In this week's binary episode, Binary Ninja Free releases along with Binja 4.0, automated infoleak exploit generation for the Linux kernel is explored, and Nintendo sues Yuzu.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/248.html
[00:00:00] Introduction
[00:00:31] Binary Ninja Free
[00:10:25] K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel
[00:19:53] Glitching in 3D: Low Cost EMFI Attacks
[00:22:08] Nintendo vs. Yuzu
[00:38:32] Finding Gadgets for CPU Side-Channels with Static Analysis Tools
[00:40:12] ThinkstScapes Research Roundup - Q4 - 2023
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
[binary] SoCs with Holes, Crow HTTP Bugs, and Bypassing Intel CET
[bounty] Web3 Universal XSS, Breaking BitBucket, and WAF Bypasses
[binary] An iOS Bug, Attacking Titan-M, and MTE Arrives
[bounty] Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling
[binary] Fuchsia OS, Printer Bugs, and Hacking Radare2
[bounty] A Zoom RCE, VMware Auth Bypass, and GitLab Stored XSS
[binary] Pwn2Own, Parallels Desktop, and an AppleAVD Bug
[bounty] Stealing DropBox Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability
[binary] Python 3 UAF and PS4/PS5 PPPoE Kernel Bug
[bounty] Deleting Rubygems, BIG-IP Auth Bypass, and a Priceline Account Takeover
[binary] Pwn2Owning Routers and Anker Eufy Bugs
[bounty] Cloudflare Pages, Hacking a Bank, and Attacking Price Oracles
[binary] NimbusPwn, a CLFS Vulnerability, and DatAFLow (Fuzzing)
[bounty] XSS for NFTs, a VMWare Workspace ONE UEM SSRF, and GitLab CI Container Escape
[binary] Getting into Vulnerability Research and a FUSE use-after-free
[bounty] A Struts RCE, Broken Java ECDSA (Psychic Signatures) and a Bad Log4Shell Fix
[binary] Another iOS Bug and Edge Chakra Exploitation
[bounty] Taking Over an Internal AWS Service and an Interesting XSS Vector
[binary] A subtle iOS parsing bug and a PHP use-after-free
[bounty] A Double-Edged SSRF, Pritunl VPN LPE, and a NodeBB Vuln
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast