Some silly issues in radare2, some printer hacking, some kernel vulnerabilities, and a look at exploiting Fuchsia OS on this weeks episode. Just as a reminder this will be our last episode until September.
Just a couple vulnerabilities to talk about this week, but some interesting things to talk about in them. We also have some discussion about this year's pwn2own results and a couple things that caught out attention.
We have a couple normally low-impact bugs in Solana rBPF this week netting a $200k bounty, a Python 2.7+ Use-After-Free and a PS4 and PS5 remote kernel heap overflow along with some discussion about exploitability and usability for a jailbreak.
Just a few vulnerabilities this week, but we have some codeql discussion as its used to find several vulnerabilities in Accel-PPP VPN server, and a look at a bug submitted to Pwn2Own 2021.
A few vulnerabilities from a TOCTOU to an arbitrary free, and some research into using data-flow in your fuzzing.
We are joined by Cts for a discussion about getting into vulnerability research and some thoughts about the higher-level bug hunting process, then a look at some black-box fuzzing of MS Defender for IoT and a FUSE use-after-free.
A massive 11,000 byte overflow in WatchGuard, some discussion about lock-related vulnerabilities and analysis, and a look at a ChakraCore exploit dealing with all the mitigations (ASLR, DEP, CFG, ACG,CIG)
We dive into an ASN.1 parsing bug impacting iOS, and a PHP use-after-free to bypass disabled functions, ending the week with a discussion about whether or not its too late to get into this area of security.
More information about the FORCEDENTRY exploit chain, and some Linux exploitation with a couple netfilter bugs. Ending the episode with some discussion about exploiting blind kernel read primitives from Microsoft.
Plenty of exploit strategy talk this week with vulnerabilities and complete exploits targeting a NAS, a router, and a Linux Kernel module with a page-level overflow.