Day[0]

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])   [00:01:18] Last Episode of the Year [00:01:36] Real-World Bug Hunting: A Field Guide to Web Hacking http://www.phrack.org/papers/attacking_javascript_engines.html [00:11:29] President's Cup [00:24:20] Better Password Protections [in Chrome] [00:30:18] Apple DMCA's SEP Key https://en.wikipedia.org/wiki/Illegal_number [00:36:59] Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers [00:48:50] Camouflage: Hardware-assisted CFI for the ARM Linux kernel [01:00:37] Binary Planting with the npm CLI [01:04:55] Plundervolt [01:17:35] Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) [01:24:09] AirDoS: Remotely render any nearby iPhone or iPad unusable [01:26:24] Digital Lockpicking - Stealing Keys to the Kingdom (KeyWe Smart Lock) https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception [01:31:44] SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4 [01:39:05] Maddie Stone: Whatsup with WhatsApp: A Detailed Walk Through of Reverse Engineering CVE-2019-3568 [01:46:37] Client-side Vulnerabilities in Commercial VPNs [01:54:50] A Technical Review of Connected Toy Security https://www.which.co.uk/news/2019/12/kids-karaoke-machines-and-smart-toys-from-mattel-and-vtech-among-those-found-to-have-security-flaws-in-a-which-investigation/ [02:07:43] Interactive Buffer Overflow Exploitation https://github.com/bordplate/js86 https://nagarrosecurity.com/blog/interactive-rop-tutorial

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])   [00:02:59] Android Permanent DoS (CVE-2019-2232) [00:08:09] Inferring and hijacking VPN-tunneled TCP connections (CVE-2019-14899) [00:16:00] An Update on Android TLS Adoption [00:25:11] Mozilla and Opera remove Avast extensions from their add-on stores https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/ [00:43:05] Tron: Evolution SecuROM DRM expiration makes game unplayable 9 years after release [00:50:12] Millions of Americans at Risk After Huge Data and SMS Leak [00:54:14] Nebraska Medicine Breached by Rogue Employee [00:56:56] Practical Pentest Labs stores passwords in plaintext [01:05:07] Incident Report | 2019-11-24 Account Takeover via Disclosed Session Cookie [01:13:28] Authentication vulnerabilities in OpenBSD (CVE-2019-19521) [01:24:36] Symantec Endpoint Protection Local Privilege Escalation (CVE-2019-12750) [01:30:09] Omron PLC Denial-of-Service as a Feature https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H https://github.com/Ox6e3062306479/omron/blob/master/cj2m.fins.dos.py [01:38:35] FIRST CONTACT: New vulnerabilities in contactless payments [01:46:39] Fuzzing Sega Genesis Emulators [01:50:30] Verifiable Voting Primer https://www.youtube.com/watch?v=LkH2r-sNjQs

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])   [00:02:08] Protecting users from government-backed hacking and disinformation [00:10:23] ENISA threat landscape for 5G Networks [00:16:13] EU raises eyebrows at possible US encryption ban [00:24:16] You watch TV. Your TV watches back. [00:34:44] CWE - Top 25 https://cwe.mitre.org/top25/archive/2011/2011_cwe_sans_top25.html [00:46:58] LPE in K7 Security Anti-Virus (CVE-2019-16897) [00:47:09] Weak Crypto in Forinet Products [01:01:37] CVE-2019-11932 (double free in libpl_droidsonroids_gif) many apps vulnerable https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263 [01:04:32] Max Secure Anti Virus Plus - 19.0.4.020 / CVE-2019-19382 Insecure Permissions [01:10:41] Synology DSM Remote Command Injection [01:16:45] SpoC: Spoofing Camera Fingerprints [01:24:44] Defending Against Adversarial Machine Learning [01:34:21] Can Attention Masks Improve Adversarial Robustness? [01:38:58] Hidviz [01:41:05] IDA 7 Demo Release [01:47:54] Windows Terminal (Preview) 0.7 Release

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])   [00:00:35] PagedOut #2 [00:07:38] Black Friday Deals to watch out for [00:17:59] Official Monero website is hacked to deliver currency-stealing malware [00:26:30] Managing Risk from Transport Lay Security Inspection [00:40:55] US student was allegedly building a custom Gentoo Linux distro for ISIS [00:48:41] Google Outlines Plans for Mainline Linux Kernel Support in Android [00:55:12] Introducing Flan Scan [00:59:44] Expanding Android Security Rewards [01:05:26] Updates to the Mozilla Web Security Bounty Program [01:07:59] XSS in GMail’s AMP4Email via DOM Clobbering [01:17:32] VNC Vulnerabilities (LibVNC, TightVNC, TurboVNC and UltraVNC) [01:26:22] Arbitrary file capture in Kaspersky Total Security 2019 [01:30:43] Bad binder: Android In-The-Wild Exploit [01:36:03] Building Fast Fuzzers https://github.com/gamozolabs/fzero_fuzzer [01:49:47] The Performance of Machine and Deep Learning Classifiers in Detecting Zero-Day Vulnerabilities [02:02:08] PARAM: A Microprocessor Hardened for Power Side-Channel Attack Resistance

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0]) [00:02:09] Thousands of hacked Disney+ accounts are already for sale [00:06:33] Faking an iVote decryption proof [00:16:20] "robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests." [00:30:13] "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file" [00:35:42] HHVM Security Update [00:38:18] Symantec Endpoint Protection - Self-Defense Bypass - CVE-2019-12758 [00:38:27] McAfee - All Editions - Self-Defense Bypass - CVE-2019-3648 [00:43:26] Imperceptible Adversarial Attacks on Tabular Data [00:48:48] 5GReasoner: A Property-Directed Security and Privacy AnalysisFramework for 5G Cellular Network Protocol [00:55:26] Fuzzing Qualcomm Secure Execution Environment and CVE-2019-10574 [01:00:32] TPM-Fail [01:08:54] Mitigations for Jump Conditional Code Erratum [01:14:35] More MDS Attacks [01:22:55] Tianfu Cup [01:27:48] Protecting against code reuse in the Linux kernel with Shadow Call Stack [01:34:04] Security things in Linux v5.3 [01:50:36] A Security Perspective on Unikernels [01:54:26] Announcing GitHub Security Lab: securing the world's code, together [02:09:32] Huawei introduces new invite-only bug bounty program [02:12:37] Interpol plans to condemn encryption spread, citing predators, sources say https://www.youtube.com/watch?v=VPBH1eW28mo [02:17:33] How a turf war and a botched contract

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])   [1573502643] Blog launched, stream schedule, discord [1573503151] Pwn2Own Tokyo 2019 [1573503418] Blog launched, stream schedule, discord [00:01:56] Pwn2Own Tokyo 2019 https://www.zerodayinitiative.com/Pwn2OwnTokyo2019Rules.html [00:07:22] Pwn2Own Tokyo 2019 [00:08:46] Google Begins Testing Extension manifest v3 in Chrome Canary [00:12:03] Rogue Trend Micro Employee Sold Customer Data for 68K Accounts [00:14:54] The DoJ charges former Twitter employees for allegedly accessing thousands of accounts on behalf of Saudi Arabia. [00:23:02] OpenTitan – Open sourcing transparent, trustworthy, and secure silicon https://arstechnica.com/information-technology/2019/11/newly-discovered-titanium-backdoor-employs-clever-ways-to-go-undetected/ [00:26:34] OpenTitan – Open sourcing transparent, trustworthy, and secure silicon [00:29:33] Sandboxie transitioning to open source https://arstechnica.com/information-technology/2019/11/newly-discovered-titanium-backdoor-employs-clever-ways-to-go-undetected/ https://securelist.com/titanium-the-platinum-group-strikes-again/94961/ https://arstechnica.com/information-technology/2019/11/newly-discovered-titanium-backdoor-employs-clever-ways-to-go-undetected/ [00:44:06] Facebook Groups API flaw exposed data to 100 developers [00:47:47] Laser-Based Audio Injection on Voice-Controllable Systems [00:54:07] Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems [00:54:20] Laser-Based Audio Injection on Voice-Controllable Systems [00:57:11]

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])   [00:05:23] Apple v. Corellium [00:12:04] Firefox to Discontinue Sideloaded Extensions [00:16:52] Delegated Credentials for TLS [00:23:02] North Korean Malware Found on Indian Nuclear Plant's Network [00:28:20] The Pirate Bay Downtime Caused by Malicious Search Queries [00:29:30] Web.com Breach (allegedly includes NetworkSolutions.com and Register.com) [00:32:28] BlueKeep attacks are happening, but it's not a worm https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ [00:36:13] Untitled Goose Game - Insecure Deserialization [00:39:58] Two Chrome 0Days get Patched [00:42:45] NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114] [00:45:43] Abusing HTTP Hop-by-hop Request Headers [00:50:54] Let's Make Windows Defender Angry: Antivirus Can be an Oracle! -icchy https://en.wikipedia.org/wiki/EICAR_test_file [00:56:54] rConfig v3.9.2 authenticated and unauthenticated RCE (CVE-2019-16663) and (CVE-2019-16662) [01:02:26] Making an Invisibility Cloak: Real World Adversarial Attacks on Object Detectors [01:07:26] Silhouette: Efficient Intra-Address Space Isolation for Protected Shadow Stacks on Embedded Systems [01:19:46] unfork(2) [01:23:51] Destroying x86_64 instruction decoders with differential fuzzing https://github.com/zyantific/zydis

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])   [00:00:49] NordVPN's Response to Private Certificate Breach Discussed Last Week https://nordvpn.com/blog/security-plan/ [00:12:31] AWS Hit By major DDOS Attack https://status.digitalocean.com/incidents/1z3kmlvz69v6 [00:14:43] Seven Million Adobe Creative Cloud Accounts Exposed to the Public [00:25:24] Travel Reservations Platform Leaks US Government Personnel Data [00:30:09] Joe Rogan Experience #1368 - Edward Snowden [00:48:38] Technical Analysis of Checkm8 https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html [00:55:51] Cache Poisoned Denial of Service (CPDoS) [01:08:27] CVE-2019-11043 - PHP-FPM (potential) RCE https://github.com/neex/phuip-fpizdam/blob/master/attack.go [01:20:44] Light Ears: Information Leakage via Smart Lights [01:27:57] Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, … [01:33:28] Bringing ICS into the Pwn2Own World [01:37:39] Analysis of Qualcomm Secure Boot Chains [01:39:56] Microsoft Secured-Core PC [01:47:46] Guarding Against Physical Attacks: The Xbox One Story

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])   [00:01:29] Sudo: CVE-2019-14287 [00:08:40] Buffer overflow in Realtek Wi-Fi chips [00:17:13] US Law Enforcement Traces Bitcoin Transfers to Nab ‘Largest’ Child Porn Site [00:39:45] Equifax Using admin:admin as Credentials for Sensitive Information [00:48:40] CenturyLink Data Leak of 2.8 Million Records [00:56:37] NordVPN Reportedly Compromised https://crt.sh/?q=nordvpn.com [00:59:07] NordVPN Reportedly Compromised https://twitter.com/hexdefined/status/1185974575214940161 https://nordvpn.com/ https://thatoneprivacysite.net/ [01:07:45] Pop_OS 19.10 [01:13:26] JSFuzz [01:19:08] Site Isolation improvement (and now on Android) [01:22:54] A New Memory Type Against Speculative Side Channel Attacks [01:30:06] oo7: Low-overhead Defense against Spectre Attacks via Program Analysis [01:38:37] UK Government to fund development of attack resistant Arm chips [01:46:59] Germany's Cyber Security Agency Recommends Firefox as Most Secure Browser [02:01:36] Facebook Expanding Bug Bountry Program to Third-Party Apps https://www.facebook.com/whitehat/info/ [02:04:14] ElectionGuard SDK Bug Bounty https://www.youtube.com/watch?v=w3_0x6oaDmI https://www.youtube.com/watch?v=BYRTvoZ3Rho https://www.microsoft.com/en-us/msrc/bounty-electionguard

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube   [00:03:00] Critical Security Issue identified in iTerm2 as part of Mozilla Open Source Audit  iTerm2 Patch [00:11:24] Windows Error Reporting Manager arbitrary file move Elevation of Privilege (CVE-2019-1315)  James Forshaw  A Link To The Past.pdf [00:16:12] CVE-2019-8697: MacOS System Escalation via Disk Management  https://www.zerodayinitiative.com/blog/2019/10/3/cve-2019-8697-macos-system-escalation-via-disk-management [00:20:20] Apple Zero Day Exploited in Bitpaymer Campaign [00:25:50] BrokenStrokes: On the (in)Security of Wireless Keyboards [00:31:53] PS2 Yabasic Exploit  Exploit Writeup [00:40:12] Imperva Breach Report [00:49:23] EU-coordinated risk assessment of 5G network security  https://eeas.europa.eu/delegations/united-states-america/68637/eu-coordinated-risk-assessment-5g-network-security_me [00:55:11] Measuring Attack Surface Reduction in the Presence of Code (Re-)Randomization  https://arxiv.org/abs/1910.03034 [01:04:46] Finding Security Threats That Matter: An Industrial Case Study [01:16:47] An Extended Survey on Vehicle Security [01:21:56] Zydis 3.0 Released (x86-64 disassembler library)  https://github.com/zyantific/zydis [01:25:54] IDA 7.4 [01:28:38] Government interference in Australia's premier cybersecurity conference is a worry [01:33:16] uBlock dev build rejected [01:39:19] Ken Thompson's Unix Password [01:44:04] Humble Bundle