Day[0]

A lot of discussion this week about OSS security and security processes, an iOS kernel type confusion and MediaTek Bootloader bypass impacting everything since atleast 2014. [00:04:54] Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html [00:15:18] Launching OSV - Better vulnerability triage for open source https://security.googleblog.com/2021/02/launching-osv-better-vulnerability.html [00:22:38] Most Common Bugs of 2021 So Far https://www.bugcrowd.com/blog/common-bugs-of-2021/ [00:31:59] Exploiting the Nespresso smart cards for fun and coffee https://pollevanhoof.be/nuggets/smart_cards/nespresso [00:39:10] Spoofing and Attacking With Skype https://blog.thecybersecuritytutor.com/spoofing-and-attacking-with-skype/ [00:45:01] Getting root on webOS https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html [00:51:31] Applying Offensive Reverse Engineering to Facebook Gameroom https://spaceraccoon.dev/applying-offensive-reverse-engineering-to-facebook-gameroom [00:59:36] Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered [01:06:32] MTK Bypass Universal https://megafon929.github.io/mtk [01:14:13] Project Zero: iOS Kernel privesc with turnstiles [CVE-2020-27932] https://googleprojectzero.blogspot.com/p/rca-cve-2020-27932.htmlhttps://googleprojectzero.blogspot.com/p/rca.html [01:21:41] Why Security Defects Go Unnoticed during Code Reviews? http://amiangshu.com/papers/paul-ICSE-2021.pdf Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Starting with a long discussion about the North Korean hackers targeting security reseachers, and some thoughts (rants) about the newly released Windows exploit dev course from Offensive Security before getting into some real exploits including NAT Slipstreaming 2.0 and a new Sudo vuln. [00:00:52] About the security content of iOS 14.4 and iPadOS 14.4 https://support.apple.com/en-us/HT212146 [00:02:42] New campaign targeting security researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/https://twitter.com/pwn_expoit/status/1354024291398950913https://twitter.com/chris_salls/status/1353989045617975297 [00:44:45] New Exploit Dev Course: EXP-301 https://www.offensive-security.com/offsec/new-course-exp301/https://wargames.ret2.systems/ [01:04:53] Linksys WRT160NL – Authenticated Command Injection [CVE-2021-25310] https://research.nccgroup.com/2021/01/28/technical-advisory-linksys-wrt160nl-authenticated-command-injection-cve-2021-25310/ [01:07:13] Vulnerabilities within TikTok Friend-Finder https://research.checkpoint.com/2021/tiktok-fixes-privacy-issue-discovered-by-check-point-research/ [01:14:07] BitLocker touch-device lockscreen bypass https://secret.club/2021/01/29/touch-lockscreen-bypass.html [01:20:53] NAT Slipstreaming v2.0 https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/https://samy.pl/slipstream/ [01:26:35] [Security fix] Libgcrypt 1.9.1 released https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.htmlhttps://dev.gnupg.org/rC512c0c75276949f13b6373b5c04f7065af750b08 [01:30:44] Baron Samedit: Heap-based buffer overflow in Sudo [CVE-2021-3156] https://www.openwall.com/lists/oss-security/2021/01/26/3https://github.com/sudo-project/sudo/commit/1f8638577d0c80a4ff864a2aad80a0d95488e9a8https://github.com/lockedbyte/CVE-Exploits/tree/master/CVE-2021-3156 [01:44:49] Exploiting a “Simple” Vulnerability – Part 1.5 – The Info Leak https://windows-internals.com/exploiting-a-simple-vulnerability-part-1-5-the-info-leak/ [01:50:53] Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref https://www.thezdi.com/blog/2021/1/27/zdi-can-12671-windows-kernel-dosprivilege-escalation-via-a-null-pointer-deref [01:56:31] XS-Leaks in redirect flows https://docs.google.com/presentation/d/1rlnxXUYHY9CHgCMckZsCGH4VopLo4DYMvAcOltma0og/edit#slide=id.g63e29d5a06_0_0 [02:02:13] Keeping your GitHub Actions and workflows secure: Untrusted input https://securitylab.github.com/research/github-actions-untrusted-input [02:08:04] iOS Security Tutorial - Patching ASLR in the Kernel https://www.youtube.com/watch?v=Gszvbi8AU68 [02:08:58] Project Zero: A Look at iMessage in iOS 14 https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html [02:09:37] Effectively Fuzzing the IPC Layer in Firefox https://blog.mozilla.org/attack-and-defense/2021/01/27/effectively-fuzzing-the-ipc-layer-in-firefox/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on

This week is a shorter episode, but still some solid bugs to look at. From a full chain Chrome exploit, to a Kindle chain from remote to root and a eBPF incorrect calculation leading to OOB read/write. [00:00:41] Albicla launch clusterfuck https://www.reddit.com/r/programminghorror/comments/l25ppk/albicla_launch_clusterfuck/ [00:04:41] [NordVPN] RCE through Windows Custom Protocol on Windows client https://hackerone.com/reports/1001255 [00:09:00] Chaining Multiple bugs for Unauthenticated RCE in the SolarWinds Orion Platform https://www.thezdi.com/blog/2021/1/20/three-bugs-in-orions-belt-chaining-multiple-bugs-for-unauthenticated-rce-in-the-solarwinds-orion-platform [00:18:50] The Embedded YouTube Player Told Me What You Were Watching (and more) https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/ [00:24:27] The State of State Machines https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.htmlhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2085 [00:34:21] KindleDrip - From Your Kindle’s Email Address to Using Your Credit Card https://medium.com/realmodelabs/kindledrip-from-your-kindles-email-address-to-using-your-credit-card-bb93dbfb2a08 [00:44:00] New campaign targeting security researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ [00:44:42] An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier https://www.thezdi.com/blog/2021/1/18/zdi-20-1440-an-incorrect-calculation-bug-in-the-linux-kernel-ebpf-verifier [00:49:18] Chat Question: What do we think of HackTheBox https://hackthebox.eu [00:53:51] Bad Pods: Kubernetes Pod Privilege Escalation https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation [00:53:24] [Linux Kernel Exploitation 0x2] Controlling RIP and Escalating privileges via Stack Overflow https://blog.k3170makan.com/2021/01/linux-kernel-exploitation-0x2.htmlhttps://pwn.college/modules/kernel Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Several lockscreen-related vulnerabilities this week, a cross-site leak,  and the hijacking of all .cd domains.   One important thing to mention about this weeks episode that was  neglected during the discussion is that the BitLocker Lockscreen Bypass  is a lockscreen bypass. It does not necessarily provide access to data  Bitlocker protects. If Bitlocker is being run in "transparent operation  mode" where the ability to login is all that is necessary to decrypt  data, then this vulnerability can grant access to encrypted data. [00:00:00] Introduction https://dayzerosec.com/ [00:00:59] Slayer Labs https://slayerlabs.com/ [00:12:03] BugTraq Shutdown https://seclists.org/bugtraq/2021/Jan/0 [00:17:22] Data Security on Mobile Devices https://securephones.io/ [00:27:08] Running a fake power plant on the internet for a month https://grimminck.medium.com/running-a-fake-power-plant-on-the-internet-for-a-month-4a624f685aaa [00:33:43] BitLocker Lockscreen bypass https://secret.club/2021/01/15/bitlocker-bypass.html [00:39:30] [Linux Mint] Screensaver lock by-pass via the virtual keyboard https://github.com/linuxmint/cinnamon-screensaver/issues/354 [00:43:02] [NextCloud] Bypassing Passcode/Device credentials https://hackerone.com/reports/747726 [00:51:02] How I hijacked the top-level domain of a sovereign state https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/ [01:00:28] Laravel <= v8.4.2 debug mode: Remote code execution https://www.ambionics.io/blog/laravel-debug-rce [01:05:47] Leaking silhouettes of cross-origin images https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/ [01:10:36] Escaping VirtualBox 6.1: Part 1 https://secret.club/2021/01/14/vbox-escape.html [01:17:15] Hunting for Bugs in Windows Mini-Filter Drivers https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html [01:18:33] Project Zero: Introducing the In-the-Wild Series https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

A new universal deserialization gadget for Ruby, a Rocket.Chat SAML auth bypass, and some heap exploitation research. [00:00:36] Cybersecurity Knowledge and Skills Taught in Capture the Flag Challenges https://arxiv.org/pdf/2101.01421v1.pdf [00:10:36] Universal Deserialisation Gadget for Ruby 2.x-3.x https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html [00:13:54] Stealing Your Private YouTube Videos, One Frame at a Time https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/ [00:21:43] Rocket.chat - SAML authentication bypass https://hackerone.com/reports/1049375 [00:25:49] curl is vulnerable to SSRF due to improperly parsing the host component of the URL https://hackerone.com/reports/704621 [00:31:02] Issue 2095: Node.js: use-after-free in TLSWrap https://bugs.chromium.org/p/project-zero/issues/detail?id=2095 [00:35:28] Preventing Use-After-Free Attacks with Fast Forward Allocation https://gts3.org/assets/papers/2021/wickman:ffmalloc.pdf [00:49:38] Automatic Techniques to Systematically Discover New Heap Exploitation Primitives https://www.usenix.org/system/files/sec20fall_yun_prepub.pdf [00:59:50] A Samsung RKP Compendium https://blog.longterm.io/samsung_rkp.html [01:11:32] Analyzing CVE-2020-16040 https://faraz.faith/2021-01-07-cve-2020-16040-analysis/ [01:13:51] HexLasso Online https://suszter.com/hexlasso-online/ [01:15:30] A Side Journey to Titan https://ninjalab.io/a-side-journey-to-titan/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

An update on Apple v. Corellium, some 3DS vulnerabilities, and some drama on this weeks episode. [00:00:34] Remote Chaos Experience https://media.ccc.de/c/rc3 [00:20:06] Apple Inc. v. Corellium, LLC https://www.courtlistener.com/docket/16064642/784/apple-inc-v-corellium-llc/ [00:28:17] The Great Suspender - New maintainer is probably malicious https://github.com/greatsuspender/thegreatsuspender/issues/1263 [00:36:59] An HTML Injection Worth 600$ Dollars https://medium.com/bugbountywriteup/a-html-injection-worth-600-dollars-5f065be0ab49 [00:44:06] Zoom Meeting Connector Post-Auth Remote Root https://packetstormsecurity.com/files/160736/zoomer.py.txt [00:46:21] Hijacking Google Docs Screenshots https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/ [00:49:49] Nintendo 3DS - Improper certificate validation allows an attacker to perform MitM attacks https://hackerone.com/reports/894922 [00:52:02] Nintendo 3DS - Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player https://hackerone.com/reports/897606https://twitter.com/forestillusion/status/1341230631913541633https://news.ycombinator.com/item?id=25508782 [00:55:45] Apple macOS 6LowPAN Vulnerability [CVE-2020-9967] https://alexplaskett.github.io/CVE-2020-9967/ [01:01:24] An iOS hacker tries Android https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html [01:14:29] Turning Imprisonment to Advantage in the FreeBSD ftpd chroot Jail [CVE-2020-7468] https://www.thezdi.com/blog/2020/12/21/cve-2020-7468-turning-imprisonment-to-advantage-in-the-freebsd-ftpd-chroot-jail [01:18:36] Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More) https://arxiv.org/abs/2012.07432 [01:27:17] Helping secure DOMPurify (part 1) https://research.securitum.com/helping-secure-dompurify-part-1/ [01:28:23] A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation https://github.com/ant4g0nist/Vulnerable-Kext [01:30:01] PS4 7.02 WebKit + Kernel Chain Implementation https://github.com/ChendoChap/ps4-ipv6-uaf/tree/7.00-7.02 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Big news this week as several government agencies and contractors may have been compromised. We also have a number of great writeups this week covering everything from a PS4 webkit exploit, MacOS, and Windows. [00:00:25] CISA issues emergency directive for SolarWinds Orion products compromise https://twitter.com/CISAgov/status/1338348931571445762https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000162828020017451/swi-20201214.htmhttps://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.htmlhttps://twitter.com/KimZetter/status/1338305089597964290https://twitter.com/mamah1987/status/1338369455177523201https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network [00:26:53] Finding Critical Open Source Projects https://opensource.googleblog.com/2020/12/finding-critical-open-source-projects.htmlhttps://github.com/ossf/criticality_score [00:33:46] Vulnerabilities in McAfee ePolicy Orchestrator https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ [00:39:20] Chat Question: How to get good at exploit dev [00:44:34] Novel Abuses On Wi-Fi Direct Mobile File Transfers https://blog.doyensec.com//2020/12/10/novel-abuses-wifi-direct-mobile-file-transfers.html [00:47:55] PsExec Local Privilege Escalation https://medium.com/tenable-techblog/psexec-local-privilege-escalation-2e8069adc9c8 [00:52:31] Windows: WOF FSCTL_SET_REPARSE_POINT_EX Cached Signing Level SFB https://bugs.chromium.org/p/project-zero/issues/detail?id=2088 [01:01:07] This is for the Pwners: Exploiting a WebKit 0-day in PlayStation 4 https://www.synacktiv.com/en/publications/this-is-for-the-pwners-exploiting-a-webkit-0-day-in-playstation-4.html [01:08:51] Game On - Finding vulnerabilities in Valve’s "Steam Sockets" https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/ [01:14:57] Apple macOS Kernel OOB Write Privilege Escalation Vulnerability [CVE-2020-27897] https://www.thezdi.com/blog/2020/12/9/cve-2020-27897-apple-macos-kernel-oob-write-privilege-escalation-vulnerability [01:17:22] ABSTRACT SHIMMER: Host Networking is root-Equivalent, Again [CVE-2020-15257] https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again/ [01:24:41] Now you C me, now you don't, part two: exploiting the in-between https://securitylab.github.com/research/now-you-c-me-part-two [01:36:04] Portable Data exFiltration: XSS for PDFs https://portswigger.net/research/portable-data-exfiltration [01:45:27] HackerOne's 12 Days of Hacky Holidays https://hackerone.com/h1-ctf?type=team [01:47:55] The 2020 SANS Holiday Hack Challenge https://holidayhackchallenge.com/2020/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Some solid exploit development talk in this episode as we look at an iOS vuln, discuss the exploitability of a cURL buffer overflow and examine a new kernel UAF mitigation. [00:00:43] Improving open source security during the Google summer internship program https://security.googleblog.com/2020/12/improving-open-source-security-during.html [00:03:35] Justices seem wary of breadth of federal computer fraud statute https://www.scotusblog.com/2020/12/argument-analysis-justices-seem-wary-of-breadth-of-federal-computer-fraud-statute/ [00:11:37] Update regarding Snapchat SSRF https://hackerone.com/reports/530974 [00:12:53] A 3D Printed Shell https://www.securifera.com/blog/2020/12/02/a-3d-printed-shell/ [00:20:19] Site Wide CSRF on Glassdoor https://blog.witcoat.com/2020/12/03/site-wide-csrf-on-glassdoor/ [00:24:24] [GitLab] Stored-XSS in error message of build-dependencies https://hackerone.com/reports/950190 [00:27:44] Playstation Now RCE https://hackerone.com/reports/873614 [00:32:29] MS Teams RCE (Important, Spoofing) https://github.com/oskarsve/ms-teams-rce/ [00:38:34] An iOS zero-click radio proximity exploit odyssey https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.htmlhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1982 [00:54:58] [curl] heap-based buffer overrun in /lib/urlapi.c https://hackerone.com/reports/547630 [01:02:51] Google Duo: Race condition can cause callee to leak video packets from unanswered call https://bugs.chromium.org/p/project-zero/issues/detail?id=2085 [01:05:35] Linux kernel heap quarantine versus use-after-free exploits https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.htmlhttps://lore.kernel.org/kernel-hardening/CAG48ez1tNU_7n8qtnxTYZ5qt-upJ81Fcb0P2rZe38ARK=iyBkA@mail.gmail.com/T/#u [01:13:23] Hey Alexa what did I just type? Decoding smartphone sounds with a voice assistant https://arxiv.org/abs/2012.00687 [01:22:57] XS-Leaks Wiki https://xsleaks.dev/https://security.googleblog.com/2020/12/fostering-research-on-new-web-security.html [01:27:14] Hacking 101 by No Starch Press https://www.humblebundle.com/books/hacking-101-no-starch-press-books [01:33:40] Gamozo Labs FuzzOS https://gamozolabs.github.io/fuzzing/2020/12/06/fuzzos.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

More SD-PWN, more Tesla hacks, potential RCE in Drupal, and a couple windows vulns. [00:00:27] Congress unanimously passes federal IoT security law https://blog.rapid7.com/2020/11/18/congress-unanimously-passes-federal-iot-security-law/ [00:06:52] The Supreme Court will hear its first big CFAA case https://www.scotusblog.com/2020/11/case-preview-justices-to-consider-breadth-of-federal-computer-fraud-statute/ [00:13:35] How much is unauthorized access sold for? https://xorl.wordpress.com/2020/08/26/how-much-is-unauthorized-access-sold-for/ [00:20:10] Getting Banned for Security Research https://nedwill.github.io/blog/jekyll/update/2020/11/25/banned-for-research.html [00:33:11] SD-PWN Part 3 - Cisco vManage https://medium.com/realmodelabs/sd-pwn-part-3-cisco-vmanage-another-day-another-network-takeover-15731a4d75b7 [00:36:10] SD-PWN Part 4 - VMware VeloCloud https://medium.com/realmodelabs/sd-pwn-part-4-vmware-velocloud-the-last-takeover-a7016f9a9175 [00:40:39] CVE-2020-7378: OpenCRX Unverified Password Change (FIXED) https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/ https://github.com/opencrx/opencrx/commit/389ff0e22851407560091dfd25b25fee0b384eed?branch=389ff0e22851407560091dfd25b25fee0b384eed&diff=split#diff-2bb58016ce7d5cdb2f11bdb60d4aa7dd5c2e2cb816c9120a7f36ac93d0b64f33L702 [00:43:54] Multiple vulnerabilities through filename manipulation (CVE-2020-28948 and CVE-2020-28949) https://github.com/pear/Archive_Tar/issues/33 https://www.drupal.org/sa-core-2020-013 [00:47:14] SSRFs caused by bad RegEx in "private-ip" https://johnjhacking.com/blog/cve-2020-28360/ [00:53:13] [SnapChat] Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata https://hackerone.com/reports/530974 [00:57:50] Serious flaws in Tesla Model X keyless entry system https://www.imec-int.com/en/press/belgian-security-researchers-ku-leuven-and-imec-demonstrate-serious-flaws-tesla-model-x [01:03:48] Windows Print Spooler Vulnerability https://www.accenture.com/us-en/blogs/cyber-defense/discovering-exploiting-shutting-down-dangerous-windows-print-spooler-vulnerability [01:08:30] Exploiting a “Simple” Vulnerability - In 35 Easy Steps or Less! https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less/ https://twitter.com/gabe_k/status/1330966182543777792 There was previously a link to br0vvnn here, this blog has been shown to be part of an attempt to compromise security researchers. https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers [01:17:55] Hitcon2020 Challenge Files + Solutions https://github.com/david942j/ctf-writeups/tree/master/hitcon-2020 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

This week we talk a bit about some Black Friday deals before jumping into another SD-WAN pwn, some jailbreaks, and research into automatic exploit generation. [00:00:40] Black Friday is coming... VMWare - Usually ~35% off Shodan - $5 lifetime, last year they ran the deal before and after Black Friday so pay attention. Pluralsight - 40% off INE - 40% off (access to all eLearnSecurity courses) Cybrary.it - $600 off PentesterLab - Last year was 13.37% off NoStarchPress - Last year was 42% off O'Reilly Online Learning - $199/year (normally $500/yr) Pentester Academy - 70% off (covid "perma-deal") [00:10:03] Oracle Security Alert - CVE-2020-14750 https://twitter.com/chybeta/status/1323220987442208769 [00:13:34] FileZilla "Scale Factor" field is vulnerable of Buffer Overflow [00:21:33] Playstation Access Token Stealing https://hackerone.com/reports/826394 [00:27:54] SD-PWN Part 2 - Citrix SD-WAN Center - Another Network Takeover [00:37:19] Exploiting dynamic rendering engines to take control of web apps [00:42:34] Privileged Container Escape - Control Groups release_agent [00:47:23] Modern attacks on the Chrome browser [00:58:57] Jailbreaks Never Die - Exploiting iOS 13.7 [01:08:27] Kernel Exploitation with a File System Fuzzer [01:13:57] Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])