Day[0] Attack of the CUPS and Exploiting Web Views via HSTS
Sep 30, 2024
This discussion dives into exploiting Android WebViews using HSTS, revealing vulnerabilities in URL parsing that can lead to privilege escalation. It also uncovers clickjacking risks via YouTube embeds in Google Slides, emphasizing clever redirection tactics. The conversation then shifts to the CUPS attack, examining critical vulnerabilities in the Common Unix Printing System that pose serious threats. Additionally, there's a critique of vulnerability scoring systems and the ethical dilemmas surrounding cybersecurity disclosures.
Chapters
Transcript
Episode notes
1 2 3 4 5 6 7 8
Intro
00:00 • 6min
Exploiting URL Parsing Vulnerabilities in Web Views
05:48 • 3min
Exploiting YouTube Embeds for Clickjacking
09:03 • 5min
Exploiting Redirects for One-Click Clickjacking Attacks
13:48 • 5min
Vulnerabilities in CUPS: A Cybersecurity Threat
18:28 • 5min
Critiquing CVEs and Vulnerability Scoring
23:35 • 19min
Navigating the Landscape of Vulnerability Disclosure
42:14 • 18min
Ethics and Vulnerabilities in Security
01:00:30 • 8min