Episode 35 - A shortcut (.lnk) to RCE, Pi-Hole, Shadow Stacks, and fine-grained kASLR
Is there a shortcut to RCE? Well, on Windows .LNK files could be just that. We also talk about a few others vulnerabilities impacting Windows, Pi-Hole and Netflix. And end by looking at Window's new hardware enforced Shadow Stack and a proof-of-concept for fine-grained kASLR on Linux.
- [00:01:26] The Netflix account compromise Bugcrowd doesn't want you to know about
- [00:16:29] Where is my Train : Tracking to Hacking
- [00:23:07] Intel SGX removed from Rocket Skylake-S CPUs
- [00:28:25] Type 1 Font Parsing Remote Code Execution Vulnerability
- [00:33:49] Configuration Overwrite in IBM Cognos TM1 [CVE-2019-4716]
- [00:42:27] Remote Code Execution Through .LNK Files [CVE-2020-0729]
- [00:53:23] Pi-hole Remote Code Execution [CVE-2020-8816]
- [01:03:22] NordVPN - Unauthorized User Can Delete Any User Account
- [01:09:41] Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
- [01:20:36] Understanding Hardware-enforced Stack Protection
- [01:32:29] [RFC PATCH 00/11] Finer grained kernel address space randomization - Kristen Carlson Accardi
- [01:42:22] Slayer Labs
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)