In this bounty episode, some straightforward bugs were disclosed in GhostCMS and ClamAV, and Portswigger publishes their top 10 list of web hacking techniques from 2023.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/243.html
[00:00:00] Introduction
[00:02:15] Ghost CMS Stored XSS Leading to Owner Takeover [CVE-2024-23724]
[00:16:07] ClamAV Not So Calm [CVE-2024-20328]
[00:21:00] Top 10 web hacking techniques of 2023
[00:44:46] Hacking a Smart Home Device
[00:48:15] Cloud cryptography demystified: Amazon Web Services
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Memory Corruption: Best Tackled with Mitigations or Safe-Languages
[discussion] A Retrospective and Future Look Into DAY[0]
[binary] Bypassing KASLR and a FortiGate RCE
[bounty] RCE'ing Mailspring and a .NET CRLF Injection
[binary] Future of Exploit Development Followup
[bounty] libXPC to Root and Digital Lockpicking
[binary] Binary Ninja Free and K-LEAK
[bounty] Hacking Google AI and SAML
[binary] Rust Memory Corruption???
[bounty] A PHP and Joomla Bug and some DOM Clobbering
[binary] Linux Burns Down CVEs
[binary] kCTF Changes, LogMeIn, and wlan VFS Bugs
[bounty] The End of a DEFCON Era and Flipper Zero Woes
[binary] The Syslog Special
[bounty] Public Private Android Keys and Docker Escapes
[binary] Busted ASLR, PixieFail, and Bypassing HVCI
[bounty] Reborn Homograph Attacks and Ransacking Passwords
[binary] Bypassing Chromecast Secure-Boot and Exploiting Factorio
[bounty] A GitLab Account Takeover and a Coldfusion RCE
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
A Prairie Home Companion: News from Lake Wobegon