From CTFs to Real-Vulnerabilities (Part 2)
From having the foundations of exploit dev you might be wondering how to progress? Well, we argue that you should take some time to learn the basics of vulnerability research.
From CTFs to The Real-World: Overview (Part 1)
So you've played some CTFs and got a handle on this exploit dev stuff. This is the start of a three-part series about making the jump into real-world exploitation.
77 - Cross-browser tracking, frag attacks, & malicious rust macros
A shorter episode, but some really cool vulns none-the-less, from mitigation bypassing on D-Link routers, to a new set of WiFi protocol design flaws.
76 - Fake Vulns, More Valve, and an AWS Cognito issue
Kicking off the week with some awesome vulns, an "almost" padding oracle in Azure Functions, a race-condition in AWS Cognito, some sound engine bugs, and a Foxit Reader Use-after-free.
75 - Defcon Quals, Dead μops, BadAllocs, Wordpress XXE
Big episode this week, with a lot of discussion about CTFs, kernel drama, and Github's exploit policy. Then some really interesting exploit strategies on Tesla and Netgear, along with some simple, yet deadly issues in Wordpress and Composer.
74 - Bad Patches, Fuzzing Sockets, & 3DS Hacked by Super Mario
Some drama in the Linux Kernel and so many vulns resulting in code execution in Homebrew, GitLab, an air fryer, Source engine, Super Mario Maker, Adobe Reader and the Linux Kernel.
73 - Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering
Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups.
72 - Pwn2own, Linux Kernel Exploits, and Malicious Mail
MD5 is trending in 2021...a few kernel vulnerabilities, and some drama around pwn2own.
71 - Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat
One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features.
70 - Google exposes an APT campaign, PHP owned, and Several Auth Issues
Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption.