Podcast Episodes (Page 8)

• 171 - Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage

  29 November 2022

  Some RCE chains starting with DNS rebinding, always fun to see, a fairly basic SQL injection, and a JS sandbox escape for RCE in Spotify.

• 170 - Hacking Pixel Bootloaders and Injecting Bugs

  23 November 2022

  A hardware heavy episode as we talk about two read protection bypasses, Pixel 6 bootloader exploitation and benchmarking fuzzers.

• 169 - Racing Grafana, Stealing Mastadon Passwords, and Cross-Site Tracing

  22 November 2022

  This week has the return of cross-site tracing, HTML injection, a golang specific vulnerable code pattern, and a fun case-sensitivity auth bypass.

• 168 - Exploiting Undefined Behavior and a Chrome UAF

  16 November 2022

  Is the compiler making exploitation easier, these divergent representations seem to do so. We also look at a chrome UAF and a double stack overflow.

• 167 - Bypassing Pixel Lock Screens and Checkmk RCE

  15 November 2022

  A Pixel Lockscreen bypass and some discussion about dupes in bug bounty, then a long RCE chain, and a look at client-side path traversals.

• 166 - OpenSSL Off-by-One, Java XML Bugs, and an In-the-Wild Samsung Chain

  09 November 2022

  A lot of discussion about the OpenSSL vulnerability, fuzzing and exploitation. Then into a RCE in XML Signature verification, and a Samsung exploit chain.

• 165 - Apache Batik, Static Site Generators, and an Android App Vuln

  08 November 2022

  Several slightly weird issues this week, a reentrancy attack abusing a read-only function, SSRF and XSS through a statically generated website and others.

• 164 - XNU's kalloc_type, Stranger Strings, and a NetBSD Bug

  02 November 2022

  Kicking off the week with a look at Apple's new security blog and the kalloc_type introduced into XNU, then a mix of issues including an overflow in SQLite.

• 163 - A Galaxy Store Bug, Facebook CSRF, and Google IDOR

  01 November 2022

  Several simple bugs with significant impacts, XSS to being able to install apps, CSRFing via a Captcha, and a Google IDOR.

• 162 - Edge Vulns, a SHA-3 Overflow, and an io_uring Exploit

  26 October 2022

  A few issues this week, including an overflow in SHA-3, yet another io_uring bug, and multiple (questionably exploitable) corruptions in Edge.

• 161 - XMPP Stanza Smuggling in Jabber and a Cobalt Strike RCE

  25 October 2022

  Several fun issues this week, from a Cobalt Strike RCE, a couple auth bypasses, and stanza smuggling in Jabber.

• 160 - Some Browser Exploitation and a Format String Bug?

  19 October 2022

  We've got a few interesting vulns, a blind format string attack, Windows kernel int overflow, and a browser exploit (unchecked bounds after lowering).

• 159 - GitHub to GitLab RCE and a new PHP Supply Chain Attack

  18 October 2022

  This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text)

• 158 - i.MX Secure Boot Bypass and a Hancom Office Underflow

  12 October 2022

  Just a couple issues this week and a discussion about why you should look at old vulnerabilities and the pace exploit development advanced at.

• 157 - Got UNIX Sockets and Some Filter Bypasses?

  11 October 2022

  No actual bounties this week, but we start off with a discussion on semgrep vs codeql, then get into some cool issues that you can start testing for.