Episode 65 - PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking
A couple privacy violations, PDF exploits, and a complicated API being misused by developers.
- [00:00:48] Brave browser leaks onion addresses in DNS traffic
- [00:07:05] Tales of Favicons and Caches: Persistent Tracking in Modern Browsers
- [00:18:12] Shadow Attacks: Hiding and Replacing Content in Signed PDFs
- [00:28:20] Getting Information Disclosure in Adobe Reader Through the ID Tag
- [00:32:42] Middleware everywhere and lots of misconfigurations to fix
- [00:43:05] GPGme used confusion, it's super effective !
- [00:51:58] Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions
- [01:01:11] Hunting for bugs in Telegram's animated stickers remote attack surface
- [01:08:03] Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits
- [01:20:27] Model Skewing Attacks on Machine Learning Models
- [01:21:37] Future of Exploit Development - 2021 and Beyond
Watch the DAY podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)