Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

Critical Research Lab:

https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Guest: https://x.com/hyprdude

====== This Week in Bug Bounty ======

Top 10 web hacking techniques of 2025: call for nominations

https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open

CVE-2025-13467

https://access.redhat.com/security/cve/cve-2025-13467

====== Resources ======

Hypr's Blog

https://blog.coffinsec.com

mediatek? more like media-rekt, amirite.

https://blog.coffinsec.com/0days/2025/12/15/more-like-mediarekt-amirite.html

kernel-utils

https://github.com/mellow-hype/kernel-utils

====== Timestamps ======

(00:00:00) Introduction

(00:03:23) Heap Overflow in Mediatek Kernel Drivers

(00:19:23) Kernel Debugging & ioctl Handlers

(00:43:30) Input Structs, Sync to Source, & Privilege Escalation

(00:51:30) HackerOne Ecosystem vs Pwn2Own Ecosystem

(01:17:00) Kernel Utils

(01:26:46) Real World Bugs for Exploit Development vs CTFs