05 November 2019 Show Notes 16 - A Bit of everything: 0days, Breaches, Lawsuits, Attacking AI, and some insecure 00:05:02 Apple v. Corellium 00:12:00 Firefox to Discontinue Sideloaded Extensions 00:16:05 Delegated Credentials for TLS 00:23:00 North Korean Malware Found on Indian Nuclear Plant's Network 00:28:02 The Pirate Bay Downtime Caused by Malicious Search Queries 00:29:03 Web.com Breach (allegedly includes NetworkSolutions.com and Register.com) 00:32:02 BlueKeep attacks are happening, but it's not a worm Additional Links: https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ 00:36:01 Untitled Goose Game - Insecure Deserialization 00:39:05 Two Chrome 0Days get Patched 00:42:04 NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114] 00:45:04 Abusing HTTP Hop-by-hop Request Headers 00:50:05 Let's Make Windows Defender Angry: Antivirus Can be an Oracle! -icchy Additional Links: https://en.wikipedia.org/wiki/EICAR_test_file 00:56:05 rConfig v3.9.2 authenticated and unauthenticated RCE (CVE-2019-16663) and (CVE-2019-16662) 01:02:02 Making an Invisibility Cloak: Real World Adversarial Attacks on Object Detectors 01:07:02 Silhouette: Efficient Intra-Address Space Isolation for Protected Shadow Stacks on Embedded Systems 01:19:04 unfork(2) 01:23:05 Destroying x86_64 instruction decoders with differential fuzzing Additional Links: https://github.com/zyantific/zydis