07 January 2020 Show Notes 23 - First Edge bounty, Hacking Tesla, Cisco advisories, and Shadow Clones 00:00:40 CCC 00:14:58 Sunsetting Python 2 | Python.org Additional Links: https://www.python.org/blogs/ 00:19:11 Kali 2020.1 - Default Non-Root User Additional Links: https://www.kali.org/news/kali-default-non-root-user/ https://www.offensive-security.com/ 00:35:53 Caterpillar padlocks all use the same key 00:42:51 Shitcoin Wallet is a scam, says security researcher 00:47:13 Microsoft Edge (Chromium) - Elevation of Privilege to Potential Remote Code Execution 00:56:57 Exploiting Wi-Fi Stack on Tesla Model S | Keen Security Lab Blog 01:08:52 Spiderman 2000 - Buffer overflow in file loading routine 01:14:31 Alert Alarm SMS exploit 01:27:33 D-Link DIR-859 - Unauthenticated RCE (CVE-2019-17621) 01:33:20 Cisco Security Advisory: Cisco Data Center Network Manager Authentication Bypass Vulnerabilities Additional Links: https://tools.cisco.com/security/center/publicationListing.x https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav 01:45:03 Starbuck's JumpCloud API Key leaked via Open Github Repository Additional Links: https://www.androidpolice.com/2020/01/06/uh-oh-xiaomi-camera-feed-showing-random-homes-on-a-google-nest-hub-including-still-images-of-sleeping-people/ 01:56:39 JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms 02:02:28 Shadowclone: Thwarting and Detecting DOP Attacks with Stack Layout Randomization and Canary 02:15:21 Breaking PHP's mt_rand() with 2 values and no bruteforce