October 13, 2020

Breaking into HashiCorp Vault, Apple and Google

1 hour 54 minutes

Its a web-exploit heavy episode impacing Apple, Hasicorp, Azure, Google, and even a DOMPurify Bypass. Then we end-off with a look into benchmarking fuzzers, and a look at the House of Muney heap exploitation technique.

[00:00:49] Fuzzing internships for Open Source Software

[00:03:15] CET Updates – CET on Xanax

[00:09:07] Binary Ninja - Open Source Architectures

[00:14:03] Memory Safe 'curl' for a More Secure Internet

https://daniel.haxx.se/blog/2020/10/09/rust-in-curl-with-hyper/

[00:17:25] We Hacked Apple for 3 Months: Here’s What We Found

[00:25:46] Race condition while removing the love react in community files

[00:30:11] Enter the Vault: Authentication Issues in HashiCorp Vault

[00:46:39] Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure

[00:51:11] Password Reset Link Leaked In Refer Header

[00:57:37] The mass CSRFing of *.google.com/* products.

[01:06:02] A brief encounter with Leostream Connect Broker

[01:15:47] Bypassing DOMPurify again with mutation XSS

https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/

https://github.com/marcinguy/jquery-xss-in-html

[01:22:10] Apache Struts OGNL Remote Code Execution [CVE-2019-0230]

[01:28:11] UNIFUZZ: A Holistic, Pragmatic Metrics-Driven Platform for Evaluating Fuzzers

https://github.com/unifuzz/unibench

https://github.com/unifuzz

[01:47:15] House of Muney - Leakless Heap Exploitation Technique

https://github.com/mdulin2/house-of-muney

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

View all episodes

By dayzerosec

1010 ratings

October 13, 2020

Breaking into HashiCorp Vault, Apple and Google

1 hour 54 minutes

[00:00:49] Fuzzing internships for Open Source Software

[00:03:15] CET Updates – CET on Xanax

[00:09:07] Binary Ninja - Open Source Architectures

[00:14:03] Memory Safe 'curl' for a More Secure Internet

https://daniel.haxx.se/blog/2020/10/09/rust-in-curl-with-hyper/

[00:17:25] We Hacked Apple for 3 Months: Here’s What We Found

[00:25:46] Race condition while removing the love react in community files

[00:30:11] Enter the Vault: Authentication Issues in HashiCorp Vault

[00:46:39] Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure

[00:51:11] Password Reset Link Leaked In Refer Header

[00:57:37] The mass CSRFing of *.google.com/* products.

[01:06:02] A brief encounter with Leostream Connect Broker

[01:15:47] Bypassing DOMPurify again with mutation XSS

https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/

https://github.com/marcinguy/jquery-xss-in-html

[01:22:10] Apache Struts OGNL Remote Code Execution [CVE-2019-0230]

[01:28:11] UNIFUZZ: A Holistic, Pragmatic Metrics-Driven Platform for Evaluating Fuzzers

https://github.com/unifuzz/unibench

https://github.com/unifuzz

[01:47:15] House of Muney - Leakless Heap Exploitation Technique

https://github.com/mdulin2/house-of-muney

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share Breaking into HashiCorp Vault, Apple and Google

Sign up to save your podcasts

Breaking into HashiCorp Vault, Apple and Google

Breaking into HashiCorp Vault, Apple and Google

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast