April 21, 2020

Binary Ninja's Decompiler, git credential leak, cross-platform LPEs

2 hours 30 minutes

Zoom vuln worth $500k? Probably not... What is worth $500k? Binary Ninja's new decompiler...okay probably not but it is exciting.We've also got some stupid issues and some interesting LPEs this episode.

[00:00:29] Cognizant suffers Maze Ransomware cyber attack

[00:14:08] Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000

[00:27:46] How I Reverse Engineered the LastPass CLI Tool

[00:35:59] State of the Ninja: Episode 13

[01:02:18] Riot offering up to $100k n Bug Bounty

[01:05:31] Research Grants to support Google VRP Bug Hunters during COVID-19

[01:09:08] Denial of service to WP-JSON API by cache poisoning

[01:11:43] CSRF to RCE bug chain in Prestashop

[01:21:16] Unintended disclosure of OTP

[01:24:20] JSON Web Token Validation Bypass in Auth0 Authentication API

[01:27:06] git: Newline injection in credential helper

[01:31:20] How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability

[01:36:34] Pwning vCenter with CVE-2020-3952

[01:45:19] Oracle Solaris 11.x/10 whodo/w Buffer Overflow

[01:51:22] Linux Kernel EoP via Improper eBPF Program Verification [CVE-2020-8835]

[01:57:39] Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices

https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c4f42c24e02ce82392d8f8fe215570568380c8ab

[02:07:20] Ricerca Security: "SMBGhost pre-auth RCE

https://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/

[02:14:01] IJON: Exploring Deep State Spaces via Fuzzing

[02:23:26] Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction

[02:27:45] GitHub - wcventure/FuzzingPaper

...more

View all episodes

By dayzerosec

1010 ratings

April 21, 2020

Binary Ninja's Decompiler, git credential leak, cross-platform LPEs

2 hours 30 minutes

[00:00:29] Cognizant suffers Maze Ransomware cyber attack

[00:14:08] Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000

[00:27:46] How I Reverse Engineered the LastPass CLI Tool

[00:35:59] State of the Ninja: Episode 13

[01:02:18] Riot offering up to $100k n Bug Bounty

[01:05:31] Research Grants to support Google VRP Bug Hunters during COVID-19

[01:09:08] Denial of service to WP-JSON API by cache poisoning

[01:11:43] CSRF to RCE bug chain in Prestashop

[01:21:16] Unintended disclosure of OTP

[01:24:20] JSON Web Token Validation Bypass in Auth0 Authentication API

[01:27:06] git: Newline injection in credential helper

[01:31:20] How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability

[01:36:34] Pwning vCenter with CVE-2020-3952

[01:45:19] Oracle Solaris 11.x/10 whodo/w Buffer Overflow

[01:51:22] Linux Kernel EoP via Improper eBPF Program Verification [CVE-2020-8835]

[01:57:39] Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices

https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c4f42c24e02ce82392d8f8fe215570568380c8ab

[02:07:20] Ricerca Security: "SMBGhost pre-auth RCE

https://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/

[02:14:01] IJON: Exploring Deep State Spaces via Fuzzing

[02:23:26] Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction

[02:27:45] GitHub - wcventure/FuzzingPaper

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share Binary Ninja's Decompiler, git credential leak, cross-platform LPEs

Sign up to save your podcasts

Binary Ninja's Decompiler, git credential leak, cross-platform LPEs

Binary Ninja's Decompiler, git credential leak, cross-platform LPEs

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast