14 April 2020 Show Notes 37 - IDA...Go home, Sandboxie source, and some RCEs (TP-Link, Starcraft 1, OhMyZsh) 00:00:53 Episode Transcripts now Available 00:03:01 Microsoft Buys Corp.com to Keep It Safe from Hackers (Over $1.7 Million Deal) 00:05:50 Hack for Good: Easily Donate Bounties to WHO’s COVID-19 Response Fund 00:11:03 RetDec v4.0 is out 00:17:41 IDA Home is coming Additional Links: https://www.sophia.re/Binary-Rockstar/index.html https://nostarch.com/GhidraBook 00:33:52 Sandboxie Open Source Code is available Additional Links: https://github.com/xanasoft/Sandboxie 00:38:09 Exploiting the TP-Link Archer A7 00:46:58 Exploiting the Starcraft 1 EUD Bug 00:51:31 OhMyZsh dotenv Remote Code Execution 00:56:27 Symantec Web Gateway 5.0.2.8 Remote Code Execution 00:59:23 VMware vCenter Server Sensitive Information Disclosure [CVE-2020-3952] 01:01:47 Bypassing modern XSS mitigations with code-reuse attacks 01:07:57 Practical Data Poisoning Attack against Next-Item Recommendation 01:11:48 Hardware Trojan Detection Using Controlled Circuit Aging 01:16:26 A "Final" Security Bug 01:27:13 RCEed version of computer malware / rootkit MyRTUs / Stuxnet. Additional Links: https://github.com/christian-roggia/open-myrtus/blob/master/rootkit/FastIo.c https://xkcd.com/350/