This week's highly technical episode has discussion around the exploitation of a libwebp vulnerability we covered previously, memory tagging (MTE) implementation with common allocators, and an insane iPhone exploit chain that targeted researchers.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/234.html
[00:00:00] Introduction
[00:02:35] PagedOut Issue 3
[00:05:14] GPSd NTRIP Stream Parsing access violation vulnerability
[00:08:25] Exploiting the libwebp Vulnerability, Part 1: Playing with Huffman Code
[00:30:01] Strengthening the Shield: MTE in Heap Allocators
[00:37:40] Operation Triangulation - What you get when you attack iPhones of Researchers
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
A Kernel Race, SuDump, and a Chrome Garbage Collector Bug [Exploit Dev/VR]
A Slack Attack and a MySQL Scientific Notation Bug [Bug Hunting]
WebKit Bugs, a Windows Race, and House of IO Improved [Exploit Dev/VR]
WebSocket Hijacking, GitHub review bypass and SQLi to RCE [Bug Hunting]
HyperKit Bugs & an Open5GS Stack Overflow [Binary Exploitation]
SharePoint RCE & an Apache Path Traversal [Bug Hunting]
Chrome Exploits and a Firefox Update Bug [Binary Exploitation]
Gatekeeper Bypass, Opera RCE, and Prototype Pollution [Bounty Hunting]
Kernel UAFs and a Parallels VM Escape [Binary Exploitation]
iOS 0days, Apache Dubbo RCEs, and NPM bugs [Bounty Hunting]
A Curl UAF, iPhone FORCEDENTRY, and a Crazy HP OMEN Driver [Binary Exploitation]
A Flickr CSRF, GitLab, & OMIGOD, Azure again? [Bounty Hunting]
NETGEAR smart switches, SpookJS, & Parallels Desktop [Binary Exploitation]
Reused VMWare exploits & Escaping Azure Container Instances [Bounty Hunting]
Escaping the Bhyve, WhatsApp, & BrakTooth [Binary Exploitation]
Takeover A Facebook, SnapChat or JetBrains Account [Bounty Hunting]
NoSQL Injection, Mobile Misconfigurations and a Wormable Windows Bug
Cross-Browser Tracking, Frag Attacks, and Malicious Rust Macros
Fake Vulns, More Valve, and an AWS Cognito issue
Defcon Quals, Dead μops, BadAllocs, Wordpress XXE
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast