Reversing the AMD Secure Processor (PSP) - Part 2: Cryptographic Co-Processor (CCP)

Part one: This is a follow-up part 2 to my previous post on the AMD Secure Processor (formerly known as the Platform Security Processor or "PSP"). In that post, I mentioned that the Cryptographic Co-Processor (CCP) is an essential component of how the PSP functions. It's primarily responsible for hardware-accelerated cryptography, but it's also used as a Direct Memory Access (DMA) copy engine for doing mass copy

Reversing the AMD Secure Processor (PSP) - Part 1: Design and Overview

AMD's Secure Processor (formerly known as Platform Security Processor or "PSP") is a very interesting piece of technology that is critical to the operation of all modern-day AMD CPUs. There's also very little public information about it and because of that, it's commonly misunderstood and fantasized about. Not only is it at the top of the chain of trust, but it's also responsible for initializing the CPU and facilitating attestation (TPM), hardware-accelerated crypto, and Secure Encrypted Virtua

203 - Pentaho Pre-Auth RCE and Theft by CAN Injection

Some fun issues this week as we explore code execution in Synthetics Recorder stemming from a comment in the code. An auth bypass in Pentaho leading to RCE via SSTI, car theft via CAN bus message injection, and how to become a cluster admin from a compromised pod in AWK Elastic Kubernetes Service.

201 - Bamboozling Bing and a Curl Gotcha

Some audio issues this week, sorry for the ShareX sound. But we have a few interesting issues. A curl quirk that it might be useful to be aware of, Azure Pipelines vulnerability abusing attacker controlled logging. A look at a pretty classic Android/mobile bug, and a crazy auth misconfiguration (BingBang).

200 Episodes of Dayzerosec

A look back at some statistics from our first 200 episodes of the dayzerosec podcast.

199 - Bypassing CloudTrail and Tricking GPTs

We are back with more discussion about applying AI/ChatGPT to security research, but before that we have a few interesting vulnerabilities. An OTP implementation that is too complex for its own good, a directory traversal leading to a guest to host VM escape, and server-side mime-sniffing.

198 - TOCTOUs in Intel SMM and Shannon Baseband Bugs

We've got a pretty nice root/super-use check bypass in XNU this week, and a sort of double fetch issue in Intel's SMM leading to a potential privilege escalation into the Management system. We've also got a few meme-able Shannon Baseband issues and some tough to exploit out of bound reads in MIT Kerberos V5.