Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: [email protected] Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker: Check out Network Control! https://www.criticalthinkingpodcast.io/tl-nc And AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Today’s Guest: https://sharonbrizinov.com/ Resources The Claroty Research Team https://claroty.com/team82 Pwntools https://github.com/Gallopsled/pwntools Scan My SMS http://scanmysms.com Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS https://www.youtube.com/watch?v=EhNsXXbDp3U Timestamps (00:00:00) Introduction (00:03:31) Sharon's Origin Story (00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne (00:47:05) IoT/ICS Hacking Methodology (01:10:13) Cloud to Device Communication (01:18:15) Bug replication and uncommon attack surfaces (01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS