103 - GitLab Prototype Pollution and Some Authentication Bypasses
Short but sweet episode this week, prototype pollution, crypto issues, SSRF and some weird authentication.
102 - Hacking Neural Nets, a Chrome WebRTC UAF and Pwning Windows
Some mroe kernel bugs this week as we look at bugs in Samsung's NPU driver (Android), Linux, and the WIndows Kernel.
101 - Big Bounties by Exploiting WebKit's CSP & Concrete CMS Bugs
What happens when a vendor refused to fix your bug? Well you can go claim a bunch of bounties with it. We also talk about some novel request smuggling research on this episode.
100 - DDR4 Rowhammer, Azure Bugs, "Essential 0days", and Backdoored IDA
North Korea is at it again targeting researchers, 0day hoarding, breaching secure hardware, and fuzzing on this weeks episode.
99 - Rust in the Web? A Special Guest and some Bad Crypto
We are joined by Bastian Gruber to start the episode with a discussion about Rust. Then we'll dive into a few interesting vulnerabilities this week including yet another ECDSA implementation issue and some header smuggling research.
98 - A too trusty TrustZone and a few Linux Kernel bugs
Some interesting vulnerability envrionments this week, some Trusted App issues, a couple Linux Kernel vulns, and a look at memory safety issues in unsafe Rust.
97 - A MacOS SIP Bypass & an XSS Fiesta
A discussion heavy episode this week, starting off with the "new" Trojan Source attackers, and then talking about a handful of interesting vulnerabilities.
96 - Type Confusion in Android NFC, PHP-FPM Local Privilege Escalation, and CallbackHell
This week we dive into PHP-FPM internals to look at escelating from a worker process to the root process, anotehr GDI bug, and a type confusion.
95 - Discourse SNS RCE, a Stored XSS in GitLab, and a Reddit Race Condition
A couple unique vulns this week involving getting extra coins on Reddit, and bypassing certificate checking for a Discourse RCE.
94 - A Kernel Race, SuDump, and a Chrome Garbage Collector Bug
We start off this week with a look at in-the-wild 0days from the past seven years, before diving into some pretty awesome bugs this week including a OOB access in Squirrel (programming language), a couple Linux kernel issues and a Chrome garbage collector bug.