Sign up to save your podcasts
Or
Share [bounty] Stealing DropBox Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Day[0]](https://podcast-api-images.s3.amazonaws.com/corona/show/870239/logo_300x300.jpeg){kind=logo}
[bounty] Stealing DropBox Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/stealing-dropbox-google-drive-tokens-a-gitlab-bug-and-macos-powerdir-vulnerability.html
Kicking off the week with some discussion about DOJ's policy change before getting into some vulnerabilities: "powerdir" a macOS TCC bypass, an integer overflow on the web, and another attack against HelloSign and their Google Drive integration
[00:02:12] DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security Researchers
[00:11:02] macOS Vulnerability "powerdir" could lead to unauthorized user data access
[00:17:17] Arbitrary POST request as victim user from HTML injection in Jupyter notebooks
[00:21:44] [Glovo] Integer overflow vulnerability
[00:25:11] Stealing Google Drive OAuth tokens from Dropbox
[00:29:46] Privileged pod escalations in Kubernetes and GKE
The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week:
The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Or follow us on Twitter (@dayzerosec) to know when new releases are coming.
View all episodes
By dayzerosec
4
1010 ratings
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/stealing-dropbox-google-drive-tokens-a-gitlab-bug-and-macos-powerdir-vulnerability.html
Kicking off the week with some discussion about DOJ's policy change before getting into some vulnerabilities: "powerdir" a macOS TCC bypass, an integer overflow on the web, and another attack against HelloSign and their Google Drive integration
[00:02:12] DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security Researchers
[00:11:02] macOS Vulnerability "powerdir" could lead to unauthorized user data access
[00:17:17] Arbitrary POST request as victim user from HTML injection in Jupyter notebooks
[00:21:44] [Glovo] Integer overflow vulnerability
[00:25:11] Stealing Google Drive OAuth tokens from Dropbox
[00:29:46] Privileged pod escalations in Kubernetes and GKE
The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week:
The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Or follow us on Twitter (@dayzerosec) to know when new releases are coming.
More shows like Day[0]
View all
Critical Thinking - Bug Bounty Podcast
56 Listeners