15 September 2020 Show Notes 44 - Raccoons, Incomplete fixes and Kernel Exploits 00:02:30 CCC going remote this year due to pandemic 00:09:44 NVIDIA to Acquire Arm for $40 Billion 00:20:36 OSCE being retired Additional Links: https://ringzer0.training/ 00:34:21 Giggle; laughable security 00:44:51 Raccoon Attack Additional Links: https://portswigger.net/daily-swig/researchers-exploit-http-2-wpa3-protocols-to-stage-highly-efficient-timeless-timing-attacks 00:53:34 Executing arbitrary code on NVIDIA GeForce NOW VMs 01:02:07 Cache poisoning via X-Forwarded-Host 01:08:56 Team object in GraphQL disclosed private_comment 01:14:08 Bypass: 10000$ bounty in Google Maps 01:28:33 Microsoft Sharepoint and Exchange Server Vulnerabilities Additional Links: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1440 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1523 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16875 01:37:18 Jonas Lyk MS drama and vulnerability reports 01:45:35 Short story of 1 Linux Kernel Use-After-Free and 2 CVEs 01:53:25 FreeBSD Kernel Privilege Escalation [CVE-2020-7460] 02:02:47 WSL 2.0 dxgkrnl Driver Memory Corruption 02:10:46 Project Zero: Attacking the Qualcomm Adreno GPU 02:16:03 GoogleCTF 2020 Challenge Source + Exploits Release 02:20:08 IDA Pro Tips to Add to Your Bag of Tricks 02:20:48 Reverse Engineering: Marvel's Avengers - Developing a Server Emulator