Episode 32 - FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging
A New AMD sidechannel, and an old intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY[0].
- [00:00:29] Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote
- [00:07:00] Announcing Remote Participation in Pwn2Own Vancouver
- [00:11:30] Revoking certain certificates on March 4
- [00:19:48] FuzzBench: Fuzzer Benchmarking as a Service
- [00:29:01] Intel x86 Root of Trust: loss of trust
- [00:39:15] Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors
- [00:49:19] VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing
- [00:55:19] MediaTek rootkit affecting millions of Android devices
- [01:02:04] Zoho ManageEngine RCE
- [01:11:33] RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555)
- [01:14:30] Regex Vulnerabilities - parse-community/parse-server
- [01:19:05] HTTP request smuggling using malformed Transfer-Encoding header
- [01:27:28] [Nextcloud] Delete All Data of Any User
- [01:30:44] Dismantling DST80-based Immobiliser Systems
- [01:38:01] Exploring Backdoor Poisoning Attacks Against Malware Classifiers
- [01:46:07] Code Renewability for Native Software Protection
- [01:55:50] Security Analysis of Memory Tagging
- [02:04:23] DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)