This week we get to take a look into some basic heap grooming techniques as we examine multiple heap overflows. We also briefly discuss the hand-on (by the DoD and Synack) assessment of the "unhackable" morpheus chip, and briefly discuss the new-ish paper claiming to defeat RSA.
This week we talk a bit about newly released Black Hat 2020 and NDSS 2021 presentation videos, before jumping into several pre-auth RCEs, and some interesting exploitation research to bring a PAC enforced Shadow Stack to ARM and an examination of JSON parser interoperability issues.
A lot of discussion this week about OSS security and security processes, an iOS kernel type confusion and MediaTek Bootloader bypass impacting everything since atleast 2014.
Starting with a long discussion about the North Korean hackers targeting security reseachers, and some thoughts (rants) about the newly released Windows exploit dev course from Offensive Security before getting into some real exploits including NAT Slipstreaming 2.0 and a new Sudo vuln.
This post has been updated
https://dayzerosec.com/blog/2024/07/11/getting-started-2024.html
Removing the Open Security Training from my recommendations kinda messed with the flow of these recommendations. So it triggered me to rework all the recommendations with updated resources. I'm leaving this post relatively untouched for anyone who was referencing it but I'd recommend the new one for anyone just getting started.
tl;dr The rest of this goes into detail about what topics matter and why fr
This week is a shorter episode, but still some solid bugs to look at. From a full chain Chrome exploit, to a Kindle chain from remote to root and a eBPF incorrect calculation leading to OOB read/write.
Big news this week as several government agencies and contractors may have been compromised. We also have a number of great writeups this week covering everything from a PS4 webkit exploit, MacOS, and Windows.
Some solid exploit development talk in this episode as we look at an iOS vuln, discuss the exploitability of a cURL buffer overflow and examine a new kernel UAF mitigation.
This week we talk a bit about some Black Friday deals before jumping into another SD-WAN pwn, some jailbreaks, and research into automatic exploit generation.