06 October 2020 Show Notes 00:00:43 Google: Android Partner Vulnerability Initiative Additional Links: https://bugs.chromium.org/p/apvi/issues/list?q=&can=1 00:02:55 Project Zero: Announcing the Fuzzilli Research Grant Program 00:08:40 GitHub: Code scanning is now available 00:16:39 Hunting for exploits by looking for the author's fingerprints 00:22:26 Forcing Firefox to Execute XSS Payloads during 302 Redirects 00:27:10 Exploiting fine-grained AWS IAM permissions for total cloud compromise Additional Links: https://medium.com/bugbountywriteup/aws-iam-explained-for-red-and-blue-teams-2dda8b20fbf7 00:38:04 BLURtooth (the BLUR attacks) 00:44:25 Arbitrary code execution on Facebook for Android 00:51:44 [stripo] Public and secret api key leaked in JavaScript source 01:00:14 [GitLab] Unvalidated Oauth email results in accounts takeovers on 3rd parties 01:06:03 Hacking Grindr Accounts with Copy and Paste 01:16:37 Exploiting Other Remote Protocols in IBM WebSphere Additional Links: https://portswigger.net/web-security/deserialization/exploiting 01:25:57 The Anatomy of a Bug Door: Dissecting Two D-Link Router Authentication Bypasses 01:38:36 Hacking Punkbuster. 01:43:26 Race Condition in handling of PID by apport [CVE-2020-15702] 01:57:24 Hardware Hacking Experiments 01:59:11 How I automated McDonalds mobile game to win free iPhones 01:59:42 Voyager - A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel) 02:00:28 zznop/sploit: Go package that aids in binary analysis and exploitation