This week's highly technical episode has discussion around the exploitation of a libwebp vulnerability we covered previously, memory tagging (MTE) implementation with common allocators, and an insane iPhone exploit chain that targeted researchers.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/234.html
[00:00:00] Introduction
[00:02:35] PagedOut Issue 3
[00:05:14] GPSd NTRIP Stream Parsing access violation vulnerability
[00:08:25] Exploiting the libwebp Vulnerability, Part 1: Playing with Huffman Code
[00:30:01] Strengthening the Shield: MTE in Heap Allocators
[00:37:40] Operation Triangulation - What you get when you attack iPhones of Researchers
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
[binary] A Huawei Hypervisor Vuln and More Memory Safety
[bounty] Remotely Controlling Hyundai and a League of Legends XSS
[binary] Patch Gaps and Apple Neural Engine Vulns
[bounty] Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage
[binary] Hacking Pixel Bootloaders and Injecting Bugs
[bounty] Racing Grafana, Stealing Mastadon Passwords, and Cross-Site Tracing
[binary] Exploiting Undefined Behavior and a Chrome UAF
[bounty] Bypassing Pixel Lock Screens and Checkmk RCE
[binary] OpenSSL Off-by-One, Java XML Bugs, and an In-the-Wild Samsung Chain
[bounty] Apache Batik, Static Site Generators, and an Android App Vuln
[binary] XNU's kalloc_type, Stranger Strings, and a NetBSD Bug
[bounty] A Galaxy Store Bug, Facebook CSRF, and Google IDOR
[binary] Edge Vulns, a SHA-3 Overflow, and an io_uring Exploit
[bounty] XMPP Stanza Smuggling in Jabber and a Cobalt Strike RCE
[binary] Some Browser Exploitation and a Format String Bug?
[bounty] GitHub to GitLab RCE and a new PHP Supply Chain Attack
[binary] i.MX Secure Boot Bypass and a Hancom Office Underflow
[bounty] Got UNIX Sockets and Some Filter Bypasses?
[binary] Pwning Scoreboards, uClibC, and PS5 Exploitation
[bounty] Akamai Cache Poisoning and a Chrome Universal XSS
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast