Day[0]

By dayzerosec

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.... more

· Technology

4

1010 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Day[0]:

How many episodes does Day[0] have?

The podcast currently has 282 episodes available.

Day[0] episodes:

February 02, 2021OSED, North Korean hackers, NAT Slipstream 2.0, and PGP (in)security
Starting with a long discussion about the North Korean hackers targeting security reseachers, and some thoughts (rants) about the newly released Windows exploit dev course from Offensive Security before getting into some real exploits including NAT Slipstreaming 2.0 and a new Sudo vuln.
[00:00:52] About the security content of iOS 14.4 and iPadOS 14.4
https://support.apple.com/en-us/HT212146

[00:02:42] New campaign targeting security researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/

https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/

https://twitter.com/pwn_expoit/status/1354024291398950913

https://twitter.com/chris_salls/status/1353989045617975297

[00:44:45] New Exploit Dev Course: EXP-301
https://www.offensive-security.com/offsec/new-course-exp301/

https://wargames.ret2.systems/

[01:04:53] Linksys WRT160NL – Authenticated Command Injection [CVE-2021-25310]
https://research.nccgroup.com/2021/01/28/technical-advisory-linksys-wrt160nl-authenticated-command-injection-cve-2021-25310/

[01:07:13] Vulnerabilities within TikTok Friend-Finder
https://research.checkpoint.com/2021/tiktok-fixes-privacy-issue-discovered-by-check-point-research/

[01:14:07] BitLocker touch-device lockscreen bypass
https://secret.club/2021/01/29/touch-lockscreen-bypass.html

[01:20:53] NAT Slipstreaming v2.0
https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/

https://samy.pl/slipstream/

[01:26:35] [Security fix] Libgcrypt 1.9.1 released
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html

https://dev.gnupg.org/rC512c0c75276949f13b6373b5c04f7065af750b08

[01:30:44] Baron Samedit: Heap-based buffer overflow in Sudo [CVE-2021-3156]
https://www.openwall.com/lists/oss-security/2021/01/26/3

https://github.com/sudo-project/sudo/commit/1f8638577d0c80a4ff864a2aad80a0d95488e9a8

https://github.com/lockedbyte/CVE-Exploits/tree/master/CVE-2021-3156

[01:44:49] Exploiting a “Simple” Vulnerability – Part 1.5 – The Info Leak
https://windows-internals.com/exploiting-a-simple-vulnerability-part-1-5-the-info-leak/

[01:50:53] Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref
https://www.thezdi.com/blog/2021/1/27/zdi-can-12671-windows-kernel-dosprivilege-escalation-via-a-null-pointer-deref

[01:56:31] XS-Leaks in redirect flows
https://docs.google.com/presentation/d/1rlnxXUYHY9CHgCMckZsCGH4VopLo4DYMvAcOltma0og/edit#slide=id.g63e29d5a06_0_0

[02:02:13] Keeping your GitHub Actions and workflows secure: Untrusted input
https://securitylab.github.com/research/github-actions-untrusted-input

[02:08:04] iOS Security Tutorial - Patching ASLR in the Kernel
https://www.youtube.com/watch?v=Gszvbi8AU68

[02:08:58] Project Zero: A Look at iMessage in iOS 14
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html

[02:09:37] Effectively Fuzzing the IPC Layer in Firefox
https://blog.mozilla.org/attack-and-defense/2021/01/27/effectively-fuzzing-the-ipc-layer-in-firefox/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on
...more
2h 12min
January 26, 2021Snooping YouTube History and Breaking State Machines
This week is a shorter episode, but still some solid bugs to look at. From a full chain Chrome exploit, to a Kindle chain from remote to root and a eBPF incorrect calculation leading to OOB read/write.
[00:00:41] Albicla launch clusterfuck
https://www.reddit.com/r/programminghorror/comments/l25ppk/albicla_launch_clusterfuck/

[00:04:41] [NordVPN] RCE through Windows Custom Protocol on Windows client
https://hackerone.com/reports/1001255

[00:09:00] Chaining Multiple bugs for Unauthenticated RCE in the SolarWinds Orion Platform
https://www.thezdi.com/blog/2021/1/20/three-bugs-in-orions-belt-chaining-multiple-bugs-for-unauthenticated-rce-in-the-solarwinds-orion-platform

[00:18:50] The Embedded YouTube Player Told Me What You Were Watching (and more)
https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/

[00:24:27] The State of State Machines
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html

https://bugs.chromium.org/p/project-zero/issues/detail?id=2085

[00:34:21] KindleDrip - From Your Kindle’s Email Address to Using Your Credit Card
https://medium.com/realmodelabs/kindledrip-from-your-kindles-email-address-to-using-your-credit-card-bb93dbfb2a08

[00:44:00] New campaign targeting security researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/

[00:44:42] An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier
https://www.thezdi.com/blog/2021/1/18/zdi-20-1440-an-incorrect-calculation-bug-in-the-linux-kernel-ebpf-verifier

[00:49:18] Chat Question: What do we think of HackTheBox
https://hackthebox.eu

[00:53:51] Bad Pods: Kubernetes Pod Privilege Escalation
https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation

[00:53:24] [Linux Kernel Exploitation 0x2] Controlling RIP and Escalating privileges via Stack Overflow
https://blog.k3170makan.com/2021/01/linux-kernel-exploitation-0x2.html

https://pwn.college/modules/kernel

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
...more
58min
January 19, 2021Breaking Lock Screens & The Great Vbox Escape
Several lockscreen-related vulnerabilities this week, a cross-site leak, and the hijacking of all .cd domains.
One important thing to mention about this weeks episode that was neglected during the discussion is that the BitLocker Lockscreen Bypass is a lockscreen bypass. It does not necessarily provide access to data Bitlocker protects. If Bitlocker is being run in "transparent operation mode" where the ability to login is all that is necessary to decrypt data, then this vulnerability can grant access to encrypted data.
[00:00:00] Introduction
https://dayzerosec.com/
[00:00:59] Slayer Labs
https://slayerlabs.com/
[00:12:03] BugTraq Shutdown
https://seclists.org/bugtraq/2021/Jan/0
[00:17:22] Data Security on Mobile Devices
https://securephones.io/
[00:27:08] Running a fake power plant on the internet for a month
https://grimminck.medium.com/running-a-fake-power-plant-on-the-internet-for-a-month-4a624f685aaa
[00:33:43] BitLocker Lockscreen bypass
https://secret.club/2021/01/15/bitlocker-bypass.html
[00:39:30] [Linux Mint] Screensaver lock by-pass via the virtual keyboard
https://github.com/linuxmint/cinnamon-screensaver/issues/354
[00:43:02] [NextCloud] Bypassing Passcode/Device credentials
https://hackerone.com/reports/747726
[00:51:02] How I hijacked the top-level domain of a sovereign state
https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/
[01:00:28] Laravel <= v8.4.2 debug mode: Remote code execution
https://www.ambionics.io/blog/laravel-debug-rce
[01:05:47] Leaking silhouettes of cross-origin images
https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
[01:10:36] Escaping VirtualBox 6.1: Part 1
https://secret.club/2021/01/14/vbox-escape.html
[01:17:15] Hunting for Bugs in Windows Mini-Filter Drivers
https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html
[01:18:33] Project Zero: Introducing the In-the-Wild Series
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
...more
1h 25min
January 12, 2021Universal Deserialization, Stealing Youtube Videos, and CTFs
A new universal deserialization gadget for Ruby, a Rocket.Chat SAML auth bypass, and some heap exploitation research.
[00:00:36] Cybersecurity Knowledge and Skills Taught in Capture the Flag Challenges
https://arxiv.org/pdf/2101.01421v1.pdf

[00:10:36] Universal Deserialisation Gadget for Ruby 2.x-3.x
https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html

[00:13:54] Stealing Your Private YouTube Videos, One Frame at a Time
https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/

[00:21:43] Rocket.chat - SAML authentication bypass
https://hackerone.com/reports/1049375

[00:25:49] curl is vulnerable to SSRF due to improperly parsing the host component of the URL
https://hackerone.com/reports/704621

[00:31:02] Issue 2095: Node.js: use-after-free in TLSWrap
https://bugs.chromium.org/p/project-zero/issues/detail?id=2095

[00:35:28] Preventing Use-After-Free Attacks with Fast Forward Allocation
https://gts3.org/assets/papers/2021/wickman:ffmalloc.pdf

[00:49:38] Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
https://www.usenix.org/system/files/sec20fall_yun_prepub.pdf

[00:59:50] A Samsung RKP Compendium
https://blog.longterm.io/samsung_rkp.html

[01:11:32] Analyzing CVE-2020-16040
https://faraz.faith/2021-01-07-cve-2020-16040-analysis/

[01:13:51] HexLasso Online
https://suszter.com/hexlasso-online/

[01:15:30] A Side Journey to Titan
https://ninjalab.io/a-side-journey-to-titan/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
...more
1h 18min
January 05, 2021Hacking Nintendo 3DS, Apple vs Corellium, and Android Bugs
An update on Apple v. Corellium, some 3DS vulnerabilities, and some drama on this weeks episode.
[00:00:34] Remote Chaos Experience
https://media.ccc.de/c/rc3

[00:20:06] Apple Inc. v. Corellium, LLC
https://www.courtlistener.com/docket/16064642/784/apple-inc-v-corellium-llc/

[00:28:17] The Great Suspender - New maintainer is probably malicious
https://github.com/greatsuspender/thegreatsuspender/issues/1263

[00:36:59] An HTML Injection Worth 600$ Dollars
https://medium.com/bugbountywriteup/a-html-injection-worth-600-dollars-5f065be0ab49

[00:44:06] Zoom Meeting Connector Post-Auth Remote Root
https://packetstormsecurity.com/files/160736/zoomer.py.txt

[00:46:21] Hijacking Google Docs Screenshots
https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/

[00:49:49] Nintendo 3DS - Improper certificate validation allows an attacker to perform MitM attacks
https://hackerone.com/reports/894922

[00:52:02] Nintendo 3DS - Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player
https://hackerone.com/reports/897606

https://twitter.com/forestillusion/status/1341230631913541633

https://news.ycombinator.com/item?id=25508782

[00:55:45] Apple macOS 6LowPAN Vulnerability [CVE-2020-9967]
https://alexplaskett.github.io/CVE-2020-9967/

[01:01:24] An iOS hacker tries Android
https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html

[01:14:29] Turning Imprisonment to Advantage in the FreeBSD ftpd chroot Jail [CVE-2020-7468]
https://www.thezdi.com/blog/2020/12/21/cve-2020-7468-turning-imprisonment-to-advantage-in-the-freebsd-ftpd-chroot-jail

[01:18:36] Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)
https://arxiv.org/abs/2012.07432

[01:27:17] Helping secure DOMPurify (part 1)
https://research.securitum.com/helping-secure-dompurify-part-1/

[01:28:23] A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation
https://github.com/ant4g0nist/Vulnerable-Kext

[01:30:01] PS4 7.02 WebKit + Kernel Chain Implementation
https://github.com/ChendoChap/ps4-ipv6-uaf/tree/7.00-7.02

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
...more
1h 32min
December 15, 2020Fireeye, PS4 exploit, and MacOS LPE
Big news this week as several government agencies and contractors may have been compromised. We also have a number of great writeups this week covering everything from a PS4 webkit exploit, MacOS, and Windows.
[00:00:25] CISA issues emergency directive for SolarWinds Orion products compromise
https://twitter.com/CISAgov/status/1338348931571445762

https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000162828020017451/swi-20201214.htm

https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html

https://twitter.com/KimZetter/status/1338305089597964290

https://twitter.com/mamah1987/status/1338369455177523201

https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network

[00:26:53] Finding Critical Open Source Projects
https://opensource.googleblog.com/2020/12/finding-critical-open-source-projects.html

https://github.com/ossf/criticality_score

[00:33:46] Vulnerabilities in McAfee ePolicy Orchestrator
https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/

[00:39:20] Chat Question: How to get good at exploit dev
[00:44:34] Novel Abuses On Wi-Fi Direct Mobile File Transfers
https://blog.doyensec.com//2020/12/10/novel-abuses-wifi-direct-mobile-file-transfers.html

[00:47:55] PsExec Local Privilege Escalation
https://medium.com/tenable-techblog/psexec-local-privilege-escalation-2e8069adc9c8

[00:52:31] Windows: WOF FSCTL_SET_REPARSE_POINT_EX Cached Signing Level SFB
https://bugs.chromium.org/p/project-zero/issues/detail?id=2088

[01:01:07] This is for the Pwners: Exploiting a WebKit 0-day in PlayStation 4
https://www.synacktiv.com/en/publications/this-is-for-the-pwners-exploiting-a-webkit-0-day-in-playstation-4.html

[01:08:51] Game On - Finding vulnerabilities in Valve’s "Steam Sockets"
https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/

[01:14:57] Apple macOS Kernel OOB Write Privilege Escalation Vulnerability [CVE-2020-27897]
https://www.thezdi.com/blog/2020/12/9/cve-2020-27897-apple-macos-kernel-oob-write-privilege-escalation-vulnerability

[01:17:22] ABSTRACT SHIMMER: Host Networking is root-Equivalent, Again [CVE-2020-15257]
https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again/

[01:24:41] Now you C me, now you don't, part two: exploiting the in-between
https://securitylab.github.com/research/now-you-c-me-part-two

[01:36:04] Portable Data exFiltration: XSS for PDFs
https://portswigger.net/research/portable-data-exfiltration

[01:45:27] HackerOne's 12 Days of Hacky Holidays
https://hackerone.com/h1-ctf?type=team

[01:47:55] The 2020 SANS Holiday Hack Challenge
https://holidayhackchallenge.com/2020/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
...more
1h 51min
December 08, 2020Rooting iOS, Hacking with cURL, and the end of Use-After-Free
Some solid exploit development talk in this episode as we look at an iOS vuln, discuss the exploitability of a cURL buffer overflow and examine a new kernel UAF mitigation.
[00:00:43] Improving open source security during the Google summer internship program
https://security.googleblog.com/2020/12/improving-open-source-security-during.html

[00:03:35] Justices seem wary of breadth of federal computer fraud statute
https://www.scotusblog.com/2020/12/argument-analysis-justices-seem-wary-of-breadth-of-federal-computer-fraud-statute/

[00:11:37] Update regarding Snapchat SSRF
https://hackerone.com/reports/530974

[00:12:53] A 3D Printed Shell
https://www.securifera.com/blog/2020/12/02/a-3d-printed-shell/

[00:20:19] Site Wide CSRF on Glassdoor
https://blog.witcoat.com/2020/12/03/site-wide-csrf-on-glassdoor/

[00:24:24] [GitLab] Stored-XSS in error message of build-dependencies
https://hackerone.com/reports/950190

[00:27:44] Playstation Now RCE
https://hackerone.com/reports/873614

[00:32:29] MS Teams RCE (Important, Spoofing)
https://github.com/oskarsve/ms-teams-rce/

[00:38:34] An iOS zero-click radio proximity exploit odyssey
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html

https://bugs.chromium.org/p/project-zero/issues/detail?id=1982

[00:54:58] [curl] heap-based buffer overrun in /lib/urlapi.c
https://hackerone.com/reports/547630

[01:02:51] Google Duo: Race condition can cause callee to leak video packets from unanswered call
https://bugs.chromium.org/p/project-zero/issues/detail?id=2085

[01:05:35] Linux kernel heap quarantine versus use-after-free exploits
https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html

https://lore.kernel.org/kernel-hardening/CAG48ez1tNU_7n8qtnxTYZ5qt-upJ81Fcb0P2rZe38ARK=iyBkA@mail.gmail.com/T/#u

[01:13:23] Hey Alexa what did I just type? Decoding smartphone sounds with a voice assistant
https://arxiv.org/abs/2012.00687

[01:22:57] XS-Leaks Wiki
https://xsleaks.dev/

https://security.googleblog.com/2020/12/fostering-research-on-new-web-security.html

[01:27:14] Hacking 101 by No Starch Press
https://www.humblebundle.com/books/hacking-101-no-starch-press-books

[01:33:40] Gamozo Labs FuzzOS
https://gamozolabs.github.io/fuzzing/2020/12/06/fuzzos.html

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
...more
1h 36min
December 01, 2020Bad Blocklists, Legal News, and Windows Vulns
More SD-PWN, more Tesla hacks, potential RCE in Drupal, and a couple windows vulns.
[00:00:27] Congress unanimously passes federal IoT security law
https://blog.rapid7.com/2020/11/18/congress-unanimously-passes-federal-iot-security-law/
[00:06:52] The Supreme Court will hear its first big CFAA case
https://www.scotusblog.com/2020/11/case-preview-justices-to-consider-breadth-of-federal-computer-fraud-statute/
[00:13:35] How much is unauthorized access sold for?
https://xorl.wordpress.com/2020/08/26/how-much-is-unauthorized-access-sold-for/
[00:20:10] Getting Banned for Security Research
https://nedwill.github.io/blog/jekyll/update/2020/11/25/banned-for-research.html
[00:33:11] SD-PWN Part 3 - Cisco vManage
https://medium.com/realmodelabs/sd-pwn-part-3-cisco-vmanage-another-day-another-network-takeover-15731a4d75b7
[00:36:10] SD-PWN Part 4 - VMware VeloCloud
https://medium.com/realmodelabs/sd-pwn-part-4-vmware-velocloud-the-last-takeover-a7016f9a9175
[00:40:39] CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)
https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/

https://github.com/opencrx/opencrx/commit/389ff0e22851407560091dfd25b25fee0b384eed?branch=389ff0e22851407560091dfd25b25fee0b384eed&diff=split#diff-2bb58016ce7d5cdb2f11bdb60d4aa7dd5c2e2cb816c9120a7f36ac93d0b64f33L702
[00:43:54] Multiple vulnerabilities through filename manipulation (CVE-2020-28948 and CVE-2020-28949)
https://github.com/pear/Archive_Tar/issues/33

https://www.drupal.org/sa-core-2020-013
[00:47:14] SSRFs caused by bad RegEx in "private-ip"
https://johnjhacking.com/blog/cve-2020-28360/
[00:53:13] [SnapChat] Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
https://hackerone.com/reports/530974
[00:57:50] Serious flaws in Tesla Model X keyless entry system
https://www.imec-int.com/en/press/belgian-security-researchers-ku-leuven-and-imec-demonstrate-serious-flaws-tesla-model-x
[01:03:48] Windows Print Spooler Vulnerability
https://www.accenture.com/us-en/blogs/cyber-defense/discovering-exploiting-shutting-down-dangerous-windows-print-spooler-vulnerability
[01:08:30] Exploiting a “Simple” Vulnerability - In 35 Easy Steps or Less!
https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less/

https://twitter.com/gabe_k/status/1330966182543777792

There was previously a link to br0vvnn here, this blog has been shown to be part of an attempt to compromise security researchers.
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers

[01:17:55] Hitcon2020 Challenge Files + Solutions
https://github.com/david942j/ctf-writeups/tree/master/hitcon-2020
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
...more
1h 21min
November 24, 2020Jailbreaks, Stealing Playstation Accounts, and Automatic Exploit Generation
This week we talk a bit about some Black Friday deals before jumping into another SD-WAN pwn, some jailbreaks, and research into automatic exploit generation.
[00:00:40] Black Friday is coming...
VMWare - Usually ~35% off

Shodan - $5 lifetime, last year they ran the deal before and after Black Friday so pay attention.

Pluralsight - 40% off

INE - 40% off (access to all eLearnSecurity courses)

Cybrary.it - $600 off

PentesterLab - Last year was 13.37% off

NoStarchPress - Last year was 42% off

O'Reilly Online Learning - $199/year (normally $500/yr)

Pentester Academy - 70% off (covid "perma-deal")

[00:10:03] Oracle Security Alert - CVE-2020-14750
https://twitter.com/chybeta/status/1323220987442208769

[00:13:34] FileZilla "Scale Factor" field is vulnerable of Buffer Overflow

[00:21:33] Playstation Access Token Stealing
https://hackerone.com/reports/826394

[00:27:54] SD-PWN Part 2 - Citrix SD-WAN Center - Another Network Takeover

[00:37:19] Exploiting dynamic rendering engines to take control of web apps

[00:42:34] Privileged Container Escape - Control Groups release_agent

[00:47:23] Modern attacks on the Chrome browser

[00:58:57] Jailbreaks Never Die - Exploiting iOS 13.7

[01:08:27] Kernel Exploitation with a File System Fuzzer

[01:13:57] Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@DAY[0])
...more
1h 31min
November 17, 2020Hacking Voatz and Rooting Ubuntu
Some interesting tips and tricks as we look at multiple privileges escalations from XNU to Ubuntu, Bitdefender, and Dropbox (HelloSign).
[00:01:31] Apple allegedly not crediting researchers

[00:10:26] Response to Voatz's Supreme Court Amicus Brief

[00:23:45] Standing up for developers: youtube-dl is back

[00:30:05] HelloSign SSRF leads to AWS private key disclosure

[00:38:02] Silver Peak Unity Orchestrator RCE

[00:42:51] Get root by pretending nobody's /home

[00:48:20] Project Zero: Oops, I missed it again!

[00:55:12] Bitdefender: UPX Unpacking Featuring Ten Memory Corruptions

[01:01:07] Sleep Attack: Intel Bootguard vulnerability waking from S3

[01:05:56] SAD DNS Explained

[01:12:02] Cache-in-the-Middle (CITM) Attacks: Manipulating Sensitive Data in Isolated Execution Envrionments

[01:23:33] A Systematic Study of Elastic Objects in Kernel Exploitation

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@DAY[0])
...more
1h 34min

FAQs about Day[0]:

How many episodes does Day[0] have?

The podcast currently has 282 episodes available.

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)

Critical Thinking - Bug Bounty Podcast

56 Listeners