Day[0]

PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking

Listen Later

A couple privacy violations, PDF exploits, and a complicated API being misused by developers.

[00:00:48] Brave browser leaks onion addresses in DNS traffic

  • https://ramble.pw/f/privacy/2387

    • [00:07:05] Tales of Favicons and Caches: Persistent Tracking in Modern Browsers

    • https://www.ndss-symposium.org/ndss-paper/tales-of-favicons-and-caches-persistent-tracking-in-modern-browsers/

      • [00:18:12] Shadow Attacks: Hiding and Replacing Content in Signed PDFs

      • https://www.ndss-symposium.org/ndss-paper/shadow-attacks-hiding-and-replacing-content-in-signed-pdfs/

        • [00:28:20] Getting Information Disclosure in Adobe Reader Through the ID Tag

        • https://www.thezdi.com/blog/2021/2/17/zdi-21-171-getting-information-disclosure-in-adobe-reader-through-the-id-tag

          • [00:32:42] Middleware everywhere and lots of misconfigurations to fix

          • https://labs.detectify.com/2021/02/18/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/

            • [00:43:05] GPGme used confusion, it's super effective !

            • https://www.synacktiv.com/en/publications/gpgme-used-confusion-its-super-effective.html

              • [00:51:58] Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions

              • https://emvrace.github.io

                • [01:01:11] Hunting for bugs in Telegram's animated stickers remote attack surface

                • https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/

                  • [01:08:03] Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits

                  • https://arxiv.org/abs/2102.07869v1

                    • [01:20:27] Model Skewing Attacks on Machine Learning Models

                    • https://payatu.com/blog/nikhilj/sec4ml-machine-learning-model-skewing-data-poisoning

                      • [01:21:37] Future of Exploit Development - 2021 and Beyond

                      • https://www.youtube.com/watch?v=o_hk9nh8S1M

                        • Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

                        Or the video archive on Youtube (@dayzerosec)

                        ...more
                        View all episodesView all episodes
                        Download on the App Store
                        Day[0]By dayzerosec
                        • 4
                        • 4
                        • 4
                        • 4
                        • 4

                        4

                        10 ratings

                        More shows like Day[0]

                        View all
                        Critical Thinking - Bug Bounty Podcast by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)

                        Critical Thinking - Bug Bounty Podcast

                        56 Listeners