March 03, 2020

kr00k, GhostCat, and more issues from NordVPN, Samsung, OpenSMTPd

1 hour 46 minutes

Join Specter and zi at they discuss several named vulns (kr00k, Forgot2kEyXCHANGE, GhostCat), the benefits of DNS-over-HTTPS, and a a few vulns in some of our regular targets: Samsung drivers, NordVPN, OpenSMTPd.

[00:01:13] Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen

[00:06:13] Firefox continues push to bring DNS over HTTPS by default for US users

https://github.com/curl/curl/wiki/DNS-over-HTTPS

[00:19:07] Securing Memory at EPYC Scale

[00:26:30] How a Hacker's Mom Broke Into a Prison—and the Warden's Computer

[00:29:12] kr00k | ESET

[00:33:14] CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys

[00:37:41] CVE-2020-1938: Ghostcat vulnerability

[00:46:16] LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

[00:55:43] Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance

https://hackerone.com/reports/374737

[01:00:30] x-request-id header reflected in server response without sanitization

[01:05:54] Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection

https://hackerone.com/valve/hacktivity

[01:12:56] Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition

[01:14:59] Samsung Kernel Arbitrary /dev/vipx / /dev/vertex kfree

[01:18:34] Samsung Kernel /dev/vipx Pointer Leak

[01:22:21] HFL: Hybrid Fuzzing on the Linux Kernel – NDSS Symposium

[01:30:32] Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors

[01:38:27] Evasion techniques

[01:39:31] Hacking Unicode Like a Boss

[01:43:05] Pwning VMware, Part 2: ZDI-19-421, a UHCI bug | nafod

[01:44:48] Intro to chrome's v8 from an exploit development angle

Watch Live on Twitch (@dayzerosec) at 3PM EST

...more

View all episodes

By dayzerosec

1010 ratings

March 03, 2020

kr00k, GhostCat, and more issues from NordVPN, Samsung, OpenSMTPd

1 hour 46 minutes

[00:01:13] Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen

[00:06:13] Firefox continues push to bring DNS over HTTPS by default for US users

https://github.com/curl/curl/wiki/DNS-over-HTTPS

[00:19:07] Securing Memory at EPYC Scale

[00:26:30] How a Hacker's Mom Broke Into a Prison—and the Warden's Computer

[00:29:12] kr00k | ESET

[00:33:14] CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys

[00:37:41] CVE-2020-1938: Ghostcat vulnerability

[00:46:16] LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

[00:55:43] Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance

https://hackerone.com/reports/374737

[01:00:30] x-request-id header reflected in server response without sanitization

[01:05:54] Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection

https://hackerone.com/valve/hacktivity

[01:12:56] Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition

[01:14:59] Samsung Kernel Arbitrary /dev/vipx / /dev/vertex kfree

[01:18:34] Samsung Kernel /dev/vipx Pointer Leak

[01:22:21] HFL: Hybrid Fuzzing on the Linux Kernel – NDSS Symposium

[01:30:32] Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors

[01:38:27] Evasion techniques

[01:39:31] Hacking Unicode Like a Boss

[01:43:05] Pwning VMware, Part 2: ZDI-19-421, a UHCI bug | nafod

[01:44:48] Intro to chrome's v8 from an exploit development angle

Watch Live on Twitch (@dayzerosec) at 3PM EST

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share kr00k, GhostCat, and more issues from NordVPN, Samsung, OpenSMTPd

Sign up to save your podcasts

kr00k, GhostCat, and more issues from NordVPN, Samsung, OpenSMTPd

kr00k, GhostCat, and more issues from NordVPN, Samsung, OpenSMTPd

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast