Day[0]
dayzerosec
A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.
Episodes
Mentioned books
Mar 26, 2019 • 2h 1min
RE Tools, Ethereum, and Plaintext Passwords
00:00:50 Ghidra from XXE to RCE
00:08:50 Cutter (Radare2) Release
00:15:00 Daenerys IDA Pro and Ghidra Interoperability Framework
00:22:00 IDA Educational Release
00:39:35 Windows Defender on MacOS
00:59:20 A new Windows 10 KASLR Bypass
01:11:07 EVMFuzz Fuzzing Ethereum Virtual Machines
01:30:10 Researchers find 36 new security flaws in LTE Protocol
01:45:50 Facebook logging plaintext passwords
Other Interesting Links:
SecurityInnovation Blockchain CTF
Analysis of a Chrome Zero-Day (CVE-2019-5786) Writeup
Mar 18, 2019 • 1h 39min
CSG0-Days, Exploit Mitigations, and Voting Systems
00:00:30 Steam Client (CSGO) RCE
00:04:44 CS 1.6 Trojan.Belonard Malware Campaign
00:11:55 WebKit Structure ID Randomness Mitigation
00:20:48 Reuse Gadget Counts Whitepaper (ROP)
00:31:50 DTrace on Windows
00:38:20 Backdoor Attack in CNN's
00:55:05 DARPA's $10m Open Source Voting System
01:13:30 Vulnerability in Swiss E-Voting System
Mar 11, 2019 • 2h 16min
Zero-Days, Ghidra, and Questionable CVE's
00:00:00 Intro / General Discussion
00:00:55 Ghidra Overview (Pros, Cons)
00:30:20 Ghidra JDWP Debug Port 'Backdoor' Discussion
00:38:05 Ghidra and National Security
00:52:15 "Finding Unicorns: When The C++ Compiler Writes the Vuln" Discussion
01:06:15 "Windows 7 may insecurely load Dynamic Link Libraries" Discussion
01:21:40 "Exploiting Car Alarms" Discussion
01:45:05 XNU (Mac OS) Copy-on-Write Behavior Bypass Zero-Day Discussion
02:03:15 Chrome Zero-Day Discussion
