Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits
Podcast: Critical Thinking - Bug Bounty PodcastPublished On: Thu Jan 15 2026
Description: Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: https://x.com/hyprdude====== This Week in Bug Bounty ======Top 10 web hacking techniques of 2025: call for nominationshttps://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-openCVE-2025-13467https://access.redhat.com/security/cve/cve-2025-13467====== Resources ======Hypr's Bloghttps://blog.coffinsec.commediatek? more like media-rekt, amirite.https://blog.coffinsec.com/0days/2025/12/15/more-like-mediarekt-amirite.htmlkernel-utilshttps://github.com/mellow-hype/kernel-utils====== Timestamps ======(00:00:00) Introduction(00:03:23) Heap Overflow in Mediatek Kernel Drivers(00:19:23) Kernel Debugging & ioctl Handlers (00:43:30) Input Structs, Sync to Source, & Privilege Escalation (00:51:30) HackerOne Ecosystem vs Pwn2Own Ecosystem (01:17:00) Kernel Utils(01:26:46) Real World Bugs for Exploit Development vs CTFs
The note was deleted
The note was saved
Your message was sent