Kicking off the week with some awesome vulns, an "almost" padding oracle in Azure Functions, a race-condition in AWS Cognito, some sound engine bugs, and a Foxit Reader Use-after-free.
Podcast Episodes (Page 8)
Big episode this week, with a lot of discussion about CTFs, kernel drama, and Github's exploit policy. Then some really interesting exploit strategies on Tesla and Netgear, along with some simple, yet deadly issues in Wordpress and Composer.
Some drama in the Linux Kernel and so many vulns resulting in code execution in Homebrew, GitLab, an air fryer, Source engine, Super Mario Maker, Adobe Reader and the Linux Kernel.
Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups.
MD5 is trending in 2021...a few kernel vulnerabilities, and some drama around pwn2own.
One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features.
Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption.
Time to rewrite Linux in Rust? Probably not, but it has landed in linux-next which we talked about. We also look at a couple interesting GitHub vulns, and talk about fuzzing.
RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible.
This week we get to take a look into some basic heap grooming techniques as we examine multiple heap overflows. We also briefly discuss the hand-on (by the DoD and Synack) assessment of the "unhackable" morpheus chip, and briefly discuss the new-ish paper claiming to defeat RSA.