172 - Patch Gaps and Apple Neural Engine Vulns
The end of kASLR bypasses? Probably just click-bait, but the patch gap is real and we discuss that a bit before getting into a couple AI-based corruptions.
Posts tagged 'Podcast'
171 - Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage
Some RCE chains starting with DNS rebinding, always fun to see, a fairly basic SQL injection, and a JS sandbox escape for RCE in Spotify.
170 - Hacking Pixel Bootloaders and Injecting Bugs
A hardware heavy episode as we talk about two read protection bypasses, Pixel 6 bootloader exploitation and benchmarking fuzzers.
169 - Racing Grafana, Stealing Mastadon Passwords, and Cross-Site Tracing
This week has the return of cross-site tracing, HTML injection, a golang specific vulnerable code pattern, and a fun case-sensitivity auth bypass.
168 - Exploiting Undefined Behavior and a Chrome UAF
Is the compiler making exploitation easier, these divergent representations seem to do so. We also look at a chrome UAF and a double stack overflow.
167 - Bypassing Pixel Lock Screens and Checkmk RCE
A Pixel Lockscreen bypass and some discussion about dupes in bug bounty, then a long RCE chain, and a look at client-side path traversals.
166 - OpenSSL Off-by-One, Java XML Bugs, and an In-the-Wild Samsung Chain
A lot of discussion about the OpenSSL vulnerability, fuzzing and exploitation. Then into a RCE in XML Signature verification, and a Samsung exploit chain.
165 - Apache Batik, Static Site Generators, and an Android App Vuln
Several slightly weird issues this week, a reentrancy attack abusing a read-only function, SSRF and XSS through a statically generated website and others.
164 - XNU's kalloc_type, Stranger Strings, and a NetBSD Bug
Kicking off the week with a look at Apple's new security blog and the kalloc_type introduced into XNU, then a mix of issues including an overflow in SQLite.
163 - A Galaxy Store Bug, Facebook CSRF, and Google IDOR
Several simple bugs with significant impacts, XSS to being able to install apps, CSRFing via a Captcha, and a Google IDOR.