Day[0]

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube [00:00:40] What happened while we were gone. ft. Defcon and Blackhat discussion [00:20:10] Checkm8 - iPhone bootROM exploit [00:28:52] iPhone A11 debug registers allow full-featured kernel debugging [00:32:52] Android: Use-After-Free in Binder driver https://groups.google.com/forum/#!msg/syzkaller-bugs/QyXdgUhAF50/g-FXVo1OAwAJ [00:39:36] PHP 7.0-7.3 disable_functions bypass https://bugs.php.net/bug.php?id=72530 [00:51:49] An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples https://cwe.mitre.org/data/definitions/20.html [01:03:18] Signal RTP is processed before call is answered https://bugs.chromium.org/p/project-zero/issues/detail?id=1943 [01:08:47] Whatsapp RCE [01:14:58] Attacking CNN-based anti-spoofing face authentication in the physical domain [01:22:52] The Kernel Concurrency Sanitizer (KCSAN) [01:30:36] Eradicating Attacks on the Internal Network with Internal Network Policy [01:39:22] Analyzing Control Flow Integrity with LLVM-CFI

This will be our last episode until the fall, but once we are back you can catch the DAY[0] podcast on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec [00:00:50] This will be our last episode until the fall. [00:02:50] Thoughts on the Advanced Web Attacks and Exploitation (AWAE) Course, and the Offensive Security Web Expert (OSWE) certification [00:32:05] r/AskNetsec - New windows LPE from non-admin :) - From SandboxEscaper [00:45:20] First American Financial Corp. compromise [00:53:48] Google admits storing G Suite user passwords in plain text for 14 years [01:02:27] Safety vs. Security: Attacking Avionic Systems with Humans in the Loop [01:17:30] Malware Guard Extension: Using SGX to Conceal Cache Attacks [01:25:04] Biometric Backdoors: A Poisoning Attack Against Unsupervised Template Updates [01:36:45] MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows [01:46:59] Hey Google, What Exactly Do Your Security Patches Tell Us?A Large-Scale Empirical Study on Android Patched Vulnerabilities [02:03:35] MAC OSX Gatekeeper Bypass [02:10:47] RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec [00:01:55] Frida 12.5 Released [00:08:17] Damn Vulnerable Crypto Wallet [00:16:40] Thangry Cat: https://😾😾😾.fm/ [00:23:11] Micro-Architectural Data Sampling Attacks ZombieLoad RIDL paper Fallout paper Red Hat Overview Video [00:56:24] Update to Security Incident [May 17, 2019] - Stack Overflow Blog [01:04:00] Global Takedown Shows the Anatomy of a Modern Cybercriminal Supply Chain [01:15:12] How Hackers Broke WhatsApp With Just a Phone Call CVE-2019-3568 [01:26:53] Over 25,000 Linksys Smart Wi-Fi Routers Vulnerable to Sensitive Information Disclosure [01:34:01] Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec [00:00:30] Unhackable: New chip stops attacks before they start [00:15:00] DeepCheck: A Non-intrusive Control-flow Integrity Checking based... [00:25:54] Queue the Hardening Enhancements [00:50:18] For Cybersecurity, Computer Science Must Rely on Strong Types [00:57:43] A Novel Side-Channel in Real-Time Schedulers [01:04:55] MAVSec: Securing the MAVLink Protocol [01:10:39] Domain Specific Code Smells in Smart Contracts [01:18:56] Over 275 Million Records Exposed by Unsecured MongoDB Database [01:38:02] Applied Risk :: Advisories [01:53:50] Alpine Linux Dockerimage contains a NULL root password [01:59:01] Linux Kernel Race Condition and UAF [02:05:44] Arbitrary file read vulnerability in HackerRank

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec [00:00:30]r/GlobalOffensive: PSA: Security issue regarding lobbies and games [00:11:30]Vita Exploit [00:20:05]Indie Game Removed From Switch eShop [00:34:40]Eight Devices, One Exploit [00:47:30]Remote Code Execution on most Dell computers [00:56:35]All Firefox extensions disabled due to expiration of intermediate signing cert [01:15:10]A hacker is wiping Git repositories and asking for a ransom | ZDNet [01:38:25]Typer vs. CAPTCHA: Private information based CAPTCHA to defend against crowdsourcing human cheating [01:50:50]36 Year old Kernel stack disclosure bug in UFS/FFS [02:00:52]You Only Propagate Once: Painless Adversarial Training [02:05:55]The Risks of WebGL: Analysis, Evaluation and Detection [02:18:55]InternalBlue: Bluetooth Binary Patching and Experimentation Framework [02:27:30]IRONHIDE: A Secure Multicore Architecture that Leverages Hardware Isolation Against Microarchitecture State Attacks Extra Links: - h-encore exploit (old Vita exploit) - InternalBlue CCC talk

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec [00:00:30] - Physical Adversarial Textures that Fool Visual Object Tracking [00:04:30] - DPatch: An Adversarial Patch Attack on Object Detectors [00:11:45] - Side-Channel Attack to Extract ECDSA Private Keys from Qualcom Hardware-Based Keystore [00:19:40] - For PayPal security team,“get user balances and transaction details" is not a vulnerability [00:26:05] - "CI Knew There Would Be Bugs Here" - Exploring Continuous Integration [00:40:10] - Hacker Finds They Can Kill Car Engines After Breaking Into GPS Tracking Device [00:50:25] - Security baseline (DRAFT) for Windows 10 v1903 [00:58:25] - Security Analysis of Near-Field Communication (NFC) Payments [01:12:10] - Docker Hub Hacked – 190k accounts, GitHub tokens revoked, Builds disabled [01:18:50] - eGobbler - malvertising campaign exploits zero-day Chrome bug [01:32:15] - New backdoor inspired by leaked NSA malware [01:39:60] - Mueller report: Russia hacked state databases and voting machines [01:54:10] - New Technique Uses Power Anomalies to ID Malware in Embedded Systems

[00:00:31] - https://blogs.grammatech.com/open-source-tools-for-binary-analysis-and-rewriting [00:05:31] - https://arxiv.org/abs/1904.07280 [00:13:51] - https://www.zdnet.com/article/security-researcher-malwaretech-pleads-guilty/ [00:21:12] - https://www.zdnet.com/article/facebook-admits-to-storing-plaintext-passwords-for-millions-of-instagram-users/ [00:25:34] - https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html [00:31:36] - https://pdfpiw.uspto.gov/.piw?docid=10262138&SectionNum=1&IDKey=0229F1C38B5D [00:39:02] - https://arxiv.org/abs/1904.07370 [00:53:05] - https://github.com/vusec/kmvx [01:04:45] - Discussion on valuation of an exploit [01:08:05] - https://arxiv.org/abs/1904.07550 [01:16:02] - https://arxiv.org/abs/1904.08653 [01:24:36] - https://blog.underdogsecurity.com/rce_in_origin_client/ [01:35:14] - https://threatpost.com/windows-zero-day-active-exploits/143820/ [01:40:18] - https://www.ghacks.net/2019/04/16/adblock-plus-filter-exploit-to-run-arbitrary-code-discovered/ [01:47:26] - https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/ [01:50:47] - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec [00:00:37] - Huawei Cyber Security Evaluation Report [00:14:22] - Assange Arrest [00:24:55] - Matrix Compromise [00:32:20] - Outlook Compromise [00:43:39] - Ghidra Source Release [00:49:18] - Relyze 3 Beta (Another Free Decompiler) [00:56:30] - Fracker (New PHP Tool) [01:01:11] - Discussion about EncryptCTF and challenge design [01:25:24] - Dragonblood/WPA3 Vulnerabilities [01:32:21] - CVE-2019-0211 Apache Root Privilege Escalation [01:41:27] - Detailing of CVE-2019-1636 and CVE-2019-6739 in QT [01:49:47] - Splitting Atoms in XNU [02:06:39] - PostgreSQL is it a CVE? [02:11:41] - RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks [02:26:45] - The ROP Needle: Hiding Trigger-based Injection Vectors via Code Reuse [02:29:30] - Assessing Unikernel Security

00:01:10 Sunshine CTF 00:10:27 Question Discussion: Opinions regarding CTF's vs. Real World Exploits 00:24:15 ENCRYPT CTF Discussion 00:31:25 Pwn2Own 2019 (P2O) and Tesla Hacking 00:41:25 Tricking Tesla Autopilot 00:56:45 Ghidra 9.0.1 Release 00:59:30 Commando VM 01:06:50 PoC||GTFO 0x19 01:13:20 ASUS Update Tool Backdoor 01:19:05 Windows Defender APC Code Injection Sensors 01:22:55 BSEA-1 - A Stream Cipher Backdooring Technique 01:32:40 LockerGoga Randomware Vaccination 01:37:40 Hearing your touch: A new acoustic side channel on smartphones 01:43:05 Keybase is not softer than TOFU 01:48:30 Exploitation Techniques and Defenses for Data-Oriented Attacks 01:56:00 Restricting Control Flow During Speculative Execution with Venkman Additional Links: Sunshine CTF Writeups Attacking Javascript Engines Phrack Article

00:00:50 Ghidra from XXE to RCE 00:08:50 Cutter (Radare2) Release 00:15:00 Daenerys IDA Pro and Ghidra Interoperability Framework 00:22:00 IDA Educational Release 00:39:35 Windows Defender on MacOS 00:59:20 A new Windows 10 KASLR Bypass 01:11:07 EVMFuzz Fuzzing Ethereum Virtual Machines 01:30:10 Researchers find 36 new security flaws in LTE Protocol 01:45:50 Facebook logging plaintext passwords Other Interesting Links: SecurityInnovation Blockchain CTF Analysis of a Chrome Zero-Day (CVE-2019-5786) Writeup