September 22, 2020

Bhyves and Evil LEDs (+Roulette)

1 hour 39 minutes

A "trivial" Bhyve VM escape, a BitWarden "RCE", a ModSecurity "Denial of Service" and more scare quotes for your enjoyment in this week's episode.

[00:00:33] Patient Dies After Ransomware Attack

[00:08:05] Zerologon [CVE-2020-1472]

[00:14:29] BitWarden Blind HTTP GET SSRF

https://github.com/bitwarden/server/pull/812/commits/f094b76b6638932b13bb5ed2d9295185c54ce332

https://github.com/bitwarden/desktop/issues/552

[00:23:40] Apache + PHP under v7.4.10 open_basedir bypass

[00:29:59] ModSecurity v3 Affected By DoS (Severity HIGH) [CVE-2020-15598]

[00:38:09] Bhyve VM Escape

https://bsdsec.net/articles/freebsd-announce-freebsd-security-advisory-freebsd-sa-20-29-bhyve_svm

[00:42:59] Webkit aboutBlankURL() code execution vulnerability

[00:48:28] CVE-2020-9964 - An iOS infoleak

[00:51:44] Online Casino Roulette - A guideline for pen testers

[00:56:40] Light Can Hack Your Face! Black-box Backdoor Attack on Face Recognition

[01:03:06] UniFuzz: Optimizing Distributed Fuzzing via Dynamic Centralized Task Scheduling

[01:12:07] FANS: Fuzzing Android Native System Services via Automated Interface Analysis

https://github.com/iromise/fans

[01:19:52] OneFuzz framework, an open source developer tool to find and fix bugs at scale

https://github.com/microsoft/onefuzz

[01:28:35] Finding Australian Prime Minister Tony Abbott's passport number

[01:34:08] ARM64 Reversing and Exploitation

[01:37:25] Hypervisor Exploitation Compiled Research List

https://github.com/bitwarden/server/pull/812/commits/f094b76b6638932b13bb5ed2d9295185c54ce332

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

View all episodes

By dayzerosec

1010 ratings

September 22, 2020

Bhyves and Evil LEDs (+Roulette)

1 hour 39 minutes

A "trivial" Bhyve VM escape, a BitWarden "RCE", a ModSecurity "Denial of Service" and more scare quotes for your enjoyment in this week's episode.

[00:00:33] Patient Dies After Ransomware Attack

[00:08:05] Zerologon [CVE-2020-1472]

[00:14:29] BitWarden Blind HTTP GET SSRF

https://github.com/bitwarden/server/pull/812/commits/f094b76b6638932b13bb5ed2d9295185c54ce332

https://github.com/bitwarden/desktop/issues/552

[00:23:40] Apache + PHP under v7.4.10 open_basedir bypass

[00:29:59] ModSecurity v3 Affected By DoS (Severity HIGH) [CVE-2020-15598]

[00:38:09] Bhyve VM Escape

https://bsdsec.net/articles/freebsd-announce-freebsd-security-advisory-freebsd-sa-20-29-bhyve_svm

[00:42:59] Webkit aboutBlankURL() code execution vulnerability

[00:48:28] CVE-2020-9964 - An iOS infoleak

[00:51:44] Online Casino Roulette - A guideline for pen testers

[00:56:40] Light Can Hack Your Face! Black-box Backdoor Attack on Face Recognition

[01:03:06] UniFuzz: Optimizing Distributed Fuzzing via Dynamic Centralized Task Scheduling

[01:12:07] FANS: Fuzzing Android Native System Services via Automated Interface Analysis

https://github.com/iromise/fans

[01:19:52] OneFuzz framework, an open source developer tool to find and fix bugs at scale

https://github.com/microsoft/onefuzz

[01:28:35] Finding Australian Prime Minister Tony Abbott's passport number

[01:34:08] ARM64 Reversing and Exploitation

[01:37:25] Hypervisor Exploitation Compiled Research List

https://github.com/bitwarden/server/pull/812/commits/f094b76b6638932b13bb5ed2d9295185c54ce332

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share Bhyves and Evil LEDs (+Roulette)

Sign up to save your podcasts

Bhyves and Evil LEDs (+Roulette)

Bhyves and Evil LEDs (+Roulette)

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast