December 17, 2019

PlunderVolt, Real-World Bug Hunting, Presidents Cup CTF, SockPuppet and more

2 hours 13 minutes

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

[00:01:18] Last Episode of the Year

[00:01:36] Real-World Bug Hunting: A Field Guide to Web Hacking

http://www.phrack.org/papers/attacking_javascript_engines.html

[00:11:29] President's Cup

[00:24:20] Better Password Protections [in Chrome]

[00:30:18] Apple DMCA's SEP Key

https://en.wikipedia.org/wiki/Illegal_number

[00:36:59] Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers

[00:48:50] Camouflage: Hardware-assisted CFI for the ARM Linux kernel

[01:00:37] Binary Planting with the npm CLI

[01:04:55] Plundervolt

[01:17:35] Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726)

[01:24:09] AirDoS: Remotely render any nearby iPhone or iPad unusable

[01:26:24] Digital Lockpicking - Stealing Keys to the Kingdom (KeyWe Smart Lock)

https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception

[01:31:44] SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4

[01:39:05] Maddie Stone: Whatsup with WhatsApp: A Detailed Walk Through of Reverse Engineering CVE-2019-3568

[01:46:37] Client-side Vulnerabilities in Commercial VPNs

[01:54:50] A Technical Review of Connected Toy Security

https://www.which.co.uk/news/2019/12/kids-karaoke-machines-and-smart-toys-from-mattel-and-vtech-among-those-found-to-have-security-flaws-in-a-which-investigation/

[02:07:43] Interactive Buffer Overflow Exploitation

https://github.com/bordplate/js86

https://nagarrosecurity.com/blog/interactive-rop-tutorial

...more

View all episodes

By dayzerosec

1010 ratings

December 17, 2019

PlunderVolt, Real-World Bug Hunting, Presidents Cup CTF, SockPuppet and more

2 hours 13 minutes

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

[00:01:18] Last Episode of the Year

[00:01:36] Real-World Bug Hunting: A Field Guide to Web Hacking

http://www.phrack.org/papers/attacking_javascript_engines.html

[00:11:29] President's Cup

[00:24:20] Better Password Protections [in Chrome]

[00:30:18] Apple DMCA's SEP Key

https://en.wikipedia.org/wiki/Illegal_number

[00:36:59] Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers

[00:48:50] Camouflage: Hardware-assisted CFI for the ARM Linux kernel

[01:00:37] Binary Planting with the npm CLI

[01:04:55] Plundervolt

[01:17:35] Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726)

[01:24:09] AirDoS: Remotely render any nearby iPhone or iPad unusable

[01:26:24] Digital Lockpicking - Stealing Keys to the Kingdom (KeyWe Smart Lock)

https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception

[01:31:44] SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4

[01:39:05] Maddie Stone: Whatsup with WhatsApp: A Detailed Walk Through of Reverse Engineering CVE-2019-3568

[01:46:37] Client-side Vulnerabilities in Commercial VPNs

[01:54:50] A Technical Review of Connected Toy Security

https://www.which.co.uk/news/2019/12/kids-karaoke-machines-and-smart-toys-from-mattel-and-vtech-among-those-found-to-have-security-flaws-in-a-which-investigation/

[02:07:43] Interactive Buffer Overflow Exploitation

https://github.com/bordplate/js86

https://nagarrosecurity.com/blog/interactive-rop-tutorial

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share PlunderVolt, Real-World Bug Hunting, Presidents Cup CTF, SockPuppet and more

Sign up to save your podcasts

PlunderVolt, Real-World Bug Hunting, Presidents Cup CTF, SockPuppet and more

PlunderVolt, Real-World Bug Hunting, Presidents Cup CTF, SockPuppet and more

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast