Its our 200th episode, and we've got some stats from our first 200 episodes. Then we talk some Pwn2Own policy changes, a couple memeable overflows, and some new anti-ROP mitigations on OpenBSD.
Podcast Episodes (Page 4)
We are back with more discussion about applying AI/ChatGPT to security research, but before that we have a few interesting vulnerabilities. An OTP implementation that is too complex for its own good, a directory traversal leading to a guest to host VM escape, and server-side mime-sniffing.
We've got a pretty nice root/super-use check bypass in XNU this week, and a sort of double fetch issue in Intel's SMM leading to a potential privilege escalation into the Management system. We've also got a few meme-able Shannon Baseband issues and some tough to exploit out of bound reads in MIT Kerberos V5.
Recovering data from a cropped image (thanks to an undocumented API change, bypassing an origin check with an emoji, and a trivial SSRF filter bypass all in this week's bug bounty podcast.
Some simple, but interesting vulnerabilities. A use-after-free because of wrong operation ordering, an interesting type confusion, an integer underflow and some OOB access in TPM 2.0 reference code.
A few varied issues this week, exploiting an apparently unexploitable CRLF injection, organization secrets exposure in GitHub, and a Jenkins XSS.
Just one vulnerability this week about hacking the Nintendo DSi browser, but we have a good discussion about fuzzing and a new paper "autofz".
This episode covers a lot of ground, from an insecure OAuth flow (Booking.com) to a crazy JSON injection and fail-open login system (DataHub) to hacking Bluetooth smart locks (Megafeis-palm). And even a new ImageMagick trick for a local file read.
Just a couple issues this week, a cache coherency issue because the functions used to flush changes were not implemented on AARCH64. The second was using the "world's worst fuzzer" to find some bugs. Dumb fuzzer, but it worked.
Parameter pollution for an auth bypass, SQL injection in an ORM, CRLF injection for a WAF bypass...this episode has a great mix of issues.