21 April 2020 Show Notes 38 - Binary Ninja's Decompiler, git credential leak, cross-platform LPEs 00:00:37 Cognizant suffers Maze Ransomware cyber attack 00:14:16 Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 00:27:54 How I Reverse Engineered the LastPass CLI Tool 00:36:07 State of the Ninja: Episode 13 01:02:26 Riot offering up to $100k n Bug Bounty 01:05:39 Research Grants to support Google VRP Bug Hunters during COVID-19 01:09:16 Denial of service to WP-JSON API by cache poisoning 01:11:51 CSRF to RCE bug chain in Prestashop 01:21:24 Unintended disclosure of OTP 01:24:28 JSON Web Token Validation Bypass in Auth0 Authentication API 01:27:14 git: Newline injection in credential helper 01:31:28 How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability 01:36:42 Pwning vCenter with CVE-2020-3952 01:45:27 Oracle Solaris 11.x/10 whodo/w Buffer Overflow 01:51:30 Linux Kernel EoP via Improper eBPF Program Verification [CVE-2020-8835] 01:57:47 Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices Additional Links: https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c4f42c24e02ce82392d8f8fe215570568380c8ab 02:07:28 Ricerca Security: "SMBGhost pre-auth RCE Additional Links: https://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/ 02:14:09 IJON: Exploring Deep State Spaces via Fuzzing 02:23:34 Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction 02:27:53 GitHub - wcventure/FuzzingPaper