13 October 2020 Show Notes 00:00:49 Fuzzing internships for Open Source Software 00:03:15 CET Updates – CET on Xanax 00:09:07 Binary Ninja - Open Source Architectures 00:14:03 Memory Safe 'curl' for a More Secure Internet Additional Links: https://daniel.haxx.se/blog/2020/10/09/rust-in-curl-with-hyper/ 00:17:25 We Hacked Apple for 3 Months: Here’s What We Found 00:25:46 Race condition while removing the love react in community files 00:30:11 Enter the Vault: Authentication Issues in HashiCorp Vault 00:46:39 Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure 00:51:11 Password Reset Link Leaked In Refer Header 00:57:37 The mass CSRFing of *.google.com/* products. 01:06:02 A brief encounter with Leostream Connect Broker 01:15:47 Bypassing DOMPurify again with mutation XSS Additional Links: https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ https://github.com/marcinguy/jquery-xss-in-html 01:22:10 Apache Struts OGNL Remote Code Execution [CVE-2019-0230] 01:28:11 UNIFUZZ: A Holistic, Pragmatic Metrics-Driven Platform for Evaluating Fuzzers Additional Links: https://github.com/unifuzz/unibench https://github.com/unifuzz 01:47:15 House of Muney - Leakless Heap Exploitation Technique Additional Links: https://github.com/mdulin2/house-of-muney