Day[0]

MD5 is trending in 2021...a few kernel vulnerabilities, and some drama around pwn2own. [00:00:26] Update on git.php.net incident https://externals.io/message/113981 [00:06:38] Pwn2Own 2021 - Results https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results [00:18:53] CSGO exploit allows hackers to steal passwords, and Valve hasn't fixed it https://www.dexerto.com/csgo/csgo-exploit-allows-hackers-steal-passwords-valve-no-fix-1551056/?amp [00:26:20] I Built a TV That Plays All of Your Private YouTube Videos https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/ [00:33:27] Leak of all accounts mail login md5 pass https://hackerone.com/reports/514488 [00:37:11] What if you could deposit money into your Betting account for free? https://mikey96.medium.com/what-if-you-could-deposit-money-into-your-betting-account-for-free-24f6690aff46 [00:41:41] Zero click vulnerability in Apple’s macOS Mail https://mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c [00:44:54] Stored XSS on the DuckDuckGo search results page https://monke.ie/duckduckgoxss/ [00:49:13] Breaking GitHub Private Pages for $35k https://robertchen.cc/blog/2021/04/03/github-pages-xss [00:57:03] Royal Flush: Privilege Escalation Vulnerability in Azure Functions https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/ [01:01:38] QNAP Pre-Auth CGI_Find_Parameter RCE https://ssd-disclosure.com/ssd-advisory-qnap-pre-auth-cgi_find_parameter-rce/ [01:04:14] Domain Time II Upgrade Attack https://blog.grimm-co.com/2021/04/time-for-upgrade.html [01:07:12] Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html [01:15:57] BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.htmlhttps://a13xp0p0v.github.io/2020/02/15/CVE-2019-18683.html [01:28:05] BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html [01:29:07] Exploiting Windows RPC to bypass CFG mitigation https://iamelli0t.github.io/2021/04/10/RPC-Bypass-CFG.htmlhttps://medium.com/@mxatone/mitigation-bounty-from-read-write-anywhere-to-controllable-calls-ca1b9c7c0130#.9l7ejbkij [01:34:00] security things in Linux v5.9 https://outflux.net/blog/archives/2021/04/05/security-things-in-linux-v5-9/https://github.com/gcc-mirror/gcc/commit/d10f3e900b0377b4760a090b0f90371bcef01686https://twitter.com/kees_cook/status/1380271827281276928 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features. [00:00:46] nOtWASP bottom 10: vulnerabilities that make you cry https://portswigger.net/research/notwasp-bottom-10-vulnerabilities-that-make-you-cry [00:07:28] Click here for free TV! - Chaining bugs to takeover Wind Vision accounts https://labs.f-secure.com/blog/wind-vision-writeup/ [00:15:28] Elevate Yourself to Admin in Umbraco CMS 8.9.0 (CVE-2020-29454) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/elevate-yourself-to-admin-in-umb-cms-890-cve-2020-29454/ [00:23:19] "netmask" npm package vulnerable to octal input data [CVE-2021-28918] https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/ [00:28:38] [HackerOne] Jira integration plugin Leaked JWT https://hackerone.com/reports/1103582 [00:33:20] [Kaspersky] A vulnerability in KAVKIS 2020 products family allows full disabling of protection https://hackerone.com/reports/870615 [00:38:06] [Rocket.Chat] Account takeover via XSS https://hackerone.com/reports/735638 [00:43:18] This man thought opening a TXT file is fine, he thought wrong. macOS [CVE-2019-8761] https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html [00:52:41] Who Contains the Containers? https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html [01:06:11] Getting Code Execution on Apache Druid [CVE-2021-25646] https://www.thezdi.com/blog/2021/3/25/cve-2021-25646-getting-code-execution-on-apache-druid [01:12:59] Security Analysis of AMD Predictive Store Forwarding https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf [01:19:58] Pluralsight free for April https://www.pluralsight.com/ [01:21:54] Pwn2Own 2021 https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption. [00:00:46] Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/ [00:21:48] PHP Git Compromised https://news-web.php.net/php.internals/113838https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a [00:32:24] [Google Chrome] File System Access API vulnerabilities https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome [00:37:58] Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos https://hackerone.com/reports/1034257 [00:42:05] GHSL-2020-323: Template injection in a GitHub workflow of geek-cookbook https://securitylab.github.com/advisories/GHSL-2020-323-geek-cookbook-workflow/ [00:47:58] H2C Smuggling in the Wild https://blog.assetnote.io/2021/03/18/h2c-smuggling/https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c [00:53:27] H2C Smuggling in the Wild https://blog.assetnote.io/2021/03/18/h2c-smuggling/ [00:57:18] Multiple Authorization bypass issues in Google's Richmedia Studio https://www.ehpus.com/post/multiple-authorization-bypass-issues-in-google-s-richmedia-studio [01:06:15] DD-WRT UPNP Buffer Overflow https://ssd-disclosure.com/ssd-advisory-dd-wrt-upnp-buffer-overflow/https://github.com/mirror/dd-wrt/commit/da1d65a2ec471f652c77ae0067544994cdaf5e27 [01:10:36] GHSL-2021-045: Integer Overflow in GLib - [CVE-2021-27219] https://securitylab.github.com/advisories/GHSL-2021-045-g_bytes_new/ [01:14:12] Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities https://raelize.com/blog/qualcomm-ipq40xx-analysis-of-critical-qsee-vulnerabilities/ [01:22:50] One day short of a full chain: Part 3 - Chrome renderer RCE https://securitylab.github.com/research/one_day_short_of_a_fullchain_renderer/ [01:35:37] Chat Question: Where to learn about Windows Heap exploitation https://dayzerosec.com [01:39:44] Adobe Reader CoolType arbitrary stack manipulation in Type 1/Multiple Master othersubrs 14-18 https://bugs.chromium.org/p/project-zero/issues/detail?id=2131 [01:46:26] Eliminating XSS from WebUI with Trusted Types https://microsoftedge.github.io/edgevr/posts/eliminating-xss-with-trusted-types/ [01:54:19] Hidden OAuth attack vectors https://portswigger.net/research/hidden-oauth-attack-vectors [02:03:05] The Future of C Code Review https://research.nccgroup.com/2021/03/23/the-future-of-c-code-review/ [02:15:03] Microsoft Exchange Server-Side Request Forgery [CVE-2021-26855] https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-26855.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Time to rewrite Linux in Rust? Probably not, but it has landed in linux-next which we talked about. We also look at a couple interesting GitHub vulns, and talk about fuzzing. [00:00:28] Rust in the Linux Kernel https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/rust?id=c77c8025525c36c9d2b9d82e4539403701276a1dhttps://www.youtube.com/watch?v=FFjV9f_Ub9o&t=2066shttps://lkml.org/lkml/2020/7/9/952https://lkml.org/lkml/2020/7/10/1261 [00:13:40] Two Undocumented Instructions to Update Microcode Discovered https://twitter.com/_markel___/status/1373059797155778562 [00:19:06] DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS https://palant.info/2021/03/15/duckduckgo-privacy-essentials-vulnerabilities-insecure-communication-and-universal-xss/ [00:26:46] Abusing VoIPmonitor for Remote Code Execution https://www.rtcsec.com/post/2021/03/bug-discovery-diaries-abusing-voipmonitor-for-remote-code-execution/ [00:32:18] Stealing arbitrary GitHub Actions secrets https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html [00:40:29] How we found and fixed a rare race condition in our session handling https://github.blog/2021-03-18-how-we-found-and-fixed-a-rare-race-condition-in-our-session-handling/ [00:49:05] GitLab - Ability To Delete User(s) Account Without User Interaction https://hackerone.com/reports/928255 [00:52:49] New Old Bugs in the Linux Kernel https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.htmlhttps://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.03.12-linux-iscsi [01:00:33] Fuzzing: FastStone Image Viewer [CVE-2021-26236] https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236/ [01:06:53] A Replay-Style Deserialization Attack Against SharePoint [CVE-2021-27076] https://www.thezdi.com/blog/2021/3/17/cve-2021-27076-a-replay-style-deserialization-attack-against-sharepoint [01:12:38] One day short of a full chain: Part 2 - Chrome sandbox escape https://securitylab.github.com/research/one_day_short_of_a_fullchain_sbx [01:18:58] Code execution in Wireshark via non-http(s) schemes in URL fields https://gitlab.com/wireshark/wireshark/-/issues/17232 [01:21:59] Attacking and Defending OAuth 2.0 (Part 2 of 2: Attacking OAuth 2.0 Authorization Servers) https://www.praetorian.com/blog/attacking-and-defending-oauth-2/ [01:30:37] Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace https://blog.trailofbits.com/2021/03/19/un-bee-lievable-performance-fast-coverage-guided-fuzzing-with-honeybee-and-intel-processor-trace/ [01:42:00] Pulling Bits From ROM Silicon Die Images: Unknown Architecture https://ryancor.medium.com/pulling-bits-from-rom-silicon-die-images-unknown-architecture-b73b6b0d4e5d [01:42:28] 0dayfans.com https://0dayfans.com/https://github.com/dayzerosec/feedgenhttps://shop.spreadshirt.com/dayzerosec/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible. [00:00:32] Critics fume after Github removes exploit code for Exchange vulnerabilities https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/https://borncity.com/win/2021/03/14/gab-es-beim-exchange-massenhack-ein-leck-bei-microsoft/ [00:09:21] CCTV: Now You See Me, Now You Don't https://research.aurainfosec.io/v380-ip-camera/ [00:13:47] CSRF to RCE Chain in Zabbix [CVE-2021-27927] https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce [00:19:44] Stealing Froxlor login credentials using dangling markup [CVE-2020-29653] https://labs.detectify.com/2021/03/10/cve-2020-29653-stealing-froxlor-login-credentials-dangling-markup/ [00:25:29] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://github.com/gitster/git/commit/684dd4c2b414bcf648505e74498a608f28de4592 [00:30:49] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 [00:33:37] Dell OpenManage Server Administrator File Read [CVE-2020-5377] https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/ [00:38:55] Windows Containers: ContainerUser has Elevated Privileges https://bugs.chromium.org/p/project-zero/issues/detail?id=2127 [00:40:18] Windows Containers: Host Registry Virtual Registry Provider Bypass EoP https://bugs.chromium.org/p/project-zero/issues/detail?id=2129 [00:42:34] F5 Big IP - ASM stack-based buffer overflow in is_hdr_criteria_matches https://bugs.chromium.org/p/project-zero/issues/detail?id=2132 [00:48:59] F5 Big IP - TMM uri_normalize_host infoleak and out-of-bounds write https://bugs.chromium.org/p/project-zero/issues/detail?id=2126 [00:59:37] One day short of a full chain: Part 1 - Android Kernel arbitrary code execution https://securitylab.github.com/research/one_day_short_of_a_fullchain_android [01:08:07] Exploiting a “Simple” Vulnerability, Part 2 – What If We Made Exploitation Harder? https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder [01:09:11] Playing in the (Windows) Sandbox https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/ [01:09:39] Regexploit: DoS-able Regular Expressions https://blog.doyensec.com/2021/03/11/regexploit.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

This week we get to take a look into some basic heap grooming techniques as we examine multiple heap overflows. We also briefly discuss the hand-on (by the DoD and Synack) assessment of the "unhackable" morpheus chip, and briefly discuss the new-ish paper claiming to defeat RSA. [00:00:53] "This destroys the RSA cryptosystem." - Fast Factoring Integers by SVP Algorithms https://eprint.iacr.org/2021/232https://github.com/lducas/SchnorrGate [00:06:55] DARPA pitted 500+ hackers against this computer chip. The chip won. https://cse.engin.umich.edu/stories/morpheus-vs-everybodyhttps://www.reddit.com/r/HowToHack/comments/bl9qo3/morpheus_chip/empsclt/?context=10 [00:18:10] SaltStack API vulnerabilities https://dozer.nz/posts/saltapi-vulnshttps://github.com/saltstack/salt/blob/08fe46365f92583ea875f9e4a8b2cb5305b34e4b/salt/client/ssh/client.py#L72 [00:22:57] An Interesting Feature in the Samsung DSP Driver https://www.synacktiv.com/en/publications/an-interesting-feature-in-the-samsung-dsp-driver.html [00:30:50] Pre-Auth Remote Code Execution in VMware ESXi [CVE-2020-3992 CVE-2021-21974] https://www.thezdi.com/blog/2021/3/1/cve-2020-3992-amp-cve-2021-21974-pre-auth-remote-code-execution-in-vmware-esxi [00:39:05] Defeating the TP-Link AC1750 https://www.synacktiv.com/en/publications/pwn2own-tokyo-2020-defeating-the-tp-link-ac1750.html [00:44:52] Anatomy of an Exploit: RCE with CVE-2020-1350 SIGRed https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred [00:57:11] Yet another RenderFrameHostImpl UAF https://microsoftedge.github.io/edgevr/posts/yet-another-uaf/ [01:03:16] Webkit AudioSourceProviderGStreamer use-after-free vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1172 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

This week we talk a bit about newly released Black Hat 2020 and NDSS 2021 presentation videos, before jumping into several pre-auth RCEs, and some interesting exploitation research to bring a PAC enforced Shadow Stack to ARM and an examination of JSON parser interoperability issues. [00:00:41] Microsoft open sources CodeQL queries used to hunt for Solorigate activity https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/https://github.com/github/codeql/pull/5083/commits/5e1e27c2b6b3429623b66531d4fe0b090e70638a [00:04:16] Black Hat USA 2020 https://www.youtube.com/playlist?list=PLH15HpR5qRsXE_4kOSy_SXwFkFQre4AV_https://www.youtube.com/c/NDSSSymposium/search?query=NDSS+2021 [00:13:56] Cookie poisoning leads to DOS and Privacy Violation https://hackerone.com/reports/1067809 [00:16:37] Unauthorized RCE in VMware vCenter https://swarm.ptsecurity.com/unauth-rce-vmware/ [00:20:01] A Fifteen-Year-Old RCE Bug Returns in ISC BIND Server [CVE-2020-8625] https://www.thezdi.com/blog/2021/2/24/cve-2020-8625-a-fifteen-year-old-rce-bug-returns-in-isc-bind-server [00:25:42] Arbitrary File Write on packagecontrol.io (Sublime Text) https://bugs.chromium.org/p/project-zero/issues/detail?id=2163 [00:30:31] [Uber] PreAuth RCE on Palo Alto GlobalProtect https://hackerone.com/reports/540242http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html [00:35:26] The little bug that couldn't: Securing OpenSSL https://github.blog/2021-02-25-the-little-bug-that-couldnt-securing-openssl/ [00:41:49] PACStack: an Authenticated Call Stack https://www.usenix.org/conference/usenixsecurity21/presentation/liljestrand [00:56:29] An Exploration of JSON Interoperability Vulnerabilities https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities [01:03:59] Top 10 web hacking techniques of 2020 https://portswigger.net/research/top-10-web-hacking-techniques-of-2020 [01:05:50] OST 2.0 Beta Spots Open https://twitter.com/XenoKovah/status/1366224804639031299 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

A couple privacy violations, PDF exploits, and a complicated API being misused by developers. [00:00:48] Brave browser leaks onion addresses in DNS traffic https://ramble.pw/f/privacy/2387 [00:07:05] Tales of Favicons and Caches: Persistent Tracking in Modern Browsers https://www.ndss-symposium.org/ndss-paper/tales-of-favicons-and-caches-persistent-tracking-in-modern-browsers/ [00:18:12] Shadow Attacks: Hiding and Replacing Content in Signed PDFs https://www.ndss-symposium.org/ndss-paper/shadow-attacks-hiding-and-replacing-content-in-signed-pdfs/ [00:28:20] Getting Information Disclosure in Adobe Reader Through the ID Tag https://www.thezdi.com/blog/2021/2/17/zdi-21-171-getting-information-disclosure-in-adobe-reader-through-the-id-tag [00:32:42] Middleware everywhere and lots of misconfigurations to fix https://labs.detectify.com/2021/02/18/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/ [00:43:05] GPGme used confusion, it's super effective ! https://www.synacktiv.com/en/publications/gpgme-used-confusion-its-super-effective.html [00:51:58] Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions https://emvrace.github.io [01:01:11] Hunting for bugs in Telegram's animated stickers remote attack surface https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/ [01:08:03] Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits https://arxiv.org/abs/2102.07869v1 [01:20:27] Model Skewing Attacks on Machine Learning Models https://payatu.com/blog/nikhilj/sec4ml-machine-learning-model-skewing-data-poisoning [01:21:37] Future of Exploit Development - 2021 and Beyond https://www.youtube.com/watch?v=o_hk9nh8S1M Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

"Beg Bounty" hunters, dependency confusion, iOS kernel vuln, and how not to respond to security research. [00:00:59] Florida Water Treatment Facility Hacked https://twitter.com/Bing_Chris/status/1358873543623274499 [00:09:19] Have a domain name? "Beg bounty" hunters may be on their way https://news.sophos.com/en-us/2021/02/08/have-a-domain-name-beg-bounty-hunters-may-be-on-their-way/amp/ [00:20:14] FootFallCam and MetaTechnology Drama https://twitter.com/_MG_/status/1359582048260743169 [00:28:33] Telegram privacy fails [CVE-2021-27204] [CVE-2021-27205] https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html [00:36:43] Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 [00:44:33] Exploiting a Second-Order SQL Injection in LibreNMS [CVE-2020-35700] https://www.horizon3.ai/disclosures/librenms-second-order-sqli [00:50:46] Swarm of Palo Alto PAN-OS vulnerabilities https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/ [00:56:25] Advantech iView Missing Authentication RCE [CVE-2021-22652] https://blog.rapid7.com/2021/02/11/cve-2021-22652-advantech-iview-missing-authentication-rce-fixed/ [01:02:30] Windows kernel zero-day exploit [CVE-2021-1732] https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/ [01:08:50] Analysis and exploitation of the iOS kernel vulnerability [CVE-2021-1782] https://www.synacktiv.com/publications/analysis-and-exploitation-of-the-ios-kernel-vulnerability-cve-2021-1782 [01:20:10] Misusing Service Workers for Privacy Leakage https://www.ndss-symposium.org/ndss-paper/awakening-the-webs-sleeper-agents-misusing-service-workers-for-privacy-leakage/ [01:27:53] security things in Linux v5.8 https://outflux.net/blog/archives/2021/02/08/security-things-in-linux-v5-8/ [01:40:42] Linux Heap Exploitation - Part 2 https://www.udemy.com/course/linux-heap-exploitation-part-2/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

A lot of discussion this week about OSS security and security processes, an iOS kernel type confusion and MediaTek Bootloader bypass impacting everything since atleast 2014. [00:04:54] Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html [00:15:18] Launching OSV - Better vulnerability triage for open source https://security.googleblog.com/2021/02/launching-osv-better-vulnerability.html [00:22:38] Most Common Bugs of 2021 So Far https://www.bugcrowd.com/blog/common-bugs-of-2021/ [00:31:59] Exploiting the Nespresso smart cards for fun and coffee https://pollevanhoof.be/nuggets/smart_cards/nespresso [00:39:10] Spoofing and Attacking With Skype https://blog.thecybersecuritytutor.com/spoofing-and-attacking-with-skype/ [00:45:01] Getting root on webOS https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html [00:51:31] Applying Offensive Reverse Engineering to Facebook Gameroom https://spaceraccoon.dev/applying-offensive-reverse-engineering-to-facebook-gameroom [00:59:36] Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered [01:06:32] MTK Bypass Universal https://megafon929.github.io/mtk [01:14:13] Project Zero: iOS Kernel privesc with turnstiles [CVE-2020-27932] https://googleprojectzero.blogspot.com/p/rca-cve-2020-27932.htmlhttps://googleprojectzero.blogspot.com/p/rca.html [01:21:41] Why Security Defects Go Unnoticed during Code Reviews? http://amiangshu.com/papers/paul-ICSE-2021.pdf Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)