Day[0]

This discussion dives into the innovative use of CodeQL for uncovering hidden vulnerabilities, highlighting its customization benefits and the new platform QueryX. Large Language Models are showcased for their role in identifying SQLite vulnerabilities within real-world code. Insights from Google’s Threat Analysis Group on in-the-wild exploit chains reveal attackers' methods. The conversation also touches on emerging USB vulnerabilities and the evolving landscape of cybersecurity research and vulnerability documentation.

This discussion dives into the fascinating intersection of large language models and cybersecurity, revealing their potential to uncover zero-day vulnerabilities. Browser extensions come under scrutiny, highlighting their security risks and the need for user awareness. CyberPanel's flaws are explored, focusing on authentication issues and their implications. The conversation shifts to Apple's bug bounty program aimed at private cloud vulnerabilities, showcasing the heightened focus on security in tech. Finally, insights from Bluetooth fuzzing research add another layer to the cybersecurity dialogue.

Dive into the thrilling world of hacking as the host shares insights from Hardwear.IO, featuring a groundbreaking PS5 hypervisor exploit demo. Explore recent developments from DEF CON 32, revealing shifts in community dynamics and interactions with government entities. Discover the intricate vulnerabilities within AMD CPUs and the importance of Secure Boot. The conversation also touches on the complexities of filesystem security in gaming and innovative cheating detection methods. Uncover unique storytelling on bot detection in game development that adds a personal touch to the tech narrative.

A shocking vulnerability in Zendesk has left many Fortune 500 companies exposed. The team dives into the ethical dilemmas surrounding bug bounties and the company's lackluster response. They also tackle fuzzing challenges in software testing, highlighting innovative strategies and tools. Moreover, a fascinating method of hacking Linux via electromagnetic pulses with a lighter reveals unexpected security risks. The discussion wraps up with a look at memory exploits in modern systems, emphasizing the need for ongoing research in cybersecurity.

This recap dives into the latest from Phrack and insights from the Off-by-One conference. The hosts dissect vulnerabilities in Factorio's Lua scripting, uncovering potential for remote code execution. They also detail the critical PHP Icon V flaw and its exploitation risks. Mixed reactions emerge regarding a recent frack issue, alongside key discussions on vulnerability research and GPU exploits. The podcast wraps up with reflections on the summer and a peek at future explorations into PS5 hypervisor vulnerabilities.

This discussion dives into exploiting Android WebViews using HSTS, revealing vulnerabilities in URL parsing that can lead to privilege escalation. It also uncovers clickjacking risks via YouTube embeds in Google Slides, emphasizing clever redirection tactics. The conversation then shifts to the CUPS attack, examining critical vulnerabilities in the Common Unix Printing System that pose serious threats. Additionally, there's a critique of vulnerability scoring systems and the ethical dilemmas surrounding cybersecurity disclosures.

In this week's episode, we discuss Microsoft's summit with vendors on their intention to lock down the Windows kernel from endpoint security drivers and possibly anti-cheats. We also talk cryptography and about the problems of nonce reuse. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/256.html [00:00:00] Introduction [00:01:12] Friends don’t let friends reuse nonces [00:13:22] Serious Cryptography, 2nd Edition [00:14:30] Taking steps that drive resiliency and security for Windows customers Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Dive into the art of hacking with a fresh perspective on iterative exploit development! The hosts discuss the recent Intel SGX fuse key leak, unpacking its implications and how it occurred. Explore innovative strategies for engaging with black box systems and the critical role of hardware security in safeguarding data integrity. Emphasis is placed on self-directed learning and creative exploration in exploit strategies, making this a must-listen for tech enthusiasts keen on deepening their understanding of vulnerabilities.

Memory corruption is a difficult problem to solve, but many such as CISA are pushing for moves to memory safe languages. How viable is rewriting compared to mitigating? Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/254.html [00:00:00] Introduction [00:01:12] Clarifying Scope & Short/Long Term [00:04:28] Mitigations [00:15:37] Safe Languages Are Falliable [00:21:20] Weaknesses & Evolution of Mitigations [00:29:19] Rewriting and the Iterative Process [00:34:55] The Rewriting Scalability Argument [00:41:43] System vs App Bugs [00:48:46] Mitigations & Rewriting Are Not Mutually Exclusive [00:50:25] Corporate vs Open Source [00:54:12] Generational Change [00:56:18] Conclusion Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Change is in the air for the DAY[0] podcast! In this episode, we go into some behind the scenes info on the history of the podcast, how it's evolved, and what our plans are for the future. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/253.html [00:00:00] Introduction [00:01:30] Early days of the DAY[0] podcast [00:14:10] Split into bounty and binary episodes [00:21:50] Novelty focus on topic selection [00:30:47] Difficulties with the current format [00:40:18] Change [00:48:02] New direction for content [00:57:42] Conclusions & Feedback Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9