Day[0]

Cross-Browser Tracking, Frag Attacks, and Malicious Rust Macros

Listen Later

A shorter episode, but some really cool vulns none-the-less, from mitigation bypassing on D-Link routers, to a new set of WiFi protocol design flaws.

[00:01:14] Security Vulnerability Detection Using Deep Learning Natural Language Processing

  • https://arxiv.org/abs/2105.02388v1

  • https://samate.nist.gov/SARD/

    • [00:08:12] Stealing secrets with Rust Macros proof-of-concept via VSCode

    • https://github.com/lucky/bad_actor_poc

      • [00:13:21] [GitLab] RCE when removing metadata with ExifTool

      • https://hackerone.com/reports/1154542

      • https://github.com/exiftool/exiftool/blob/11.70/lib/Image/ExifTool/DjVu.pm#L233

        • [00:19:47] Terminal escape injection in AWS CloudShell

        • https://bugs.chromium.org/p/project-zero/issues/detail?id=2154

        • https://github.com/c9/core/blob/master/plugins/c9.ide.terminal/aceterm/libterm.js#L1276

          • [00:23:54] Cross-browser tracking vulnerability in Tor, Safari, Chrome and Firefox

          • https://fingerprintjs.com/blog/external-protocol-flooding/

            • [00:34:27] Fei Protocol Flashloan Vulnerability Postmortem

            • https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affb

            • https://uniswap.org/docs/v2/smart-contract-integration/providing-liquidity/

              • [00:44:46] One-click reflected XSS on Instagram

              • https://ysamm.com/?p=695

                • [00:47:24] D-Link Vulnerability [CVE-2021-27342]

                • https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html

                  • [00:51:52] Experimental Security Assessment of Mercedes-Benz Cars

                  • https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/

                  • https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf

                    • [01:01:08] FragAttacks: Fragmentation & Aggregation Attacks

                    • https://github.com/vanhoefm/fragattacks

                    • https://www.youtube.com/watch?v=OJ9nFeuitIU

                      • [01:10:57] Dell ‘dbutil_2_3.sys’ Kernel Exploit [CVE-2021-21551]

                      • https://connormcgarr.github.io/cve-2020-21551-sploit/

                        • [01:11:45] googleprojectzero/Hyntrospect

                        • https://github.com/googleprojectzero/Hyntrospect

                          • [01:13:01] IDA Free w/ Cloud Decompiler Dropped

                          • https://www.hex-rays.com/ida-free/

                            • Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

                            Or the video archive on Youtube (@dayzerosec)

                            ...more
                            View all episodesView all episodes
                            Download on the App Store
                            Day[0]By dayzerosec
                            • 4
                            • 4
                            • 4
                            • 4
                            • 4

                            4

                            10 ratings

                            More shows like Day[0]

                            View all
                            Critical Thinking - Bug Bounty Podcast by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)

                            Critical Thinking - Bug Bounty Podcast

                            56 Listeners