Critical Thinking - Bug Bounty Podcast

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Nov 21, 2024

Sharon Brizinov, a leading IoT/ICS security researcher at Claroty, shares his captivating journey from iOS development to cybersecurity. He dives into the contrasting worlds of Pwn2Own and HackerOne, revealing their unique exploit ecosystems. The discussion explores the challenges of SCADA protocols and hacking vulnerabilities in critical infrastructure systems. Sharon also touches on the intricacies of IoT firmware and the importance of security in device communication, all while emphasizing the creativity essential for mastering the bug bounty landscape.

01:43:57

Creator website

Episode guests

Sharon Brizinov

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Sharon Brizinov's journey from iOS development to leading a research team underscores the importance of passion in cybersecurity careers.

The transition from exploiting obscure attack surfaces to established platforms like HackerOne highlights the need for adaptability in bug hunting.

Participating in Capture The Flag challenges significantly enhances hacking skills, exposing participants to vital techniques and concepts beyond typical web applications.

Deep dives

The Importance of Internal Network Security

Many companies are neglecting their internal network security, which can lead to significant vulnerabilities once an attacker penetrates the external attack surface. After gaining access to a network, security professionals often notice numerous accessible shares and ports, making it easy for an intruder to exploit exposed services. To counter this problem, effective internal network control measures need to be in place, and one potential solution is ThreatLocker's Network Control product. This tool simplifies the management of what ports are exposed on various hosts, facilitating better security and control over network access.

Intro

2min

From Development to Hacking: A Cybersecurity Journey

11min

Navigating the Challenges of SCADA Protocols

2min

Hacking Vulnerabilities in Critical Infrastructure

10min

Navigating Cybersecurity Competitions

18min

Pwn2Own vs HackerOne: A Comparative Analysis

3min

Exploring Hacker Bounties and Attack Surface Management Opportunities

4min

Navigating IoT Firmware Challenges

10min

The Security Landscape of IoT Communication

19min

10.

Navigating the Bug Bounty Landscape

9min

11.

Unraveling SIP and VoIP Vulnerabilities

15min

12.

Decoding Scams: The Intersection of AI and Technology

2min

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker: Check out Network Control!

https://www.criticalthinkingpodcast.io/tl-nc

And AssetNote: Check out their ASMR board (no not that kind!)

https://assetnote.io/asmr

Today’s Guest: https://sharonbrizinov.com/

Resources

The Claroty Research Team

https://claroty.com/team82

Pwntools

https://github.com/Gallopsled/pwntools

Scan My SMS

http://scanmysms.com

Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS

https://www.youtube.com/watch?v=EhNsXXbDp3U

Timestamps

(00:00:00) Introduction

(00:03:31) Sharon's Origin Story

(00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne

(00:47:05) IoT/ICS Hacking Methodology

(01:10:13) Cloud to Device Communication

(01:18:15) Bug replication and uncommon attack surfaces

(01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Critical Thinking - Bug Bounty Podcast

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Internal Network Security

The Journey of a Security Researcher

The Role of CTFs in Skill Development

Navigating the Bug Bounty Landscape

Exploring External Protocols Beyond HTTP

Community Contributions to Combat Scams

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Critical Thinking - Bug Bounty Podcast

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Internal Network Security

The Journey of a Security Researcher

The Role of CTFs in Skill Development

Navigating the Bug Bounty Landscape

Exploring External Protocols Beyond HTTP

Community Contributions to Combat Scams

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights