dayzerosec

94 - A Kernel Race, SuDump, and a Chrome Garbage Collector Bug

27 October 2021

We start off this week with a look at in-the-wild 0days from the past seven years, before diving into some pretty awesome bugs this week including a OOB access in Squirrel (programming language), a couple Linux kernel issues and a Chrome garbage collector bug.
- podcast
- binary-podcast
93 - A Slack Attack and a MySQL Scientific Notation Bug

26 October 2021

Just four bugs this week, but that all are somewhat interesting, from an Instagram 2FA removal, deanonymizing Slack users, a MySQL bug, and how to get cheap reddit coins.
- podcast
- bounty-podcast
92 - WebKit Bugs, a Windows Race, and House of IO Improved

20 October 2021

Tianfu Cup happened this week, we also got some cool windows and webkit issues, along side an improvment to the House of IO attack
- podcast
- binary-podcast
91 - WebSocket Hijacking, GitHub review bypass and SQLi to RCE

19 October 2021

Just a handful of traditional vulns this week: IDOR, CSRF, SQLi, a logic vuln and zi's boomer side starts to show.
- podcast
- bounty-podcast
90 - HyperKit Bugs & an Open5GS Stack Overflow

13 October 2021

Uninitialized variables everywhere in Hyperkit, and a Open5GS stack-based buffer overflow.
- podcast
- binary-podcast
89 - SharePoint RCE & an Apache Path Traversal

12 October 2021

A simple to exploit path traversal in Apache...in 2021, a one-time-password defeat by having it be send to the attacker and victim, and more JWT issues.
- podcast
- bounty-podcast
88 - Chrome Exploits and a Firefox Update Bug

06 October 2021

This week we start off with a nice introduction to signedness issues before diving into a couple Chrome bugs (type confusion and use-after-free)
- podcast
- binary-podcast
87 - Gatekeeper Bypass, Opera RCE, and Prototype Pollution

05 October 2021

A few interesting issues this week, ranging from a macOS Gatekeeper bypass, some oauth flow issues in Facebook, and even an RCE through the password field.
- podcast
- bounty-podcast
86 - Kernel UAFs and a Parallels VM Escape

29 September 2021

This week we we've got a couple Linux kernel Use-After-Frees and a Parallels guest to host escape.
- podcast
- binary-podcast
85 - iOS 0days, Apache Dubbo RCEs, and NPM bugs

28 September 2021

Some of Apple's XPC services are leaking information, Finder has an RCE, and some CodeQL use to find many RCEs in Apache Dubbo.
- podcast
- bounty-podcast
84 - A Curl UAF, iPhone FORCEDENTRY, and a Crazy HP OMEN Driver

22 September 2021

We start off the week with a crazy driver that exposes some powerful primitives, a use-after-free in curl, we speculate a bit about exploiting a 2-byte information disclosure, and talk about FORCEDENTRY.
- podcast
- binary-podcast
83 - A Flickr CSRF, GitLab, & OMIGOD, Azure again?

21 September 2021

Some high impact vulnerabilities this week, CSRF in account deletion, remote code execution as root, and an apache "0day" that discloses PHP source.
- podcast
- bounty-podcast
82 - NETGEAR smart switches, SpookJS, & Parallels Desktop

15 September 2021

This week we've got an awesome chain of attacks in NETGEAR smart switches, a speculative type confusion (Spook.js) and an integer overflow leading to HTTP Request Smuggling
- podcast
- binary-podcast
81 - Reused VMWare exploits & Escaping Azure Container Instances

14 September 2021

Some drama with the VMWare bounty program, and then a few straight forward vulnerabilities and a really cool Azure Container Instances escape and takeover.
- podcast
- bounty-podcast
80 - Escaping the Bhyve, WhatsApp & BrakTooth

08 September 2021

A tricky to exploit WhatsApp vulnerability, but still an interesting bug, several Bhyve vulnerabilities, and a named bluetooth vuln (Braktooth)
- podcast
- binary-podcast