October 20, 2020

Some Discord, a Bad Neighbor and a BleedingTooth

2 hours 16 minutes

It has been a while since we had an exploit extravaganza but here we are. Several binary-level issues from Bad Neighbor on Windows to BleedingTooth on Linux, and several vulns in Qualcomm SoCs, even a Discord RCE.

[00:00:57] Introducing Edge Vulnerability Research

[00:06:57] Cache Partitioning in Chrome

[00:10:29] Magma: A Ground-Truth Fuzzing Benchmark

[00:25:27] "Bits Please!" - CVE-2020-16938

[00:29:50] ContainerDrip [CVE-2020-15157]

[00:40:01] Discord Desktop app RCE

[00:52:34] Time Based SQLi via referrer header

https://www.fedscoop.com/hack-the-army-2-results/

[00:57:35] PyYAML 0day

[01:09:24] Phantom of the ADAS

[01:15:03] Rollback Attack in Mozilla Maintenance Service

[01:19:33] Glitching The MediaTek BootROM

[01:25:05] AssaultCube RCE: Technical Analysis

[01:32:27] CVE-2020-12928 - Privilege Escalation in AMD Ryzen Master

[01:35:38] Major Vulnerabilities in Qualcomm QCMAP

[01:42:58] Bad Neighbor - RCE in Windows ICMPv6 Router Advertisement

[01:51:16] DOS2RCE: A New Technique to Exploit V8 NULL Pointer Dereference Bug (see: https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers)

[01:56:34] BleedingTooth - Linux Bluetooth Zero-Click RCE

https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq

https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq

https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649

[02:07:25] shmdt doesn't check the tag of pointers

[02:12:29] Security Analysis of the CHERI ISA

[02:13:18] Evading defences using VueJS script gadgets

[02:14:32] Sega Master System Architecture - A Practical Analysis

[02:14:52] IPC scripts for access to Intel CRBUS

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on

...more

View all episodes

By dayzerosec

1010 ratings

October 20, 2020

Some Discord, a Bad Neighbor and a BleedingTooth

2 hours 16 minutes

[00:00:57] Introducing Edge Vulnerability Research

[00:06:57] Cache Partitioning in Chrome

[00:10:29] Magma: A Ground-Truth Fuzzing Benchmark

[00:25:27] "Bits Please!" - CVE-2020-16938

[00:29:50] ContainerDrip [CVE-2020-15157]

[00:40:01] Discord Desktop app RCE

[00:52:34] Time Based SQLi via referrer header

https://www.fedscoop.com/hack-the-army-2-results/

[00:57:35] PyYAML 0day

[01:09:24] Phantom of the ADAS

[01:15:03] Rollback Attack in Mozilla Maintenance Service

[01:19:33] Glitching The MediaTek BootROM

[01:25:05] AssaultCube RCE: Technical Analysis

[01:32:27] CVE-2020-12928 - Privilege Escalation in AMD Ryzen Master

[01:35:38] Major Vulnerabilities in Qualcomm QCMAP

[01:42:58] Bad Neighbor - RCE in Windows ICMPv6 Router Advertisement

[01:51:16] DOS2RCE: A New Technique to Exploit V8 NULL Pointer Dereference Bug (see: https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers)

[01:56:34] BleedingTooth - Linux Bluetooth Zero-Click RCE

https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq

https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq

https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649

[02:07:25] shmdt doesn't check the tag of pointers

[02:12:29] Security Analysis of the CHERI ISA

[02:13:18] Evading defences using VueJS script gadgets

[02:14:32] Sega Master System Architecture - A Practical Analysis

[02:14:52] IPC scripts for access to Intel CRBUS

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

55 Listeners

Share Some Discord, a Bad Neighbor and a BleedingTooth

Sign up to save your podcasts

Some Discord, a Bad Neighbor and a BleedingTooth

Some Discord, a Bad Neighbor and a BleedingTooth

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast