vulnerability research expert and author of 'From Day Zero to Zero Day', tackles fascinating topics like binary analysis and fuzzing techniques. He highlights the crucial relationship between code interconnectedness and security vulnerabilities. The conversation also delves into dynamic analysis methods and the evolving landscape of IoT security, using unique case studies. Eugene's personal anecdotes and practical insights make the complex world of cybersecurity accessible and exciting for listeners.

01:36:57

Creator website

Episode guests

Eugene Lim

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Understanding binaries requires unique analytical approaches, especially with complex frameworks like Electron and Java that mask true vulnerabilities.

ThreatLocker's innovations in zero trust principles streamline application validation, improving efficiency for cybersecurity response teams and users alike.

Eugene Lim's insights highlight the foundational aspects of vulnerability research, emphasizing the recognition of attack vectors and code review skills.

Dynamic analysis combined with interdisciplinary research empowers hackers to unveil vulnerabilities by connecting insights from various domains and techniques.

Deep dives

The Complexity of Binaries

Binaries are not inherently straightforward; they come in various forms, each requiring unique approaches for analysis and exploitation. Hackers need to understand that despite the seemingly binary nature of certain applications, many are built on complex frameworks like Electron or Java, which can be unpacked and examined. This complexity allows for a more effective understanding of how applications operate, leading to better vulnerability research outcomes. By demystifying binaries, researchers can utilize a multitude of techniques to analyze and reverse engineer targets efficiently.

Intro

4min

Journey Through Vulnerability Research

20min

Concerns Over CVE Program and Evolving Security Practices

3min

Demystifying Binary Research: Approaches to Reverse Engineering

4min

Navigating Source Code: Analyzing and Exploiting Vulnerabilities

8min

Dynamic Analysis and Fuzzing in Security Research

29min

Navigating Security Challenges in Technology

6min

Exploring IoT Security and the Fun Behind Vulnerabilities

1min

Cultural Variations in Language: The Weighing Machine Debate

2min

10.

Adventures in Hardware Hacking

18min

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book.

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker User Store

https://www.criticalthinkingpodcast.io

/tl-userstore

Today’s guest: https://x.com/spaceraccoonsec

====== Resources ======

Buy SpaceRaccoon's Book: From Day Zero to Zero Day

https://nostarch.com/zero-day

USE CODE 'ZERODAYDEAL' for 30% OFF

Pwning Millions of Smart Weighing Machines with API and Hardware Hacking

https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/

====== Timestamps ======