dayzerosec

178 - Attacking Bhyves and a Kernel UAF

11 January 2023

Just a few issues this week, but some solid exploitation. A Kernel UAF, IoT, and a bhyve escape.
- podcast
- binary-podcast
177 - Web Hackers vs. Cars and a Facebook Account Takeover

10 January 2023

First episode of the new year, and we've got some cool stuff. Several authentication issues and "class pollution" in Python.
- podcast
- bounty-podcast
176 - JS Type Confusions and Bringing Back Stack Attacks

14 December 2022

In this episode, we discuss the discovery of a type confusion in Internet Explorer's JScript. We also explore a fun exploit strategy for a low-level memory management bug in the Linux kernel and delve into several issues in Huawei's Secure Monitor that enable code execution in the secure world.
- podcast
- binary-podcast
175 - Pwn2Own Bugs and WAF Bypasses

13 December 2022

Is Pwn2Own worth it for bug bounty hunters? A handful of trivial command injections, and some awesome WAF bypasses.
- podcast
- bounty-podcast
174 - A Huawei Hypervisor Vuln and More Memory Safety

07 December 2022

Will AI be your next vuln research assistant? ... Maybe? We also talk about a stack-based overflow in `ping` and a Huawei hypervisor vuln.
- podcast
- binary-podcast
173 - Remotely Controlling Hyundai and a League of Legends XSS

06 December 2022

A variety of issues this week, DOM Clobbering, argument injection, a filesystem race condition, cross-site scripting, and a normalization-based auth bypass.
- podcast
- bounty-podcast
172 - Patch Gaps and Apple Neural Engine Vulns

30 November 2022

The end of kASLR bypasses? Probably just click-bait, but the patch gap is real and we discuss that a bit before getting into a couple AI-based corruptions.
- podcast
- binary-podcast
171 - Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage

29 November 2022

Some RCE chains starting with DNS rebinding, always fun to see, a fairly basic SQL injection, and a JS sandbox escape for RCE in Spotify.
- podcast
- bounty-podcast
170 - Hacking Pixel Bootloaders and Injecting Bugs

23 November 2022

A hardware heavy episode as we talk about two read protection bypasses, Pixel 6 bootloader exploitation and benchmarking fuzzers.
- podcast
- binary-podcast
169 - Racing Grafana, Stealing Mastadon Passwords, and Cross-Site Tracing

22 November 2022

This week has the return of cross-site tracing, HTML injection, a golang specific vulnerable code pattern, and a fun case-sensitivity auth bypass.
- podcast
- bounty-podcast
168 - Exploiting Undefined Behavior and a Chrome UAF

16 November 2022

Is the compiler making exploitation easier, these divergent representations seem to do so. We also look at a chrome UAF and a double stack overflow.
- podcast
- binary-podcast
167 - Bypassing Pixel Lock Screens and Checkmk RCE

15 November 2022

A Pixel Lockscreen bypass and some discussion about dupes in bug bounty, then a long RCE chain, and a look at client-side path traversals.
- podcast
- bounty-podcast
166 - OpenSSL Off-by-One, Java XML Bugs, and an In-the-Wild Samsung Chain

09 November 2022

A lot of discussion about the OpenSSL vulnerability, fuzzing and exploitation. Then into a RCE in XML Signature verification, and a Samsung exploit chain.
- podcast
- binary-podcast
165 - Apache Batik, Static Site Generators, and an Android App Vuln

08 November 2022

Several slightly weird issues this week, a reentrancy attack abusing a read-only function, SSRF and XSS through a statically generated website and others.
- podcast
- bounty-podcast
164 - XNU's kalloc_type, Stranger Strings, and a NetBSD Bug

02 November 2022

Kicking off the week with a look at Apple's new security blog and the kalloc_type introduced into XNU, then a mix of issues including an overflow in SQLite.
- podcast
- binary-podcast