March 10, 2020

FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

2 hours 14 minutes

A New AMD sidechannel, and an old intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY[0].

[00:00:21] Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote

[00:06:52] Announcing Remote Participation in Pwn2Own Vancouver

[00:11:22] Revoking certain certificates on March 4

[00:19:40] FuzzBench: Fuzzer Benchmarking as a Service

[00:28:53] Intel x86 Root of Trust: loss of trust

[00:39:07] Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors

[00:49:11] VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636af

https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

[00:55:11] MediaTek rootkit affecting millions of Android devices

[01:01:56] Zoho ManageEngine RCE

[01:11:25] RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555)

[01:14:22] Regex Vulnerabilities - parse-community/parse-server

[01:18:57] HTTP request smuggling using malformed Transfer-Encoding header

[01:27:20] [Nextcloud] Delete All Data of Any User

[01:30:36] Dismantling DST80-based Immobiliser Systems

[01:37:53] Exploring Backdoor Poisoning Attacks Against Malware Classifiers

[01:45:59] Code Renewability for Native Software Protection

[01:55:42] Security Analysis of Memory Tagging

[02:04:15] DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

View all episodes

By dayzerosec

1010 ratings

March 10, 2020

FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

2 hours 14 minutes

[00:00:21] Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote

[00:06:52] Announcing Remote Participation in Pwn2Own Vancouver

[00:11:22] Revoking certain certificates on March 4

[00:19:40] FuzzBench: Fuzzer Benchmarking as a Service

[00:28:53] Intel x86 Root of Trust: loss of trust

[00:39:07] Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors

[00:49:11] VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636af

https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

[00:55:11] MediaTek rootkit affecting millions of Android devices

[01:01:56] Zoho ManageEngine RCE

[01:11:25] RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555)

[01:14:22] Regex Vulnerabilities - parse-community/parse-server

[01:18:57] HTTP request smuggling using malformed Transfer-Encoding header

[01:27:20] [Nextcloud] Delete All Data of Any User

[01:30:36] Dismantling DST80-based Immobiliser Systems

[01:37:53] Exploring Backdoor Poisoning Attacks Against Malware Classifiers

[01:45:59] Code Renewability for Native Software Protection

[01:55:42] Security Analysis of Memory Tagging

[02:04:15] DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

Sign up to save your podcasts

FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast