Episode 36 - Zoom-ers, VM Escapes, and Pegasus Resurfaces

First, we talk about Facebook trying to buy some spyware, and then we feast upon a number of Zoom "vulns." Follow that up wtih some interesting vulnerabilities including a hyper-visor Guest-to-host escape, a complicated Safari permissions bypass, and a Gitlab Parser Differential.

• [00:09:39] Facebook tried to buy NSO Group's iOS spyware to monitor iPhone users
  
• [00:14:57] Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings
  
• [00:28:36] Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1
  
• [00:33:28] Bug bounty platforms buy researcher silence, violate labor laws, critics say
  
• [00:54:04] Zoom NTLM Hash Leak
  
• [00:59:52] The 'S' in Zoom, Stands for Security
  
• [01:06:00] Use-After-Free Vulnerability in the VMware Workstation DHCP Component [CVE-2020-3947]
  
  • https://www.vmware.com/security/advisories/VMSA-2020-0004.html
    
  • https://www.zerodayinitiative.com/advisories/ZDI-20-298/
    
• [01:15:46] Exploiting SMBGhost for a Local Privilege Escalation [CVE-2020-0796]
  
• [01:26:39] How to exploit parser differentials
  
• [01:37:15] Unauthorized Camera access on iOS and macOS
  
• [01:49:15] [Slack] Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation
  
• [01:54:29] Physically Realizable Adversarial Examples for LiDAR Object Detection
  
• [02:01:47] Attack matrix for Kubernetes
  
• [02:03:42] Project Zero: TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln
  
• [02:04:21] Tale of two hypervisor bugs - Escaping from FreeBSD bhyve
  
• [02:08:29] So you want to be a web security researcher?
  

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)