Leading off this week's discussion is the news about the now remote CCC and Offensive Security's plans to retire OSCE. On the exploit side of things, this week we have a few recent bug bounties including a Google Maps XSS, a FreeBSD TOCTOU, and a couple of Linux kernel vulnerabilities.
A quick chat about E2E Crypto and Zoom, followed by a few noteworth exploits including Bluetooth impersonation, a 15-year old qmail CVE, NordVPN, and an RCE in Google. Ending with some mitigation research looking at making singlely linked lists safe, XSS prevention, and Code-Reuse Gadgets.
Are iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0].
It was a busy week, Microsofts Github account was hacked, Centurylink Routers have no security, and multiple interactionless RCEs in Samsung phones.
Authentication bypasses, SQL injection, command injection, and more in this web-exploit heavy episode.
Since we forgot to cover it when it came out, we look at Relyze's new decompiler that is available on the free version. There is also some sandbox escaping, some crypto issues (AMD's SME/SEV) and even some IBM 0days.
Zoom vuln worth $500k? Probably not... What is worth $500k? Binary Ninja's new decompiler...okay probably not but it is exciting.We've also got some stupid issues and some interesting LPEs this episode.
Starting off the week with a discussion about the disappointing IDA Home, before moving into a few easy command injections, code-reuse attacks applied to XSS, detecting trojaned hardware and ending with a subtle crypto-bug.
First, we talk about Facebook trying to buy some spyware, and then we feast upon a number of Zoom "vulns." Follow that up wtih some interesting vulnerabilities including a hyper-visor Guest-to-host escape, a complicated Safari permissions bypass, and a Gitlab Parser Differential.
Is there a shortcut to RCE? Well, on Windows .LNK files could be just that. We also talk about a few others vulnerabilities impacting Windows, Pi-Hole and Netflix. And end by looking at Window's new hardware enforced Shadow Stack and a proof-of-concept for fine-grained kASLR on Linux.