May 19, 2020

iOS 0days are worthless, PrintDemon, and a takeover of hackerone

2 hours 32 minutes

Are iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0].

[00:00:52] [UPDATE] Huawei HKSP Introduces Trivially Exploitable Vulnerability

https://github.com/cloudsec/aksp/blob/master/hksp.patch

[00:11:59] iOS one-click chains prices likely to drop

https://www.hackasat.com/

[00:33:30] Defcon Quals 2020

https://hxp.io/blog/72/DEFCON-CTF-Quals-2020-notbefoooled/

[00:46:33] vBulletin 5.6.1 SQL Injection

[00:52:52] Subdomain takeover of resources.hackerone.com

[01:01:11] MyLittleAdmin PreAuth RCE

[01:06:13] DOM-Based XSS at accounts.google.com by Google Voice Extension.

[01:16:47] Playing with GZIP: RCE in GLPI [CVE-2020-11060]

[01:36:24] Reverse RDP - The Path Not Taken

[01:44:19] PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth [CVE-2020-1048]

https://twitter.com/VbScrub/status/1260598344650539009

[01:53:34] Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently

[02:00:29] Cloud WAF Comparison Using Real-World Attacks

https://medium.com/fraktal/cloud-waf-comparison-part-2-e6e2d25f558c

https://en.wikipedia.org/wiki/Server_Side_Includes

[02:18:20] Fuzzing TLS certificates from their ASN.1 grammar

[02:22:25] DHS CISA and FBI share list of top 10 most exploited vulnerabilities

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

View all episodes

By dayzerosec

1010 ratings

May 19, 2020

iOS 0days are worthless, PrintDemon, and a takeover of hackerone

2 hours 32 minutes

Are iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0].

[00:00:52] [UPDATE] Huawei HKSP Introduces Trivially Exploitable Vulnerability

https://github.com/cloudsec/aksp/blob/master/hksp.patch

[00:11:59] iOS one-click chains prices likely to drop

https://www.hackasat.com/

[00:33:30] Defcon Quals 2020

https://hxp.io/blog/72/DEFCON-CTF-Quals-2020-notbefoooled/

[00:46:33] vBulletin 5.6.1 SQL Injection

[00:52:52] Subdomain takeover of resources.hackerone.com

[01:01:11] MyLittleAdmin PreAuth RCE

[01:06:13] DOM-Based XSS at accounts.google.com by Google Voice Extension.

[01:16:47] Playing with GZIP: RCE in GLPI [CVE-2020-11060]

[01:36:24] Reverse RDP - The Path Not Taken

[01:44:19] PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth [CVE-2020-1048]

https://twitter.com/VbScrub/status/1260598344650539009

[01:53:34] Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently

[02:00:29] Cloud WAF Comparison Using Real-World Attacks

https://medium.com/fraktal/cloud-waf-comparison-part-2-e6e2d25f558c

https://en.wikipedia.org/wiki/Server_Side_Includes

[02:18:20] Fuzzing TLS certificates from their ASN.1 grammar

[02:22:25] DHS CISA and FBI share list of top 10 most exploited vulnerabilities

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

55 Listeners

Share iOS 0days are worthless, PrintDemon, and a takeover of hackerone

Sign up to save your podcasts

iOS 0days are worthless, PrintDemon, and a takeover of hackerone

iOS 0days are worthless, PrintDemon, and a takeover of hackerone

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast