16 March 2021 Show Notes 68 - Hacking Cameras, Stealing Logins, and Breaking Git 00:00:32 Critics fume after Github removes exploit code for Exchange vulnerabilities Additional Links: https://borncity.com/win/2021/03/14/gab-es-beim-exchange-massenhack-ein-leck-bei-microsoft/ 00:09:21 CCTV: Now You See Me, Now You Don't 00:13:47 CSRF to RCE Chain in Zabbix [CVE-2021-27927] 00:19:44 Stealing Froxlor login credentials using dangling markup [CVE-2020-29653] 00:25:29 git: malicious repositories can execute remote code while cloning Additional Links: https://github.com/gitster/git/commit/684dd4c2b414bcf648505e74498a608f28de4592 00:30:49 git: malicious repositories can execute remote code while cloning Additional Links: https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 00:33:37 Dell OpenManage Server Administrator File Read [CVE-2020-5377] 00:38:55 Windows Containers: ContainerUser has Elevated Privileges 00:40:18 Windows Containers: Host Registry Virtual Registry Provider Bypass EoP 00:42:34 F5 Big IP - ASM stack-based buffer overflow in is_hdr_criteria_matches 00:48:59 F5 Big IP - TMM uri_normalize_host infoleak and out-of-bounds write 00:59:37 One day short of a full chain: Part 1 - Android Kernel arbitrary code execution 01:08:07 Exploiting a “Simple” Vulnerability, Part 2 – What If We Made Exploitation Harder? 01:09:11 Playing in the (Windows) Sandbox 01:09:39 Regexploit: DoS-able Regular Expressions