March 31, 2020

A shortcut (.lnk) to RCE, Pi-Hole, Shadow Stacks, and fine-grained kASLR

1 hour 48 minutes

Is there a shortcut to RCE? Well, on Windows .LNK files could be just that. We also talk about a few others vulnerabilities impacting Windows, Pi-Hole and Netflix. And end by looking at Window's new hardware enforced Shadow Stack and a proof-of-concept for fine-grained kASLR on Linux.

[00:01:18] The Netflix account compromise Bugcrowd doesn't want you to know about

https://bugcrowd.com/netflix

[00:16:21] Where is my Train : Tracking to Hacking

[00:22:59] Intel SGX removed from Rocket Skylake-S CPUs

[00:28:17] Type 1 Font Parsing Remote Code Execution Vulnerability

[00:33:41] Configuration Overwrite in IBM Cognos TM1 [CVE-2019-4716]

[00:42:19] Remote Code Execution Through .LNK Files [CVE-2020-0729]

[00:53:15] Pi-hole Remote Code Execution [CVE-2020-8816]

[01:03:14] NordVPN - Unauthorized User Can Delete Any User Account

[01:09:33] Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

https://blockchain-ctf.securityinnovation.com/#/

[01:20:01] Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

[01:20:28] Understanding Hardware-enforced Stack Protection

https://windows-internals.com/cet-on-windows/

[01:32:21] [RFC PATCH 00/11] Finer grained kernel address space randomization - Kristen Carlson Accardi

https://www.kryptoslogic.com/blog/2020/03/another-look-at-two-linux-kaslr-patches/

[01:42:14] Slayer Labs

https://www.reddit.com/r/netsec/comments/fr8w8u/free_vpn_access_to_slayer_labs_networks/?sort=top

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

View all episodes

By dayzerosec

1010 ratings

March 31, 2020

A shortcut (.lnk) to RCE, Pi-Hole, Shadow Stacks, and fine-grained kASLR

1 hour 48 minutes

[00:01:18] The Netflix account compromise Bugcrowd doesn't want you to know about

https://bugcrowd.com/netflix

[00:16:21] Where is my Train : Tracking to Hacking

[00:22:59] Intel SGX removed from Rocket Skylake-S CPUs

[00:28:17] Type 1 Font Parsing Remote Code Execution Vulnerability

[00:33:41] Configuration Overwrite in IBM Cognos TM1 [CVE-2019-4716]

[00:42:19] Remote Code Execution Through .LNK Files [CVE-2020-0729]

[00:53:15] Pi-hole Remote Code Execution [CVE-2020-8816]

[01:03:14] NordVPN - Unauthorized User Can Delete Any User Account

[01:09:33] Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

https://blockchain-ctf.securityinnovation.com/#/

[01:20:01] Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

[01:20:28] Understanding Hardware-enforced Stack Protection

https://windows-internals.com/cet-on-windows/

[01:32:21] [RFC PATCH 00/11] Finer grained kernel address space randomization - Kristen Carlson Accardi

https://www.kryptoslogic.com/blog/2020/03/another-look-at-two-linux-kaslr-patches/

[01:42:14] Slayer Labs

https://www.reddit.com/r/netsec/comments/fr8w8u/free_vpn_access_to_slayer_labs_networks/?sort=top

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

55 Listeners

Share A shortcut (.lnk) to RCE, Pi-Hole, Shadow Stacks, and fine-grained kASLR

Sign up to save your podcasts

A shortcut (.lnk) to RCE, Pi-Hole, Shadow Stacks, and fine-grained kASLR

A shortcut (.lnk) to RCE, Pi-Hole, Shadow Stacks, and fine-grained kASLR

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast