Episode 55 - Bad Blocklists, Legal News, and Windows Vulns
More SD-PWN, more Tesla hacks, potential RCE in Drupal, and a couple windows vulns.
- [00:00:27] Congress unanimously passes federal IoT security law
- [00:06:52] The Supreme Court will hear its first big CFAA case
- [00:13:35] How much is unauthorized access sold for?
- [00:20:10] Getting Banned for Security Research
- [00:33:11] SD-PWN Part 3 - Cisco vManage
- [00:36:10] SD-PWN Part 4 - VMware VeloCloud
- [00:40:39] CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)
- [00:43:54] Multiple vulnerabilities through filename manipulation (CVE-2020-28948 and CVE-2020-28949)
- [00:47:14] SSRFs caused by bad RegEx in "private-ip"
- [00:57:50] Serious flaws in Tesla Model X keyless entry system
- [01:03:48] Windows Print Spooler Vulnerability
- [01:08:30] Exploiting a “Simple” Vulnerability - In 35 Easy Steps or Less!
- [01:17:55] Hitcon2020 Challenge Files + Solutions
Watch the DAY podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)