Discussion this week around Chrome's Sanitizer API, and bypassing firewalls with webhooks and 0days (ModSecurity bypass), and a pre-auth BitBucket RCE.
Links and summaries are available at https://dayzerosec.com/podcast/153.html
[00:00:00] Introduction
[00:00:31] Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
[00:10:31] Breaking Bitbucket: Pre Auth Remote Command Execution [CVE-2022-36804]
[00:16:25] [Chrome] Sanitizer API bypass via prototype pollution
[00:23:02] How we Abused Repository Webhooks to Access Internal CI Systems at Scale
[00:35:03] WAF bypasses via 0days
[00:42:40] Cloning internal Google repos for fun and… info?
[00:43:19] How to turn security research into profit: a CL.0 case study
Linux Exploits, Secure Credentials, Side-Channels and Election(SDK) hacking
When your errors have errors...
Exploits-galore iOS (checkm8), Android, Signal, Whatsapp, PHP and more
Offensive Security's OSWE/AWAE, Massive Security failures, and a handful of cool attacks
Intel has done it again, ft. Zombies, Cats, and Windows exploits
The Unhackable Morpheus chip and other exploit mitigations
Another CSG0-day, Ransomware? and a 36 year old vuln
Docker, Government Attacks, and Best Practices
Fun Malware, Fun AI Tricks, and General Fun
Compromises, Challenge Design, and 0days
CTFs, Backdoors, and Control Flow Integrity
RE Tools, Ethereum, and Plaintext Passwords
CSG0-Days, Exploit Mitigations, and Voting Systems
Zero-Days, Ghidra, and Questionable CVE's
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast