21 January 2025 Show Notes 269 - Excavating Exploits and PHP Footguns 00:07:48 Attacking Hypervisors - From KVM to Mobile Security Platforms 00:12:18 Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal Additional Links: https://github.com/Polydet/polyglot-database/ 00:19:41 How an obscure PHP footgun led to RCE in Craft CMS Additional Links: https://www.php.net/manual/en/ini.core.php https://github.com/php/php-src/issues/12344 00:34:44 oss-security - RSYNC: 6 vulnerabilities 00:42:13 The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit 00:59:59 security-research/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/docs/exploit.md Additional Links: https://docs.google.com/document/d/1a9uUAISBzw3ur1aLQqKc5JOQLaJYiOP5pe_B4xCT1KA/edit?tab=t.0 01:10:35 GLibc Heap Exploitation Training