Episode 67 - Buggy Browsers, Heap Grooming, and Broken RSA
This week we get to take a look into some basic heap grooming techniques as we examine multiple heap overflows. We also briefly discuss the hand-on (by the DoD and Synack) assessment of the "unhackable" morpheus chip, and briefly discuss the new-ish paper claiming to defeat RSA.
- [00:00:53] "This destroys the RSA cryptosystem." - Fast Factoring Integers by SVP Algorithms
- [00:06:55] DARPA pitted 500+ hackers against this computer chip. The chip won.
- [00:18:10] SaltStack API vulnerabilities
- [00:22:57] An Interesting Feature in the Samsung DSP Driver
- [00:30:50] Pre-Auth Remote Code Execution in VMware ESXi [CVE-2020-3992 CVE-2021-21974]
- [00:39:05] Defeating the TP-Link AC1750
- [00:44:52] Anatomy of an Exploit: RCE with CVE-2020-1350 SIGRed
- [00:57:11] Yet another RenderFrameHostImpl UAF
- [01:03:16] Webkit AudioSourceProviderGStreamer use-after-free vulnerability
Watch the DAY podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)