Over the last year or so, I've been working with the OpenOrbis team to develop a toolchain for building homebrew for the PS4, and one of the challenges we faced was porting a proper libc to the console. This article dives into some of the interesting lessons learned while porting MUSL to the PS4.
Are iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0].
It was a busy week, Microsofts Github account was hacked, Centurylink Routers have no security, and multiple interactionless RCEs in Samsung phones.
Authentication bypasses, SQL injection, command injection, and more in this web-exploit heavy episode.
Since we forgot to cover it when it came out, we look at Relyze's new decompiler that is available on the free version. There is also some sandbox escaping, some crypto issues (AMD's SME/SEV) and even some IBM 0days.
Zoom vuln worth $500k? Probably not... What is worth $500k? Binary Ninja's new decompiler...okay probably not but it is exciting.We've also got some stupid issues and some interesting LPEs this episode.
Starting off the week with a discussion about the disappointing IDA Home, before moving into a few easy command injections, code-reuse attacks applied to XSS, detecting trojaned hardware and ending with a subtle crypto-bug.
First, we talk about Facebook trying to buy some spyware, and then we feast upon a number of Zoom "vulns." Follow that up wtih some interesting vulnerabilities including a hyper-visor Guest-to-host escape, a complicated Safari permissions bypass, and a Gitlab Parser Differential.
Is there a shortcut to RCE? Well, on Windows .LNK files could be just that. We also talk about a few others vulnerabilities impacting Windows, Pi-Hole and Netflix. And end by looking at Window's new hardware enforced Shadow Stack and a proof-of-concept for fine-grained kASLR on Linux.
More discussion about election hacking with Voatz undergoing a more complete security assessment, we also discuss a few interesting web attacks and end with a good discussion about a new code-reuse mitigation: Hurdle.