02 March 2021 Show Notes 66 - BlackHat USA, Pre-Auth RCEs, and JSON Smuggling 00:00:41 Microsoft open sources CodeQL queries used to hunt for Solorigate activity Additional Links: https://github.com/github/codeql/pull/5083/commits/5e1e27c2b6b3429623b66531d4fe0b090e70638a 00:04:16 Black Hat USA 2020 Additional Links: https://www.youtube.com/c/NDSSSymposium/search?query=NDSS+2021 00:13:56 Cookie poisoning leads to DOS and Privacy Violation 00:16:37 Unauthorized RCE in VMware vCenter 00:20:01 A Fifteen-Year-Old RCE Bug Returns in ISC BIND Server [CVE-2020-8625] 00:25:42 Arbitrary File Write on packagecontrol.io (Sublime Text) 00:30:31 [Uber] PreAuth RCE on Palo Alto GlobalProtect Additional Links: http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html 00:35:26 The little bug that couldn't: Securing OpenSSL 00:41:49 PACStack: an Authenticated Call Stack 00:56:29 An Exploration of JSON Interoperability Vulnerabilities 01:03:59 Top 10 web hacking techniques of 2020 01:05:50 OST 2.0 Beta Spots Open