September 15, 2020

Raccoons, Incomplete fixes and Kernel Exploits

2 hours 22 minutes

Leading off this week's discussion is the news about the now remote CCC and Offensive Security's plans to retire OSCE. On the exploit side of things, this week we have a few recent bug bounties including a Google Maps XSS, a FreeBSD TOCTOU, and a couple of Linux kernel vulnerabilities.

[00:02:30] CCC going remote this year due to pandemic

[00:09:44] NVIDIA to Acquire Arm for $40 Billion

[00:20:36] OSCE being retired

https://ringzer0.training/

[00:34:21] Giggle; laughable security

[00:44:51] Raccoon Attack

https://portswigger.net/daily-swig/researchers-exploit-http-2-wpa3-protocols-to-stage-highly-efficient-timeless-timing-attacks

[00:53:34] Executing arbitrary code on NVIDIA GeForce NOW VMs

[01:02:07] Cache poisoning via X-Forwarded-Host

[01:08:56] Team object in GraphQL disclosed private_comment

[01:14:08] XSS->Fix->Bypass: 10000$ bounty in Google Maps

[01:28:33] Microsoft Sharepoint and Exchange Server Vulnerabilities

[01:45:35] Short story of 1 Linux Kernel Use-After-Free and 2 CVEs

[01:53:25] FreeBSD Kernel Privilege Escalation [CVE-2020-7460]

[02:02:47] WSL 2.0 dxgkrnl Driver Memory Corruption

[02:10:46] Project Zero: Attacking the Qualcomm Adreno GPU

[02:16:03] GoogleCTF 2020 Challenge Source + Exploits Release

[02:20:08] IDA Pro Tips to Add to Your Bag of Tricks

[02:20:48] Reverse Engineering: Marvel's Avengers - Developing a Server Emulator

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

View all episodes

By dayzerosec

1010 ratings

September 15, 2020

Raccoons, Incomplete fixes and Kernel Exploits

2 hours 22 minutes

[00:02:30] CCC going remote this year due to pandemic

[00:09:44] NVIDIA to Acquire Arm for $40 Billion

[00:20:36] OSCE being retired

https://ringzer0.training/

[00:34:21] Giggle; laughable security

[00:44:51] Raccoon Attack

https://portswigger.net/daily-swig/researchers-exploit-http-2-wpa3-protocols-to-stage-highly-efficient-timeless-timing-attacks

[00:53:34] Executing arbitrary code on NVIDIA GeForce NOW VMs

[01:02:07] Cache poisoning via X-Forwarded-Host

[01:08:56] Team object in GraphQL disclosed private_comment

[01:14:08] XSS->Fix->Bypass: 10000$ bounty in Google Maps

[01:28:33] Microsoft Sharepoint and Exchange Server Vulnerabilities

[01:45:35] Short story of 1 Linux Kernel Use-After-Free and 2 CVEs

[01:53:25] FreeBSD Kernel Privilege Escalation [CVE-2020-7460]

[02:02:47] WSL 2.0 dxgkrnl Driver Memory Corruption

[02:10:46] Project Zero: Attacking the Qualcomm Adreno GPU

[02:16:03] GoogleCTF 2020 Challenge Source + Exploits Release

[02:20:08] IDA Pro Tips to Add to Your Bag of Tricks

[02:20:48] Reverse Engineering: Marvel's Avengers - Developing a Server Emulator

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share Raccoons, Incomplete fixes and Kernel Exploits

Sign up to save your podcasts

Raccoons, Incomplete fixes and Kernel Exploits

Raccoons, Incomplete fixes and Kernel Exploits

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast