February 11, 2020

Hack Twitter, WhatsApp and all your Cisco phones (CDPwn) ft. GhostKnight

1 hour 38 minutes

Android, Bluetooth, Microsoft, NordVPN, Twitter, WhatsApp, Cisco, vulns for days impacting several big names and a couple new attack ideas, blind regex injection and GhostKnight a technique to breach data integrity using speculative execution.

[00:01:07] Updated re. Sudo Exploit

[00:03:32] Charges Filed against Four Chinese PLA Hackers for part in 2017 Equifax Breach

[00:06:06] Announcing a Targeted Incentive Program for Selected Trend Micro Products

[00:11:01] Android Security Bulletin - February 2020

https://android.googlesource.com/kernel/common/+/5eeb2ca0

https://android.googlesource.com/kernel/common/+/5eeb2ca0%5E%21/#F0

[00:17:06] Critical Bluetooth Vulnerability in Android (CVE-2020-0022)

[00:22:48] Dangerous Domain Corp.com Goes Up for Sale

[00:37:43] NordVPN - IDOR allow access to payments data of any user

https://hackerone.com/nordvpn

[00:43:35] Twitter - Bypass Password Authentication for updating email and phone number

[00:48:27] WhatsApp Desktop XSS to Local File read (CVE-2019-18426)

[01:03:03] CDPwn: 5 Zero-Days in Cisco Discovery Protocol

[01:15:07] A Rough Idea of Blind Regular Expression Injection Attack

https://speakerdeck.com/lmt_swallow/revisiting-redos-a-rough-idea-of-data-exfiltration-by-redos-and-side-channel-techniques

[01:20:45] GhostKnight: Breaching Data Integrity via Speculative Execution

[01:26:00] BRIGHTNESS: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness

[01:30:27] Forging SWIFT MT Payment Messages for fun and pr... research!

[01:35:22] Grooming the iOS Kernel Heap

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

View all episodes

By dayzerosec

1010 ratings

February 11, 2020

Hack Twitter, WhatsApp and all your Cisco phones (CDPwn) ft. GhostKnight

1 hour 38 minutes

[00:01:07] Updated re. Sudo Exploit

[00:03:32] Charges Filed against Four Chinese PLA Hackers for part in 2017 Equifax Breach

[00:06:06] Announcing a Targeted Incentive Program for Selected Trend Micro Products

[00:11:01] Android Security Bulletin - February 2020

https://android.googlesource.com/kernel/common/+/5eeb2ca0

https://android.googlesource.com/kernel/common/+/5eeb2ca0%5E%21/#F0

[00:17:06] Critical Bluetooth Vulnerability in Android (CVE-2020-0022)

[00:22:48] Dangerous Domain Corp.com Goes Up for Sale

[00:37:43] NordVPN - IDOR allow access to payments data of any user

https://hackerone.com/nordvpn

[00:43:35] Twitter - Bypass Password Authentication for updating email and phone number

[00:48:27] WhatsApp Desktop XSS to Local File read (CVE-2019-18426)

[01:03:03] CDPwn: 5 Zero-Days in Cisco Discovery Protocol

[01:15:07] A Rough Idea of Blind Regular Expression Injection Attack

https://speakerdeck.com/lmt_swallow/revisiting-redos-a-rough-idea-of-data-exfiltration-by-redos-and-side-channel-techniques

[01:20:45] GhostKnight: Breaching Data Integrity via Speculative Execution

[01:26:00] BRIGHTNESS: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness

[01:30:27] Forging SWIFT MT Payment Messages for fun and pr... research!

[01:35:22] Grooming the iOS Kernel Heap

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share Hack Twitter, WhatsApp and all your Cisco phones (CDPwn) ft. GhostKnight

Sign up to save your podcasts

Hack Twitter, WhatsApp and all your Cisco phones (CDPwn) ft. GhostKnight

Hack Twitter, WhatsApp and all your Cisco phones (CDPwn) ft. GhostKnight

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast