23 March 2021 Show Notes 69 - Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?! 00:00:28 Rust in the Linux Kernel Additional Links: https://www.youtube.com/watch?v=FFjV9f_Ub9o&t=2066s https://lkml.org/lkml/2020/7/9/952 https://lkml.org/lkml/2020/7/10/1261 00:13:40 Two Undocumented Instructions to Update Microcode Discovered 00:19:06 DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS 00:26:46 Abusing VoIPmonitor for Remote Code Execution 00:32:18 Stealing arbitrary GitHub Actions secrets 00:40:29 How we found and fixed a rare race condition in our session handling 00:49:05 GitLab - Ability To Delete User(s) Account Without User Interaction 00:52:49 New Old Bugs in the Linux Kernel Additional Links: https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.03.12-linux-iscsi 01:00:33 Fuzzing: FastStone Image Viewer [CVE-2021-26236] 01:06:53 A Replay-Style Deserialization Attack Against SharePoint [CVE-2021-27076] 01:12:38 One day short of a full chain: Part 2 - Chrome sandbox escape 01:18:58 Code execution in Wireshark via non-http(s) schemes in URL fields 01:21:59 Attacking and Defending OAuth 2.0 (Part 2 of 2: Attacking OAuth 2.0 Authorization Servers) 01:30:37 Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace 01:42:00 Pulling Bits From ROM Silicon Die Images: Unknown Architecture 01:42:28 0dayfans.com Additional Links: https://github.com/dayzerosec/feedgen https://shop.spreadshirt.com/dayzerosec/