Day[0]

Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat

Listen Later

One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features.

[00:00:46] nOtWASP bottom 10: vulnerabilities that make you cry

  • https://portswigger.net/research/notwasp-bottom-10-vulnerabilities-that-make-you-cry

    • [00:07:28] Click here for free TV! - Chaining bugs to takeover Wind Vision accounts

    • https://labs.f-secure.com/blog/wind-vision-writeup/

      • [00:15:28] Elevate Yourself to Admin in Umbraco CMS 8.9.0 (CVE-2020-29454)

      • https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/elevate-yourself-to-admin-in-umb-cms-890-cve-2020-29454/

        • [00:23:19] "netmask" npm package vulnerable to octal input data [CVE-2021-28918]

        • https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/

          • [00:28:38] [HackerOne] Jira integration plugin Leaked JWT

          • https://hackerone.com/reports/1103582

            • [00:33:20] [Kaspersky] A vulnerability in KAVKIS 2020 products family allows full disabling of protection

            • https://hackerone.com/reports/870615

              • [00:38:06] [Rocket.Chat] Account takeover via XSS

              • https://hackerone.com/reports/735638

                • [00:43:18] This man thought opening a TXT file is fine, he thought wrong. macOS [CVE-2019-8761]

                • https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html

                  • [00:52:41] Who Contains the Containers?

                  • https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html

                    • [01:06:11] Getting Code Execution on Apache Druid [CVE-2021-25646]

                    • https://www.thezdi.com/blog/2021/3/25/cve-2021-25646-getting-code-execution-on-apache-druid

                      • [01:12:59] Security Analysis of AMD Predictive Store Forwarding

                      • https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf

                        • [01:19:58] Pluralsight free for April

                        • https://www.pluralsight.com/

                          • [01:21:54] Pwn2Own 2021

                          • https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results

                            • Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

                            Or the video archive on Youtube (@dayzerosec)

                            ...more
                            View all episodesView all episodes
                            Download on the App Store
                            Day[0]By dayzerosec
                            • 4
                            • 4
                            • 4
                            • 4
                            • 4

                            4

                            10 ratings

                            More shows like Day[0]

                            View all
                            Critical Thinking - Bug Bounty Podcast by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)

                            Critical Thinking - Bug Bounty Podcast

                            56 Listeners