Zoom vuln worth $500k? Probably not... What is worth $500k? Binary Ninja's new decompiler...okay probably not but it is exciting.We've also got some stupid issues and some interesting LPEs this episode.
Podcast Episodes (Page 5)
Starting off the week with a discussion about the disappointing IDA Home, before moving into a few easy command injections, code-reuse attacks applied to XSS, detecting trojaned hardware and ending with a subtle crypto-bug.
First, we talk about Facebook trying to buy some spyware, and then we feast upon a number of Zoom "vulns." Follow that up wtih some interesting vulnerabilities including a hyper-visor Guest-to-host escape, a complicated Safari permissions bypass, and a Gitlab Parser Differential.
Is there a shortcut to RCE? Well, on Windows .LNK files could be just that. We also talk about a few others vulnerabilities impacting Windows, Pi-Hole and Netflix. And end by looking at Window's new hardware enforced Shadow Stack and a proof-of-concept for fine-grained kASLR on Linux.
More discussion about election hacking with Voatz undergoing a more complete security assessment, we also discuss a few interesting web attacks and end with a good discussion about a new code-reuse mitigation: Hurdle.
Start off by looking at a few Google Cloud attacks, a couple named vulns (LVI: Load Value Injection, and TRRespass) and then into some web-focused exploits including how to hack a CTF.
A New AMD sidechannel, and an old Intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY.
One-Two-Three Named Vulns (kr00k, Forgot2kEyXCHANGE, GhostCat) and more OpenSMTPD and Samsung Vulnerabilities
Join Specter and zi at they discuss several named vulns (kr00k, Forgot2kEyXCHANGE, GhostCat), the benefits of DNS-over-HTTPS, and a a few vulns in some of our regular targets: Samsung drivers, NordVPN, OpenSMTPd.
Keeping up our streak, we talk about some vulnerabilities in Cisco, NordVPN and Tesla, and about SlickWraps being hacked by a very dark, white-hat.
Is the new OSCP worth-it? Can election apps be made secure? We'll talk about those questions and several kernel exploits and a few cool fuzzing innovations.