25 February 2020 Show Notes 00:02:40 Humble Book Bundle: Cybersecurity 2020 by Wiley 00:11:39 Google Summer of Code 2020 Additional Links: https://radare.org/gsoc/2020/ 00:23:09 Critical Issue In ThemeGrill Demo Importer 00:28:56 Cisco Security Advisory: Cisco Smart Software Manager On-Prem Static Default Credential Vulnerability 00:32:27 nordvpn Linux Desktop executable application does not use pie / no ASLR 00:41:05 Race condition (TOCTOU) in NordVPN can result in local privilege escalation 00:49:25 Periscope android app deeplink leads to CSRF in follow action 00:54:09 I hacked SlickWraps. This is how. - Lynx0x00 - Medium Additional Links: https://files.catbox.moe/fxn9r2.pdf 01:10:31 Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles 01:18:39 Edge CVE-2020-0767 RCE POC 01:22:10 GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath 01:28:45 CopyCat: Controlled Instruction-Level Attacks on Enclaves for Maximal Key Extraction 01:37:39 MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing 01:49:44 pwn.college BETA 01:53:25 Microcontroller Readback Protection: Bypasses and Defenses 01:54:08 Libxml2 Tutorial | AFLplusplus 01:56:14 Booting iOS on QEMU Research Slides Additional Links: https://github.com/alephsecurity/confs/blob/master/OFFENSIVE20/offensive-20-ios-qemu.pdf https://github.com/alephsecurity/xnu-qemu-arm64