Episode #27 - Ok Google, sudo ./hacktheplanet
Ok Google! Bypass authentication..and while we're at it, lets explot sudo and OpenSMPTD for root access. This week we dive into various code bases to explore several recent exploits that take advantage of some common yet subtle issues.
LinkEpisode 26 - Return of the Zombieload, Bezos Hacked, and other exploits
This week we look at 15 CVEs this week including the new MDS Attacks/Zombieload and GhostImage a cool attack against vision-based classification systems. We also have discussion about mobile vs desktop security.
LinkEpisode 25 - Project Verona, CurveBall, CableHaunt, and RCEs-a-plenty
Start off with some discussions about Google, privacy, Rust, and entitlement within open-source software. Then we look at some of the big vulns of the past week including CurveBall, CabelHaunt, and an RDP RCE.
LinkEpisode 24 - SHA-mbles, Shitrix, Responsible Disclosure, and wtf is TikTok doing.
Start off with zi fumbling to describe Sha-mbles, but quickly get into our groove as we discuss #Shitrix, Responsible Disclosure, and other exploits.
LinkEpisode 23 - First Edge bounty, Hacking Tesla, Cisco advisories, and Shadow Clones
First episode of the decade! First, CCC then some Kali news and all the technical details we can find behind several issues impacting the new Edge browser, Teslas, Cisco DC Network Manager, and others. Ending off with a discussion about a Data-Oriented Programming attack mitigation: Shadow clones.
LinkEpisode 22 - PlunderVolt, Real-World Bug Hunting, Presidents Cup CTF, SockPuppet and more
Starting off the episode is a quick review of Real-World Bug Hunting before moving into this week's news and the Plundervolt vulnerability.
LinkEpisode 21 - Permanent DoS, HackerOne Hacked, and Wide-OpenBSD
Permanent Android DoS vulnerability, snooping on VPN traffic, value of anti-viruses, contact-less payment vulnerabilities, and more in this episode of DAY[0]
LinkEpisode 20 - CWE Top 25, Hacking Anti-Viruses and Adversarial Machine Learning Attacks
In this episode we discuss some recent news regarding encryption laws, and the DHS updating the CWE Top 25 list. Then move into a handful of exploits before ending with some discussions about defending and attacking machine learning systems.
LinkEpisode 19 - What Does The NSA Say?
In this episode we discuss a recent NSA advisory regarding best practices for intercepting TLS traffic. We also take a look at a recent DOM Clobbering (XSS) finding, several VNC exploits, and end with a discussion on fuzzer performance and hardening against power-analysis side channels.
LinkBlack Friday for Security Professionals
Plenty of websites are offering deals for Black Friday, these are the places we plan to check out.
LinkAnalyzing Android's CVE-2019-2215 (/dev/binder UAF)
Over the past few weeks, those of you who frequent the DAY[0] streams over on our Twitch may have seen me working on trying to understand the recent Android Binder Use-After-Free (UAF) published by Google's Project Zero (p0). This bug is actually not new, the issue was discovered and fixed in the mainline kernel in February 2018, however, p0 discovered many popular devices did not receive the patch downstream. Some of these devices include the Pixel 2, the Huawei P20, and Samsung Galaxy S7, S8,
Link





