Podcast Episodes (Page 14)

• 80 - Escaping the Bhyve, WhatsApp & BrakTooth

  08 September 2021

  A tricky to exploit WhatsApp vulnerability, but still an interesting bug, several Bhyve vulnerabilities, and a named bluetooth vuln (Braktooth)

• 79 - Takeover a Facebook, SnapChat or JetBrains account

  06 September 2021

  Multiple account takeover vulnerabilities in this episode with three cross-origin communication vulnerabilities in Facebook, an odd OTP endpoint in SnapChat and an open redirect in JetBrains leaking your JWT.

• 78 - NoSQL Injection, Mobile Misconfigurations and a Wormable Windows Bug

  25 May 2021

  Another short episode this week covering graphql attacks, a couple NoSQL injections, a few misconfigurations and a cool attack to reset monotonic counters on a Mifare card.

• 77 - Cross-browser tracking, frag attacks, & malicious rust macros

  18 May 2021

  A shorter episode, but some really cool vulns none-the-less, from mitigation bypassing on D-Link routers, to a new set of WiFi protocol design flaws.

• 76 - Fake Vulns, More Valve, and an AWS Cognito issue

  11 May 2021

  Kicking off the week with some awesome vulns, an "almost" padding oracle in Azure Functions, a race-condition in AWS Cognito, some sound engine bugs, and a Foxit Reader Use-after-free.

• 75 - Defcon Quals, Dead μops, BadAllocs, Wordpress XXE

  04 May 2021

  Big episode this week, with a lot of discussion about CTFs, kernel drama, and Github's exploit policy. Then some really interesting exploit strategies on Tesla and Netgear, along with some simple, yet deadly issues in Wordpress and Composer.

• 74 - Bad Patches, Fuzzing Sockets, & 3DS Hacked by Super Mario

  27 April 2021

  Some drama in the Linux Kernel and so many vulns resulting in code execution in Homebrew, GitLab, an air fryer, Source engine, Super Mario Maker, Adobe Reader and the Linux Kernel.

• 73 - Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering

  20 April 2021

  Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups.

• 72 - Pwn2own, Linux Kernel Exploits, and Malicious Mail

  13 April 2021

  MD5 is trending in 2021...a few kernel vulnerabilities, and some drama around pwn2own.

• 71 - Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat

  06 April 2021

  One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features.

• 70 - Google exposes an APT campaign, PHP owned, and Several Auth Issues

  30 March 2021

  Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption.

• 69 - Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!

  23 March 2021

  Time to rewrite Linux in Rust? Probably not, but it has landed in linux-next which we talked about. We also look at a couple interesting GitHub vulns, and talk about fuzzing.

• 68 - Hacking Cameras, Stealing Logins, and Breaking Git

  16 March 2021

  RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible.

• 67 - Buggy Browsers, Heap Grooming, and Broken RSA

  09 March 2021

  This week we get to take a look into some basic heap grooming techniques as we examine multiple heap overflows. We also briefly discuss the hand-on (by the DoD and Synack) assessment of the "unhackable" morpheus chip, and briefly discuss the new-ish paper claiming to defeat RSA.

• 66 - BlackHat USA, Pre-Auth RCEs, and JSON Smuggling

  02 March 2021

  This week we talk a bit about newly released Black Hat 2020 and NDSS 2021 presentation videos, before jumping into several pre-auth RCEs, and some interesting exploitation research to bring a PAC enforced Shadow Stack to ARM and an examination of JSON parser interoperability issues.