May 12, 2020

Defcon is canceled, Microsoft was hacked, Rust has vulns

2 hours 17 minutes

Update: While we talk about Huawei Kernel Self Protection (HKSP) I make mention of the authors statement that he is unrelated to Huawei. Turns out this statement, despite a commit date of Friday wasn't pushed until Monday morning so it was not original. Further information has also come out showing that the author is a Huawei employee, so the relationship is much closer than I believe it to be. ~zi

It was a busy week, Microsofts Github account was hacked, Centurylink Routers have no security, and multiple interactionless RCEs in Samsung phones.

[00:01:45] OpenOrbis PS4 Toolchain

[00:05:06] DEF CON 28 in-person conference is CANCELLED

[00:13:23] The Nintendo leak saga continues...

[00:18:40] Keybase joins Zoom

https://www.bleepingcomputer.com/news/security/microsofts-github-account-hacked-private-repositories-stolen/

[00:33:41] Azure Security Lab - Research Challenge

[00:42:38] Hijacking Centurylink Routers [CVE 2019-19639]

[00:46:24] DoS on Twitter App

[00:51:39] A tale of verbose error message and a JWT token

[01:00:29] Pentesting Cisco SD-WAN Part 2: Breaking routers

[01:04:21] Memory leak and Use After Free in Squid

[01:17:48] How a Deceptive Assert Caused a Critical Windows Kernel Vulnerability

[01:28:30] Samsung Android multiple interactionless RCE

https://github.com/googleprojectzero/SkCodecFuzzer

[01:38:25] Linux futex+VFS Use-After-Free

[01:45:03] Huawei HKSP Introduces Trivially Exploitable Vulnerability

[01:50:32] Ragnarok Stopper: development of a vaccine

[01:55:51] Understanding Memory and Thread Safety Practices and Issues in Real-World Rust Programs

[02:09:34] Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters

[02:10:19] GitHub - JHUAPL/Beat-the-Machine: Reverse engineering basics in puzzle form

...more

View all episodes

By dayzerosec

1010 ratings

May 12, 2020

Defcon is canceled, Microsoft was hacked, Rust has vulns

2 hours 17 minutes

It was a busy week, Microsofts Github account was hacked, Centurylink Routers have no security, and multiple interactionless RCEs in Samsung phones.

[00:01:45] OpenOrbis PS4 Toolchain

[00:05:06] DEF CON 28 in-person conference is CANCELLED

[00:13:23] The Nintendo leak saga continues...

[00:18:40] Keybase joins Zoom

https://www.bleepingcomputer.com/news/security/microsofts-github-account-hacked-private-repositories-stolen/

[00:33:41] Azure Security Lab - Research Challenge

[00:42:38] Hijacking Centurylink Routers [CVE 2019-19639]

[00:46:24] DoS on Twitter App

[00:51:39] A tale of verbose error message and a JWT token

[01:00:29] Pentesting Cisco SD-WAN Part 2: Breaking routers

[01:04:21] Memory leak and Use After Free in Squid

[01:17:48] How a Deceptive Assert Caused a Critical Windows Kernel Vulnerability

[01:28:30] Samsung Android multiple interactionless RCE

https://github.com/googleprojectzero/SkCodecFuzzer

[01:38:25] Linux futex+VFS Use-After-Free

[01:45:03] Huawei HKSP Introduces Trivially Exploitable Vulnerability

[01:50:32] Ragnarok Stopper: development of a vaccine

[01:55:51] Understanding Memory and Thread Safety Practices and Issues in Real-World Rust Programs

[02:09:34] Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters

[02:10:19] GitHub - JHUAPL/Beat-the-Machine: Reverse engineering basics in puzzle form

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

55 Listeners

Share Defcon is canceled, Microsoft was hacked, Rust has vulns

Sign up to save your podcasts

Defcon is canceled, Microsoft was hacked, Rust has vulns

Defcon is canceled, Microsoft was hacked, Rust has vulns

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast