Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)
Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne Events
Follow us on twitter at: https://twitter.com/ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
https://twitter.com/realytcracker
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest: https://x.com/SinSinology
Resources:
WhatsUp Gold Pre-Auth RCE
https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/
Advanced .NET Exploitation Training
https://summoning.team/
dnSpyEx
https://github.com/dnSpyEx
Unicorn Engine
https://www.unicorn-engine.org/
Qiling
https://qiling.io/
libAFL
https://github.com/AFLplusplus/LibAFL
Alex Plaskett interview:
https://www.youtube.com/watch?v=uBu9B0tNObs
Flashback Team
https://www.flashback.sh/
Timestamps:
(00:00:00) Introduction
(00:12:45) Learning, Mentorship, and Failure
(00:29:34) Pentesting and Pwn2Own
(00:40:05) Hacking methodology
(01:01:57) Debuggers and shells in IoT Devices
(01:35:40) Differences between ZDI and HackerOne
(02:02:27) Pwn2Own Steps and Stories
(02:14:06) Master of Pwn Title
(02:29:54) Bug reports
