• Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

  • Sep 19 2024
  • Length: 1 hr and 58 mins
  • Podcast

Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

  • Summary

  • Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt’s personal Methodology. Then we switch over to touch on BGA Reballing, Certificate Pinning and Validation, and some of his own bug stories.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder

    Today’s Guess Matt Brown: https://x.com/nmatt0

    Resources:

    Decrypting SSL to Chinese Cloud Servers

    https://www.youtube.com/watch?v=3qSxxNvuEtg

    mitmrouter

    https://github.com/nmatt0/mitmrouter

    certmitm Automatic Exploitation of TLS Certificate Validation Vulns

    https://www.youtube.com/watch?v=w_l2q_Gyqfo

    and

    https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Aapo%20Oksman%20-%20certmitm%20automatic%20exploitation%20of%20TLS%20certificate%20validation%20vulnerabilities.pdf

    https://github.com/aapooksman/certmitm

    HackerOne Detailed Platform Standards

    https://docs.hackerone.com/en/articles/8369826-detailed-platform-standards

    Timestamps:

    (00:00:00) Introduction

    (00:13:33) Specialization and Challenges of IOT Hacking

    (00:33:03) Decrypting SSL to Chinese Cloud Servers

    (00:47:00) General IoT Hacking Methodology

    (01:26:00) Certificate Pinning and Certificate Validation

    (01:34:35) BGA Reballing

    (01:43:26) Bug Stories

    Show more Show less
activate_Holiday_promo_in_buybox_DT_T2

What listeners say about Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.