Using a User Name in a Web Site

Zoom vuln worth $500k? Probably not... What is worth $500k? Binary Ninja's new decompiler...okay probably not but it is exciting.We've also got some stupid issues and some interesting LPEs this episode.

• [00:00:29] Cognizant suffers Maze Ransomware cyber attack
  
• [00:14:08] Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000
  
• [00:27:46] How I Reverse Engineered the LastPass CLI Tool
  
• [00:35:59] State of the Ninja: Episode 13
  
• [01:02:18] Riot offering up to $100k n Bug Bounty
  
• [01:05:31] Research Grants to support Google VRP Bug Hunters during COVID-19
  
• [01:09:08] Denial of service to WP-JSON API by cache poisoning
  
• [01:11:43] CSRF to RCE bug chain in Prestashop
  
• [01:21:16] Unintended disclosure of OTP
  
• [01:24:20] JSON Web Token Validation Bypass in Auth0 Authentication API
  
• [01:27:06] git: Newline injection in credential helper
  
• [01:31:20] How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability
  
• [01:36:34] Pwning vCenter with CVE-2020-3952
  
• [01:45:19] Oracle Solaris 11.x/10 whodo/w Buffer Overflow
  
• [01:51:22] Linux Kernel EoP via Improper eBPF Program Verification [CVE-2020-8835]
  
• [01:57:39] Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices
  
  • https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c4f42c24e02ce82392d8f8fe215570568380c8ab
  
  
• [02:07:20] Ricerca Security: "SMBGhost pre-auth RCE
  
  • https://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/
  
  
• [02:14:01] IJON: Exploring Deep State Spaces via Fuzzing
  
• [02:23:26] Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
  
• [02:27:45] GitHub - wcventure/FuzzingPaper