Show Notes

48 - Breaking into HashiCorp Vault, Apple and Google

00:00:49
Fuzzing internships for Open Source Software
00:03:15
CET Updates – CET on Xanax
00:09:07
Binary Ninja - Open Source Architectures
00:14:03
Memory Safe 'curl' for a More Secure Internet
Additional Links: https://daniel.haxx.se/blog/2020/10/09/rust-in-curl-with-hyper/
00:17:25
We Hacked Apple for 3 Months: Here’s What We Found
00:25:46
Race condition while removing the love react in community files
00:30:11
Enter the Vault: Authentication Issues in HashiCorp Vault
00:46:39
Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure
00:51:11
Password Reset Link Leaked In Refer Header
00:57:37
The mass CSRFing of *.google.com/* products.
01:06:02
A brief encounter with Leostream Connect Broker
01:15:47
Bypassing DOMPurify again with mutation XSS
Additional Links: https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ https://github.com/marcinguy/jquery-xss-in-html
01:22:10
Apache Struts OGNL Remote Code Execution [CVE-2019-0230]
01:28:11
UNIFUZZ: A Holistic, Pragmatic Metrics-Driven Platform for Evaluating Fuzzers
Additional Links: https://github.com/unifuzz/unibench https://github.com/unifuzz
01:47:15
House of Muney - Leakless Heap Exploitation Technique
Additional Links: https://github.com/mdulin2/house-of-muney