Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube

This will be our last episode until the fall, but once we are back you can catch the DAY[0] podcast on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec

[00:00:50] This will be our last episode until the fall.

[00:02:50] Thoughts on the Advanced Web Attacks and Exploitation (AWAE) Course, and the Offensive Security Web Expert (OSWE) certification

[00:32:05] r/AskNetsec - New windows LPE from non-admin :) - From SandboxEscaper

[00:45:20] First American Financial Corp. compromise

[00:53:48] Google admits storing G Suite user passwords in plain text for 14 years

[01:02:27] Safety vs. Security: Attacking Avionic Systems with Humans in the Loop

[01:17:30] Malware Guard Extension: Using SGX to Conceal Cache Attacks

[01:25:04] Biometric Backdoors: A Poisoning Attack Against Unsupervised Template Updates

[01:36:45] MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows

[01:46:59] Hey Google, What Exactly Do Your Security Patches Tell Us?A Large-Scale Empirical Study on Android Patched Vulnerabilities

[02:03:35] MAC OSX Gatekeeper Bypass

[02:10:47] RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec

[00:01:55] Frida 12.5 Released

[00:08:17] Damn Vulnerable Crypto Wallet

[00:16:40] Thangry Cat: https://😾😾😾.fm/

[00:23:11] Micro-Architectural Data Sampling Attacks

[00:56:24] Update to Security Incident [May 17, 2019] - Stack Overflow Blog

[01:04:00] Global Takedown Shows the Anatomy of a Modern Cybercriminal Supply Chain

[01:15:12] How Hackers Broke WhatsApp With Just a Phone Call

[01:26:53] Over 25,000 Linksys Smart Wi-Fi Routers Vulnerable to Sensitive Information Disclosure

[01:34:01] Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec

[00:00:30] Unhackable: New chip stops attacks before they start

[00:15:00] DeepCheck: A Non-intrusive Control-flow Integrity Checking based...

[00:25:54] Queue the Hardening Enhancements

[00:50:18] For Cybersecurity, Computer Science Must Rely on Strong Types

[00:57:43] A Novel Side-Channel in Real-Time Schedulers

[01:04:55] MAVSec: Securing the MAVLink Protocol

[01:10:39] Domain Specific Code Smells in Smart Contracts

[01:18:56] Over 275 Million Records Exposed by Unsecured MongoDB Database

[01:38:02] Applied Risk :: Advisories

[01:53:50] Alpine Linux Dockerimage contains a NULL root password

[01:59:01] Linux Kernel Race Condition and UAF

[02:05:44] Arbitrary file read vulnerability in HackerRank

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec

[00:00:30]r/GlobalOffensive: PSA: Security issue regarding lobbies and games

[00:11:30]Vita Exploit

[00:20:05]Indie Game Removed From Switch eShop

[00:34:40]Eight Devices, One Exploit

[00:47:30]Remote Code Execution on most Dell computers

[00:56:35]All Firefox extensions disabled due to expiration of intermediate signing cert

[01:15:10]A hacker is wiping Git repositories and asking for a ransom | ZDNet

[01:38:25]Typer vs. CAPTCHA: Private information based CAPTCHA to defend against crowdsourcing human cheating

[01:50:50]36 Year old Kernel stack disclosure bug in UFS/FFS

[02:00:52]You Only Propagate Once: Painless Adversarial Training

[02:05:55]The Risks of WebGL: Analysis, Evaluation and Detection

[02:18:55]InternalBlue: Bluetooth Binary Patching and Experimentation Framework

[02:27:30]IRONHIDE: A Secure Multicore Architecture that Leverages Hardware Isolation Against Microarchitecture State Attacks

Extra Links:

- h-encore exploit (old Vita exploit)

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec

[00:00:30] - Physical Adversarial Textures that Fool Visual Object Tracking

[00:04:30] - DPatch: An Adversarial Patch Attack on Object Detectors

[00:11:45] - Side-Channel Attack to Extract ECDSA Private Keys from Qualcom Hardware-Based Keystore

[00:19:40] - For PayPal security team,“get user balances and transaction details" is not a vulnerability

[00:26:05] - "CI Knew There Would Be Bugs Here" - Exploring Continuous Integration

[00:40:10] - Hacker Finds They Can Kill Car Engines After Breaking Into GPS Tracking Device

[00:50:25] - Security baseline (DRAFT) for Windows 10 v1903

[00:58:25] - Security Analysis of Near-Field Communication (NFC) Payments

[01:12:10] - Docker Hub Hacked – 190k accounts, GitHub tokens revoked, Builds disabled

[01:18:50] - eGobbler - malvertising campaign exploits zero-day Chrome bug

[01:32:15] - New backdoor inspired by leaked NSA malware

[01:39:60] - Mueller report: Russia hacked state databases and voting machines

[01:54:10] - New Technique Uses Power Anomalies to ID Malware in Embedded Systems

[00:00:31] - https://blogs.grammatech.com/open-source-tools-for-binary-analysis-and-rewriting

[00:05:31] - https://arxiv.org/abs/1904.07280

[00:13:51] - https://www.zdnet.com/article/security-researcher-malwaretech-pleads-guilty/

[00:21:12] - https://www.zdnet.com/article/facebook-admits-to-storing-plaintext-passwords-for-millions-of-instagram-users/

[00:25:34] - https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html

[00:31:36] - https://pdfpiw.uspto.gov/.piw?docid=10262138&SectionNum=1&IDKey=0229F1C38B5D

[00:39:02] - https://arxiv.org/abs/1904.07370

[00:53:05] - https://github.com/vusec/kmvx

[01:04:45] - Discussion on valuation of an exploit

[01:08:05] - https://arxiv.org/abs/1904.07550

[01:16:02] - https://arxiv.org/abs/1904.08653

[01:24:36] - https://blog.underdogsecurity.com/rce_in_origin_client/

[01:35:14] - https://threatpost.com/windows-zero-day-active-exploits/143820/

[01:40:18] - https://www.ghacks.net/2019/04/16/adblock-plus-filter-exploit-to-run-arbitrary-code-discovered/

[01:47:26] - https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/

[01:50:47] - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec

[00:00:37] - Huawei Cyber Security Evaluation Report

[00:14:22] - Assange Arrest

[00:24:55] - Matrix Compromise

[00:32:20] - Outlook Compromise

[00:43:39] - Ghidra Source Release

[00:49:18] - Relyze 3 Beta (Another Free Decompiler)

[00:56:30] - Fracker (New PHP Tool)

[01:01:11] - Discussion about EncryptCTF and challenge design

[01:25:24] - Dragonblood/WPA3 Vulnerabilities

[01:32:21] - CVE-2019-0211 Apache Root Privilege Escalation

[01:41:27] - Detailing of CVE-2019-1636 and CVE-2019-6739 in QT

[01:49:47] - Splitting Atoms in XNU

[02:06:39] - PostgreSQL is it a CVE?

[02:11:41] - RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks

[02:26:45] - The ROP Needle: Hiding Trigger-based Injection Vectors via Code Reuse

[02:29:30] - Assessing Unikernel Security

00:01:10 Sunshine CTF

00:10:27 Question Discussion: Opinions regarding CTF's vs. Real World Exploits

00:24:15 ENCRYPT CTF Discussion

00:31:25 Pwn2Own 2019 (P2O) and Tesla Hacking

00:41:25 Tricking Tesla Autopilot

00:56:45 Ghidra 9.0.1 Release

00:59:30 Commando VM

01:06:50 PoC||GTFO 0x19

01:13:20 ASUS Update Tool Backdoor

01:19:05 Windows Defender APC Code Injection Sensors

01:22:55 BSEA-1 - A Stream Cipher Backdooring Technique

01:32:40 LockerGoga Randomware Vaccination

01:37:40 Hearing your touch: A new acoustic side channel on smartphones

01:43:05 Keybase is not softer than TOFU

01:48:30 Exploitation Techniques and Defenses for Data-Oriented Attacks

01:56:00 Restricting Control Flow During Speculative Execution with Venkman

Additional Links:

00:00:50 Ghidra from XXE to RCE

00:08:50 Cutter (Radare2) Release

00:15:00 Daenerys IDA Pro and Ghidra Interoperability Framework

00:22:00 IDA Educational Release

00:39:35 Windows Defender on MacOS

00:59:20 A new Windows 10 KASLR Bypass

01:11:07 EVMFuzz Fuzzing Ethereum Virtual Machines

01:30:10 Researchers find 36 new security flaws in LTE Protocol

01:45:50 Facebook logging plaintext passwords