DEF CON moves venues, the Canadian government moves to ban Flipper Zero, and some XSS issues affect Microsoft Whiteboard and Meta's Excalidraw.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/241.html
[00:00:00] Introduction
[00:00:33] DEF CON was canceled.
[00:16:42] Federal action on combatting auto theft
[00:39:03] Jenkins Arbitrary File Leak Vulnerability, CVE-2024-23897, Can Lead To RCE
[00:43:27] Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140)
[00:52:26] SSRF on a Headless Browser Becomes Critical!
[00:59:04] ChatGPT Account Takeover - Wildcard Web Cache Deception
[01:05:14] Differential testing and fuzzing of HTTP servers and proxies
[01:10:14] Hunting for Vulnerabilities that are ignored by most of the Bug Bounty Hunters
[01:19:38] Analyzing AI Application Threat Models
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Bad Patches, Fuzzing Sockets, & 3DS Hacked by Super Mario
Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering
Pwn2own, Linux Kernel Exploits, and Malicious Mail
Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat
Google exposes an APT campaign, PHP owned, and Several Auth Issues
Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!
Hacking Cameras, Stealing Logins, and Breaking Git
Buggy Browsers, Heap Grooming, and Broken RSA?
BlackHat USA, Pre-Auth RCEs, and JSON Smuggling
PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking
Industrial Control Fails and a Package disguised in your own supply
MediaTek BootROM Broken, Free Coffee, and an iOS Kernel Exploit
OSED, North Korean hackers, NAT Slipstream 2.0, and PGP (in)security
Snooping YouTube History and Breaking State Machines
Breaking Lock Screens & The Great Vbox Escape
Universal Deserialization, Stealing Youtube Videos, and CTFs
Hacking Nintendo 3DS, Apple vs Corellium, and Android Bugs
Fireeye, PS4 exploit, and MacOS LPE
Rooting iOS, Hacking with cURL, and the end of Use-After-Free
Bad Blocklists, Legal News, and Windows Vulns
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast