Day[0] Some Discord, a Bad Neighbor and a BleedingTooth
Oct 20, 2020
02:16:27
It has been a while since we had an exploit extravaganza but here we are. Several binary-level issues from Bad Neighbor on Windows to BleedingTooth on Linux, and several vulns in Qualcomm SoCs, even a Discord RCE.
- [00:00:57] Introducing Edge Vulnerability Research
- [00:06:57] Cache Partitioning in Chrome
- [00:10:29] Magma: A Ground-Truth Fuzzing Benchmark
- [00:25:27] "Bits Please!" - CVE-2020-16938
- [00:29:50] ContainerDrip [CVE-2020-15157]
- [00:40:01] Discord Desktop app RCE
- [00:52:34] Time Based SQLi via referrer header
- [00:57:35] PyYAML 0day
- [01:09:24] Phantom of the ADAS
- [01:15:03] Rollback Attack in Mozilla Maintenance Service
- [01:19:33] Glitching The MediaTek BootROM
- [01:25:05] AssaultCube RCE: Technical Analysis
- [01:32:27] CVE-2020-12928 - Privilege Escalation in AMD Ryzen Master
- [01:35:38] Major Vulnerabilities in Qualcomm QCMAP
- [01:42:58] Bad Neighbor - RCE in Windows ICMPv6 Router Advertisement
- [01:51:16] DOS2RCE: A New Technique to Exploit V8 NULL Pointer Dereference Bug (see: https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers)
- [01:56:34] BleedingTooth - Linux Bluetooth Zero-Click RCE
- [02:07:25] shmdt doesn't check the tag of pointers
- [02:12:29] Security Analysis of the CHERI ISA
- [02:13:18] Evading defences using VueJS script gadgets
- [02:14:32] Sega Master System Architecture - A Practical Analysis
- [02:14:52] IPC scripts for access to Intel CRBUS
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on