Podcast Episodes (Page 2)

206 - A Ghostscript RCE and a Windows Registry Bug

This week's binary exploitation episode has some pretty solid bugs.A string escaping routine that goes out of bounds, a web-based information disclosure. And a couple kernel issues, one in the Windows registry, a logical bug leading to memory corruption, and an AppleSPU out of bounds access.

205 - SecurePoint UTM, Chfn, and Docker Named Pipe Vulns

For this week's bug bounty podcast We start off with a bit of a unique auth bypass in a firewall admin panel. We've also got a couple desktop-based software bugs, with a Docker Desktop privilege escalation on windows, and a chfn bug. We've also got a couple escalation techniques, one for Azure environments, and another trick for exploiting semi-controlled file-writes.

203 - Pentaho Pre-Auth RCE and Theft by CAN Injection

Some fun issues this week as we explore code execution in Synthetics Recorder stemming from a comment in the code. An auth bypass in Pentaho leading to RCE via SSTI, car theft via CAN bus message injection, and how to become a cluster admin from a compromised pod in AWK Elastic Kubernetes Service.

201 - Bamboozling Bing and a Curl Gotcha

Some audio issues this week, sorry for the ShareX sound. But we have a few interesting issues. A curl quirk that it might be useful to be aware of, Azure Pipelines vulnerability abusing attacker controlled logging. A look at a pretty classic Android/mobile bug, and a crazy auth misconfiguration (BingBang).

199 - Bypassing CloudTrail and Tricking GPTs

We are back with more discussion about applying AI/ChatGPT to security research, but before that we have a few interesting vulnerabilities. An OTP implementation that is too complex for its own good, a directory traversal leading to a guest to host VM escape, and server-side mime-sniffing.

198 - TOCTOUs in Intel SMM and Shannon Baseband Bugs

We've got a pretty nice root/super-use check bypass in XNU this week, and a sort of double fetch issue in Intel's SMM leading to a potential privilege escalation into the Management system. We've also got a few meme-able Shannon Baseband issues and some tough to exploit out of bound reads in MIT Kerberos V5.