17 March 2020 Show Notes 33 - How to Hack a CTF and more (LVI, TRRespass and some web-exploits) 00:00:23 P2O Vancouver now remote-only 00:04:18 Announcing our first GCP VRP Prize winner and updates to 2020 program Additional Links: https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/ 00:18:44 Whisper has exposed all user information 00:28:18 LVI: Hijacking Transient Execution with Load Value Injection 00:39:21 TRRespass: Exploiting the Many Sides ofTarget Row Refresh 00:47:25 The unexpected Google wide domain check bypass 00:56:42 Facebook OAuth Framework Vulnerability 01:06:44 JSON CSRF with method override technique 01:13:28 Breaking the Competition 01:23:34 [Slack] TURN server allows TCP and UDP proxying to internal network 01:26:16 [Slack] HTTP Request Smuggling to steal session cookies 01:30:54 [Slack] DTLS uses a private key that is in the public domain 01:33:03 [htmr] DOM-based XSS 01:42:16 A Compiler Assisted Scheduler for Detecting and Mitigating Cache-Based Side Channel Attacks 01:50:08 Bypassing memory safety mechanisms through speculative control flow hijacks