Memory corruption is a difficult problem to solve, but many such as CISA are pushing for moves to memory safe languages. How viable is rewriting compared to mitigating?
Change is in the air for the DAY[0] podcast! In this episode, we go into some behind the scenes info on the history of the podcast, how it's evolved, and what our plans are for the future.
In this week's bounty episode, an attack takes an XSS to RCE on Mailspring, a simple MFA bypass is covered, and a .NET CRLF injection is detailed in its FTP functionality.
In the 250th episode, we have a follow-up discussion to our "Future of Exploit Development" video from 2020. Memory safety and the impacts of modern mitigations on memory corruption are the main focus.
In this week's binary episode, Binary Ninja Free releases along with Binja 4.0, automated infoleak exploit generation for the Linux kernel is explored, and Nintendo sues Yuzu.
This week's episode features a cache deception issue, Joomla inherits a PHP bug, and a DOM clobbering exploit. Also covered is a race condition in Chrome's extension API published by project zero.
In this bounty episode, some straightforward bugs were disclosed in GhostCMS and ClamAV, and Portswigger publishes their top 10 list of web hacking techniques from 2023.