13 April 2021 Show Notes 72 - Pwn2own, Linux Kernel Exploits, and Malicious Mail 00:00:26 Update on git.php.net incident 00:06:38 Pwn2Own 2021 - Results 00:18:53 CSGO exploit allows hackers to steal passwords, and Valve hasn't fixed it 00:26:20 I Built a TV That Plays All of Your Private YouTube Videos 00:33:27 Leak of all accounts mail login md5 pass 00:37:11 What if you could deposit money into your Betting account for free? 00:41:41 Zero click vulnerability in Appleās macOS Mail 00:44:54 Stored XSS on the DuckDuckGo search results page 00:49:13 Breaking GitHub Private Pages for $35k 00:57:03 Royal Flush: Privilege Escalation Vulnerability in Azure Functions 01:01:38 QNAP Pre-Auth CGI_Find_Parameter RCE 01:04:14 Domain Time II Upgrade Attack 01:07:12 Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel 01:15:57 BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution Additional Links: https://a13xp0p0v.github.io/2020/02/15/CVE-2019-18683.html 01:29:07 Exploiting Windows RPC to bypass CFG mitigation Additional Links: https://medium.com/@mxatone/mitigation-bounty-from-read-write-anywhere-to-controllable-calls-ca1b9c7c0130#.9l7ejbkij 01:34:00 security things in Linux v5.9 Additional Links: https://github.com/gcc-mirror/gcc/commit/d10f3e900b0377b4760a090b0f90371bcef01686 https://twitter.com/kees_cook/status/1380271827281276928