Some unusual issues this week as we get into some speculative executive issues, and some more usual Linux and Window's kernel vulnerabilities. Also some discussion about security through obscurity and the nvidia leaks.
No spot the vuln this week, but we do have a cool kernel bug, "Dirty Pipe", a look at a stack based overflow: BrokenPrint, and finally some discussion about memory tagging.
Quick episode with four somewhat simple bugs in JPEG parsing, a remote memory disclosure in libcurl due to the difference `sizeof(long)` on Linux vs Windows, and a heap out of bounds write in the Linux Kernel.
Just one vulnerability this week, a secure boot bypass, and some research into detecting compiler introduced bugs. Ending the week with a discussion about how to learn fuzzing.
This week we discuss taint analysis and where to use it compared with fuzzing, a couple buggy code patterns in Go to be on the lookout for, and another remote stack-overflow in the Kernel TIPC module.
A discussion heavy episode this week as we speculate about how some XNU code passed muster, and how to exploit a small overflow and weaponizing a large info-leak.
Binary ninja 3.0 just dropped, lets talk about that, then into pwnkit and a couple kernel bugs, and ending this week off with a discussion about dealing with imposter syndrome.
Short episode this week, stack smashing, integer overflowing and a more logical issue. Ending off with a discussion about what to do when you're stuck on CTFs.
We are back for the first 2022 binary episode, and its all kernel. Obtaining root through an hours long exploit process on Ubuntu thanks to an invalid free, use-after-free in XNU due to bad locking, and some terrible code in Samsung S20 DSP kernel driver with multiple integer overflows.
Hex-rays/Adobe cross-over as they move to a subscription model and we are not too happy about it, we also discuss a few interesting bugs this week from an odd optimization and a signedness bug in Chrome, to some mishandled null-bytes in runc, and a subtle object-state confusion in the Linux kernel
Starting off this week with the new humble bundle and some discussion about hacking books. Then onto the vulns, some OOB access, uninitalized memory, and iOS exploit strategy.