17 March 2025 Show Notes 00:00:25 The ESP32 "backdoor" that wasn't Additional Links: https://developer.espressif.com/blog/2025/03/esp32-bluetooth-clearing-the-air/ https://dayzerosec.com/blog/2023/04/17/reversing-the-amd-secure-processor-psp.html 00:14:26 Speedrunners are vulnerability researchers 00:27:58 Sign in as anyone: Bypassing SAML SSO authentication with parser differentials Additional Links: https://github.blog/wp-content/uploads/2025/03/rubysaml-parser-diff-simplified8_2.png?w=1536 00:38:47 Impossible XXE in PHP Additional Links: https://www.php.net/manual/en/libxml.constants.php#constant.libxml-dtdload https://www.synacktiv.com/en/publications/php-filter-chains-file-read-from-error-based-oracle https://blog.lexfo.fr/lightyear-file-dump.html https://blog.lexfo.fr/wrapwrap-php-filters-suffix.html 00:52:41 Reviving the modprobe_path Technique: Overcoming search_binary_handler() Patch Additional Links: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa1bdca98d74472dcdb79cb948b54f63b5886c04 https://elixir.bootlin.com/linux/v6.13.6/A/ident/request_module https://pwning.tech/nftables/#514-overwriting-modprobepath 01:04:15 Trigon: developing a deterministic kernel exploit for iOS 01:06:43 An inside look at NSA (Equation Group) TTPs from China’s lense
