Episode 53 - Hacking Voatz and Rooting Ubuntu
Some interesting tips and tricks as we look at multiple privileges escalations from XNU to Ubuntu, Bitdefender, and Dropbox (HelloSign).
- [00:01:31] Apple allegedly not crediting researchers
- [00:10:26] Response to Voatz's Supreme Court Amicus Brief
- [00:23:45] Standing up for developers: youtube-dl is back
- [00:30:05] HelloSign SSRF leads to AWS private key disclosure
- [00:38:02] Silver Peak Unity Orchestrator RCE
- [00:42:51] Get root by pretending nobody's /home
- [00:48:20] Project Zero: Oops, I missed it again!
- [00:55:12] Bitdefender: UPX Unpacking Featuring Ten Memory Corruptions
- [01:01:07] Sleep Attack: Intel Bootguard vulnerability waking from S3
- [01:05:56] SAD DNS Explained
- [01:12:02] Cache-in-the-Middle (CITM) Attacks: Manipulating Sensitive Data in Isolated Execution Envrionments
- [01:23:33] A Systematic Study of Elastic Objects in Kernel Exploitation
Watch the DAY podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)