Episode 35 - A shortcut (.lnk) to RCE, Pi-Hole, Shadow Stacks, and fine-grained kASLR

Is there a shortcut to RCE? Well, on Windows .LNK files could be just that. We also talk about a few others vulnerabilities impacting Windows, Pi-Hole and Netflix. And end by looking at Window's new hardware enforced Shadow Stack and a proof-of-concept for fine-grained kASLR on Linux.

• [00:01:26] The Netflix account compromise Bugcrowd doesn't want you to know about
  
  • https://bugcrowd.com/netflix
    
• [00:16:29] Where is my Train : Tracking to Hacking
  
• [00:23:07] Intel SGX removed from Rocket Skylake-S CPUs
  
• [00:28:25] Type 1 Font Parsing Remote Code Execution Vulnerability
  
• [00:33:49] Configuration Overwrite in IBM Cognos TM1 [CVE-2019-4716]
  
• [00:42:27] Remote Code Execution Through .LNK Files [CVE-2020-0729]
  
• [00:53:23] Pi-hole Remote Code Execution [CVE-2020-8816]
  
• [01:03:22] NordVPN - Unauthorized User Can Delete Any User Account
  
• [01:09:41] Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
  
  • https://blockchain-ctf.securityinnovation.com/#/
    
• [01:20:36] Understanding Hardware-enforced Stack Protection
  
  • https://windows-internals.com/cet-on-windows/
    
• [01:32:29] [RFC PATCH 00/11] Finer grained kernel address space randomization - Kristen Carlson Accardi
  
  • https://www.kryptoslogic.com/blog/2020/03/another-look-at-two-linux-kaslr-patches/
    
• [01:42:22] Slayer Labs
  
  • https://www.reddit.com/r/netsec/comments/fr8w8u/free_vpn_access_to_slayer_labs_networks/?sort=top
    

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)