dayzerosec

163 - A Galaxy Store Bug, Facebook CSRF, and Google IDOR

01 November 2022

Several simple bugs with significant impacts, XSS to being able to install apps, CSRFing via a Captcha, and a Google IDOR.
- podcast
- bounty-podcast
162 - Edge Vulns, a SHA-3 Overflow, and an io_uring Exploit

26 October 2022

A few issues this week, including an overflow in SHA-3, yet another io_uring bug, and multiple (questionably exploitable) corruptions in Edge.
- podcast
- binary-podcast
161 - XMPP Stanza Smuggling in Jabber and a Cobalt Strike RCE

25 October 2022

Several fun issues this week, from a Cobalt Strike RCE, a couple auth bypasses, and stanza smuggling in Jabber.
- podcast
- bounty-podcast
160 - Some Browser Exploitation and a Format String Bug?

19 October 2022

We've got a few interesting vulns, a blind format string attack, Windows kernel int overflow, and a browser exploit (unchecked bounds after lowering).
- podcast
- binary-podcast
159 - GitHub to GitLab RCE and a new PHP Supply Chain Attack

18 October 2022

This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text)
- podcast
- bounty-podcast
158 - i.MX Secure Boot Bypass and a Hancom Office Underflow

12 October 2022

Just a couple issues this week and a discussion about why you should look at old vulnerabilities and the pace exploit development advanced at.
- podcast
- binary-podcast
157 - Got UNIX Sockets and Some Filter Bypasses?

11 October 2022

No actual bounties this week, but we start off with a discussion on semgrep vs codeql, then get into some cool issues that you can start testing for.
- podcast
- bounty-podcast
156 - Pwning Scoreboards, uClibC, and PS5 Exploitation

05 October 2022

Starting off with some discussion about XOM and CFI on the PS5 and how it impacts exploitation. Then into a uClibC issue, and hacking wireless scoreboards.
- podcast
- binary-podcast
155 - Akamai Cache Poisoning and a Chrome Universal XSS

04 October 2022

Had some varied issues this week, a file format allowing JScript for a $20,000 bounty, Akamai Cache Poisoning, Universal XSS in Chrome.
- podcast
- bounty-podcast
154 - SoCs with Holes, Crow HTTP Bugs, and Bypassing Intel CET

28 September 2022

Starting off with meme vulnerabilities in UNISOC BootROMs, and ending with a discussion about bypassing CFI/Intel CET and some fun issues in-between.
- podcast
- binary-podcast
153 - Web3 Universal XSS, Breaking BitBucket, and WAF Bypasses

27 September 2022

Discussion this week around Chrome's Sanitizer API, and bypassing firewalls with webhooks and 0days (ModSecurity bypass), and a pre-auth BitBucket RCE.
- podcast
- bounty-podcast
152 - An iOS Bug, Attacking Titan-M, and MTE Arrives

21 September 2022

This week we've got some summer highlights: the impact of MTE on Android, an iOS vuln and some primitive chaining in a Titan M exploit
- podcast
- binary-podcast
151 - Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling

20 September 2022

We are back at it, covering some write-ups and exploits we found interesting this summer. From browse-powered desyncs, to account take overs
- podcast
- bounty-podcast
150 - Fuchsia OS, Printer Bugs, and Hacking Radare2

01 June 2022

Some silly issues in radare2, some printer hacking, some kernel vulnerabilities, and a look at exploiting Fuchsia OS on this weeks episode. Just as a reminder this will be our last episode until September.
- podcast
- binary-podcast
149 - A Zoom RCE, VMware Auth Bypass, and GitLab Stored XSS

31 May 2022

Last bounty episode before our summer vacation, and we are ending off with some cool issues. XML Stanza smuggling in Zoom for a MitM attack, an odd auth bypass, a Gitlab Stored XSS and gadget based CSP bypass, and an interesting technique to leverage a path traversal/desync against NGINX Plus
- podcast
- bounty-podcast