October 06, 2020

Fingerprinting Exploit Devs, BLURtooth and Punking Punkbuster

2 hours 4 minutes

Every wondering how you might fingerprint and trace exploit devs in the wild? Wondered what a backdoor in a D-Link router looks like? Want to hack Facebook (for Android)? We have all of that and more!

[00:00:43] Google: Android Partner Vulnerability Initiative

https://bugs.chromium.org/p/apvi/issues/list?q=&can=1

[00:02:55] Project Zero: Announcing the Fuzzilli Research Grant Program

[00:08:40] GitHub: Code scanning is now available

[00:16:39] Hunting for exploits by looking for the author's fingerprints

[00:22:26] Forcing Firefox to Execute XSS Payloads during 302 Redirects

[00:27:10] Exploiting fine-grained AWS IAM permissions for total cloud compromise

https://medium.com/bugbountywriteup/aws-iam-explained-for-red-and-blue-teams-2dda8b20fbf7

[00:38:04] BLURtooth (the BLUR attacks)

[00:44:25] Arbitrary code execution on Facebook for Android

[00:51:44] [stripo] Public and secret api key leaked in JavaScript source

[01:00:14] [GitLab] Unvalidated Oauth email results in accounts takeovers on 3rd parties

[01:06:03] Hacking Grindr Accounts with Copy and Paste

[01:16:37] Exploiting Other Remote Protocols in IBM WebSphere

https://portswigger.net/web-security/deserialization/exploiting

[01:25:57] The Anatomy of a Bug Door: Dissecting Two D-Link Router Authentication Bypasses

[01:38:36] Hacking Punkbuster.

[01:43:26] Race Condition in handling of PID by apport [CVE-2020-15702]

[01:57:24] Hardware Hacking Experiments

[01:59:11] How I automated McDonalds mobile game to win free iPhones

[01:59:42] Voyager - A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)

[02:00:28] zznop/sploit: Go package that aids in binary analysis and exploitation

Watch

...more

View all episodes

By dayzerosec

1010 ratings

October 06, 2020

Fingerprinting Exploit Devs, BLURtooth and Punking Punkbuster

2 hours 4 minutes

[00:00:43] Google: Android Partner Vulnerability Initiative

https://bugs.chromium.org/p/apvi/issues/list?q=&can=1

[00:02:55] Project Zero: Announcing the Fuzzilli Research Grant Program

[00:08:40] GitHub: Code scanning is now available

[00:16:39] Hunting for exploits by looking for the author's fingerprints

[00:22:26] Forcing Firefox to Execute XSS Payloads during 302 Redirects

[00:27:10] Exploiting fine-grained AWS IAM permissions for total cloud compromise

https://medium.com/bugbountywriteup/aws-iam-explained-for-red-and-blue-teams-2dda8b20fbf7

[00:38:04] BLURtooth (the BLUR attacks)

[00:44:25] Arbitrary code execution on Facebook for Android

[00:51:44] [stripo] Public and secret api key leaked in JavaScript source

[01:00:14] [GitLab] Unvalidated Oauth email results in accounts takeovers on 3rd parties

[01:06:03] Hacking Grindr Accounts with Copy and Paste

[01:16:37] Exploiting Other Remote Protocols in IBM WebSphere

https://portswigger.net/web-security/deserialization/exploiting

[01:25:57] The Anatomy of a Bug Door: Dissecting Two D-Link Router Authentication Bypasses

[01:38:36] Hacking Punkbuster.

[01:43:26] Race Condition in handling of PID by apport [CVE-2020-15702]

[01:57:24] Hardware Hacking Experiments

[01:59:11] How I automated McDonalds mobile game to win free iPhones

[01:59:42] Voyager - A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)

[02:00:28] zznop/sploit: Go package that aids in binary analysis and exploitation

Watch

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share Fingerprinting Exploit Devs, BLURtooth and Punking Punkbuster

Sign up to save your podcasts

Fingerprinting Exploit Devs, BLURtooth and Punking Punkbuster

Fingerprinting Exploit Devs, BLURtooth and Punking Punkbuster

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast