Episode 64 - Industrial Control Fails and a Package disguised in your own supply
![DAY[0] Discord](/social/discord.png)
"Beg Bounty" hunters, dependency confusion, iOS kernel vuln, and how not to respond to security research.
- [00:00:59] Florida Water Treatment Facility Hacked
- [00:09:19] Have a domain name? "Beg bounty" hunters may be on their way
- [00:20:14] FootFallCam and MetaTechnology Drama
- [00:28:33] Telegram privacy fails [CVE-2021-27204] [CVE-2021-27205]
- [00:36:43] Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
- [00:44:33] Exploiting a Second-Order SQL Injection in LibreNMS [CVE-2020-35700]
- [00:50:46] Swarm of Palo Alto PAN-OS vulnerabilities
- [00:56:25] Advantech iView Missing Authentication RCE [CVE-2021-22652]
- [01:02:30] Windows kernel zero-day exploit [CVE-2021-1732]
- [01:08:50] Analysis and exploitation of the iOS kernel vulnerability [CVE-2021-1782]
- [01:20:10] Misusing Service Workers for Privacy Leakage
- [01:27:53] security things in Linux v5.8
- [01:40:42] Linux Heap Exploitation - Part 2
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)