What happens when a vendor refused to fix your bug? Well you can go claim a bunch of bounties with it. We also talk about some novel request smuggling research on this episode.
North Korea is at it again targeting researchers, 0day hoarding, breaching secure hardware, and fuzzing on this weeks episode.
We are joined by Bastian Gruber to start the episode with a discussion about Rust. Then we'll dive into a few interesting vulnerabilities this week including yet another ECDSA implementation issue and some header smuggling research.
Some interesting vulnerability envrionments this week, some Trusted App issues, a couple Linux Kernel vulns, and a look at memory safety issues in unsafe Rust.
A discussion heavy episode this week, starting off with the "new" Trojan Source attackers, and then talking about a handful of interesting vulnerabilities.
This week we dive into PHP-FPM internals to look at escelating from a worker process to the root process, anotehr GDI bug, and a type confusion.
A couple unique vulns this week involving getting extra coins on Reddit, and bypassing certificate checking for a Discourse RCE.
We start off this week with a look at in-the-wild 0days from the past seven years, before diving into some pretty awesome bugs this week including a OOB access in Squirrel (programming language), a couple Linux kernel issues and a Chrome garbage collector bug.
Just four bugs this week, but that all are somewhat interesting, from an Instagram 2FA removal, deanonymizing Slack users, a MySQL bug, and how to get cheap reddit coins.
Tianfu Cup happened this week, we also got some cool windows and webkit issues, along side an improvment to the House of IO attack