March 17, 2020

How to Hack a CTF and more (LVI, TRRespass and some web-exploits)

1 hour 57 minutes

Start off by looking at a few Google Cloud attacks, a couple named vulns (LVI: Load Value Injection, and TRRespass) and then into some web-focused exploits including how to hack a CTF.

[00:00:15] P2O Vancouver now remote-only

[00:04:10] Announcing our first GCP VRP Prize winner and updates to 2020 program

https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/

[00:18:36] Whisper has exposed all user information

[00:28:10] LVI: Hijacking Transient Execution with Load Value Injection

[00:39:13] TRRespass: Exploiting the Many Sides ofTarget Row Refresh

[00:47:17] The unexpected Google wide domain check bypass

[00:56:34] Facebook OAuth Framework Vulnerability

[01:06:36] JSON CSRF with method override technique

[01:13:20] Breaking the Competition

[01:23:26] [Slack] TURN server allows TCP and UDP proxying to internal network

[01:26:08] [Slack] HTTP Request Smuggling to steal session cookies

[01:30:46] [Slack] DTLS uses a private key that is in the public domain

[01:32:55] [htmr] DOM-based XSS

[01:42:08] A Compiler Assisted Scheduler for Detecting and Mitigating Cache-Based Side Channel Attacks

[01:50:00] Bypassing memory safety mechanisms through speculative control flow hijacks

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

View all episodes

By dayzerosec

1010 ratings

March 17, 2020

How to Hack a CTF and more (LVI, TRRespass and some web-exploits)

1 hour 57 minutes

Start off by looking at a few Google Cloud attacks, a couple named vulns (LVI: Load Value Injection, and TRRespass) and then into some web-focused exploits including how to hack a CTF.

[00:00:15] P2O Vancouver now remote-only

[00:04:10] Announcing our first GCP VRP Prize winner and updates to 2020 program

https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/

[00:18:36] Whisper has exposed all user information

[00:28:10] LVI: Hijacking Transient Execution with Load Value Injection

[00:39:13] TRRespass: Exploiting the Many Sides ofTarget Row Refresh

[00:47:17] The unexpected Google wide domain check bypass

[00:56:34] Facebook OAuth Framework Vulnerability

[01:06:36] JSON CSRF with method override technique

[01:13:20] Breaking the Competition

[01:23:26] [Slack] TURN server allows TCP and UDP proxying to internal network

[01:26:08] [Slack] HTTP Request Smuggling to steal session cookies

[01:30:46] [Slack] DTLS uses a private key that is in the public domain

[01:32:55] [htmr] DOM-based XSS

[01:42:08] A Compiler Assisted Scheduler for Detecting and Mitigating Cache-Based Side Channel Attacks

[01:50:00] Bypassing memory safety mechanisms through speculative control flow hijacks

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share How to Hack a CTF and more (LVI, TRRespass and some web-exploits)

Sign up to save your podcasts

How to Hack a CTF and more (LVI, TRRespass and some web-exploits)

How to Hack a CTF and more (LVI, TRRespass and some web-exploits)

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast