71 - Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat
One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features.
70 - Google exposes an APT campaign, PHP owned, and Several Auth Issues
Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption.
69 - Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!
Time to rewrite Linux in Rust? Probably not, but it has landed in linux-next which we talked about. We also look at a couple interesting GitHub vulns, and talk about fuzzing.
68 - Hacking Cameras, Stealing Logins, and Breaking Git
RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible.
67 - Buggy Browsers, Heap Grooming, and Broken RSA
This week we get to take a look into some basic heap grooming techniques as we examine multiple heap overflows. We also briefly discuss the hand-on (by the DoD and Synack) assessment of the "unhackable" morpheus chip, and briefly discuss the new-ish paper claiming to defeat RSA.
66 - BlackHat USA, Pre-Auth RCEs, and JSON Smuggling
This week we talk a bit about newly released Black Hat 2020 and NDSS 2021 presentation videos, before jumping into several pre-auth RCEs, and some interesting exploitation research to bring a PAC enforced Shadow Stack to ARM and an examination of JSON parser interoperability issues.
65 - PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking
A couple privacy violations, PDF exploits, and a complicated API being misused by developers.
64 - Industrial Control Fails and a Package disguised in your own supply
"Beg Bounty" hunters, dependency confusion, iOS kernel vuln, and how not to respond to security research.
63 - MediaTek BootROM Broken, Free Coffee, and an iOS Kernel Exploit
A lot of discussion this week about OSS security and security processes, an iOS kernel type confusion and MediaTek Bootloader bypass impacting everything since atleast 2014.
62 - OSED, North Korean hackers, NAT Slipstream 2.0, and PGP (in)security
Starting with a long discussion about the North Korean hackers targeting security reseachers, and some thoughts (rants) about the newly released Windows exploit dev course from Offensive Security before getting into some real exploits including NAT Slipstreaming 2.0 and a new Sudo vuln.