113 - Bypassing Box MFA & Bad AES Key Generation
A new security-related humble bundle, MFA bypass in Box, and a a few older style vulnerabilities: lfi2rce, allow-list bypass with an @ sign, and insecure random number seeds.
112 - Pwning Camera and Overflowing your Integers
Short episode this week, stack smashing, integer overflowing and a more logical issue. Ending off with a discussion about what to do when you're stuck on CTFs.
111 - Bad Code and Bad URLs
This week is a shorter episode looking at some bad code in mermaid.js and Moodle's Shibboleth plugin, and a bit of research regarding URL parsing issues.
110 - Rooting Ubuntu By Accident and Samsung Kernel Bugs
We are back for the first 2022 binary episode, and its all kernel. Obtaining root through an hours long exploit process on Ubuntu thanks to an invalid free, use-after-free in XNU due to bad locking, and some terrible code in Samsung S20 DSP kernel driver with multiple integer overflows.
109 - RocketChat RCE, Flickr, and a Critical Smart Contract Bug
More cases of developers make insecure assumptions and getting owned because of it. This week we've got a Flickr account takeover, escalating restricted SSRF into something more useful, and XSS to RCE in Rocket.Chat.
108 - An Android Kernel Bug & a Chrome+Edge Exploit
Hex-rays/Adobe cross-over as they move to a subscription model and we are not too happy about it, we also discuss a few interesting bugs this week from an odd optimization and a signedness bug in Chrome, to some mishandled null-bytes in runc, and a subtle object-state confusion in the Linux kernel
107 - Log4j RCE coming to a service near you and uBlock CSS Injection
Log4Shell RCE spawns a lot of discussion this episode, but we also look at a W10 RCE, Google SSRF and some CSS injection in uBlock.
106 - MediaTek, Yet Another Chrome Bug, and BigSig
A few easy issues this week, but some discussion about fuzzing campaigns and measurements and bypassing modern mitigations.
105 - Bypassing MFA, WebCache Poisoning, and AWS SageMaker
Some readily understood vulnerabilities, but with some interesting impacts, from escalating self-XSS to cross-account CSRF, data exfiltration with CSS, web-cache poisoning and MFA bypassing.
104 - KVM Bugs and an iOS IOMFB Kernel Exploit
Starting off this week with the new humble bundle and some discussion about hacking books. Then onto the vulns, some OOB access, uninitalized memory, and iOS exploit strategy.