SpaceRaccoon - From Day Zero to Zero Day (Ep.120)

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: [email protected] Shoutout to   / realytcracker   for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Sponsor - ThreatLocker User Store https://www.criticalthinkingpodcast.io /tl-userstore Today’s guest: https://x.com/spaceraccoonsec ====== Resources ====== Buy SpaceRaccoon's Book: From Day Zero to Zero Day https://nostarch.com/zero-day USE CODE 'ZERODAYDEAL' for 30% OFF Pwning Millions of Smart Weighing Machines with API and Hardware Hacking https://spaceraccoon.dev/pwning-milli... ====== Timestamps ====== (00:00:00) Introduction (00:04:58) From Day Zero to Zero Day (00:12:06) Mapping Code to Attack Surface (00:17:59) Day Zero and Taint Analysis (00:22:43) Automated Variant Analysis & Binary Taxonomy (00:31:35) Source and Sink Discovery (00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing (00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero (01:02:16) Bug bounty, Vuln research, & Governmental work (01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines