261 - Attacking Browser Extensions and CyberPanel

In this week's episode, we talk a little bit about LLMs and how they can be used with static analysis. We also cover GitHub Security Blog's post on attacking browser extensions, as well as a somewhat controversial CyberPanel Pre-Auth RCE that was disclosed.
 

260 - Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation

In this week's episode, Specter recaps his experiences at Hardwear.IO and a PS5 hypervisor exploit chain presented there. We also cover some of the recently released DEF CON 32 talks. After the conference talk, we get into some filesystem exploit tricks and how arbitrary file write can be taken to code execution in read-only environments.
 

255 - Iterating Exploits & Extracting SGX Keys

We are back and testing out a new episode format focusing more on discussion than summaries. We start talking a bit about the value of learning hacking by iterating on the same exploit and challenging yourself as a means of practicing the creative parts of exploitation. Then we dive into the recent Intel SGX fuse key leak, talk a bit about what it means, how it happened. We are seeking feedback on this format. Particularly interested in those of you with more of a bug bounty or higher-level focus if an episode like this would still be appealing? If you want to share any feedback feel free to DM us (@__zi or @specterdev) or email us at media [at] dayzerosec.com
 

Getting Started with Exploit Development

Many resources for learning exploit development focus on specific tricks rather than underlying principles. My roadmap aims to teach the fundamentals of memory corruption to help you grasp modern, complex exploits.
 
1
2
3
4
5
6
7
8
9
10
11