This week's binary episode features a range of topics from discussion on Pwn2Own's first automotive competition to an insane bug that broke ASLR on various Linux systems. At the lower level, we also have some bugs in UEFI, including one that can be used to bypass Windows Hypervisor Code Integrity mitigation.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/238.html
[00:00:00] Introduction
[00:02:40]
37C3: Unlocked
- media.ccc.de
[00:08:15] Zero Day Initiative — Pwn2Own Automotive 2024 - Day One Results
[00:16:35] ASLRn’t: How memory alignment broke library ASLR
[00:22:47] Unleashing ksmbd: remote exploitation of the Linux kernel (ZDI-23-979, ZDI-23-980)
[00:26:33] PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.
[00:31:10] Hunting down the HVCI bug in UEFI
[00:35:51] A Deep Dive into V8 Sandbox Escape Technique Used in In-The-Wild Exploit
[00:37:32] Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution - Exodus Intelligence
[00:38:38] OffSec EXP-401 Advanced Windows Exploitation (AWE) - Course Review
[00:44:56] Dumping GBA ROMs from Sound
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Bad Patches, Fuzzing Sockets, & 3DS Hacked by Super Mario
Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering
Pwn2own, Linux Kernel Exploits, and Malicious Mail
Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat
Google exposes an APT campaign, PHP owned, and Several Auth Issues
Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!
Hacking Cameras, Stealing Logins, and Breaking Git
Buggy Browsers, Heap Grooming, and Broken RSA?
BlackHat USA, Pre-Auth RCEs, and JSON Smuggling
PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking
Industrial Control Fails and a Package disguised in your own supply
MediaTek BootROM Broken, Free Coffee, and an iOS Kernel Exploit
OSED, North Korean hackers, NAT Slipstream 2.0, and PGP (in)security
Snooping YouTube History and Breaking State Machines
Breaking Lock Screens & The Great Vbox Escape
Universal Deserialization, Stealing Youtube Videos, and CTFs
Hacking Nintendo 3DS, Apple vs Corellium, and Android Bugs
Fireeye, PS4 exploit, and MacOS LPE
Rooting iOS, Hacking with cURL, and the end of Use-After-Free
Bad Blocklists, Legal News, and Windows Vulns
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast