Sign up to save your podcasts
Or
Share Google exposes an APT campaign, PHP owned, and Several Auth Issues
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Day[0]](https://podcast-api-images.s3.amazonaws.com/corona/show/870239/logo_300x300.jpeg){kind=logo}
Google exposes an APT campaign, PHP owned, and Several Auth Issues
Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption.
[00:00:46] Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy
[00:21:48] PHP Git Compromised
[00:32:24] [Google Chrome] File System Access API vulnerabilities
[00:37:58] Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos
[00:42:05] GHSL-2020-323: Template injection in a GitHub workflow of geek-cookbook
[00:47:58] H2C Smuggling in the Wild
[00:53:27] H2C Smuggling in the Wild
[00:57:18] Multiple Authorization bypass issues in Google's Richmedia Studio
[01:06:15] DD-WRT UPNP Buffer Overflow
[01:10:36] GHSL-2021-045: Integer Overflow in GLib - [CVE-2021-27219]
[01:14:12] Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities
[01:22:50] One day short of a full chain: Part 3 - Chrome renderer RCE
[01:35:37] Chat Question: Where to learn about Windows Heap exploitation
[01:39:44] Adobe Reader CoolType arbitrary stack manipulation in Type 1/Multiple Master othersubrs 14-18
[01:46:26] Eliminating XSS from WebUI with Trusted Types
[01:54:19] Hidden OAuth attack vectors
[02:03:05] The Future of C Code Review
[02:15:03] Microsoft Exchange Server-Side Request Forgery [CVE-2021-26855]
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
View all episodes
By dayzerosec
4
1010 ratings
Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption.
[00:00:46] Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy
[00:21:48] PHP Git Compromised
[00:32:24] [Google Chrome] File System Access API vulnerabilities
[00:37:58] Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos
[00:42:05] GHSL-2020-323: Template injection in a GitHub workflow of geek-cookbook
[00:47:58] H2C Smuggling in the Wild
[00:53:27] H2C Smuggling in the Wild
[00:57:18] Multiple Authorization bypass issues in Google's Richmedia Studio
[01:06:15] DD-WRT UPNP Buffer Overflow
[01:10:36] GHSL-2021-045: Integer Overflow in GLib - [CVE-2021-27219]
[01:14:12] Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities
[01:22:50] One day short of a full chain: Part 3 - Chrome renderer RCE
[01:35:37] Chat Question: Where to learn about Windows Heap exploitation
[01:39:44] Adobe Reader CoolType arbitrary stack manipulation in Type 1/Multiple Master othersubrs 14-18
[01:46:26] Eliminating XSS from WebUI with Trusted Types
[01:54:19] Hidden OAuth attack vectors
[02:03:05] The Future of C Code Review
[02:15:03] Microsoft Exchange Server-Side Request Forgery [CVE-2021-26855]
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
More shows like Day[0]
View all
Critical Thinking - Bug Bounty Podcast
56 Listeners