April 20, 2021

Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering

1 hour 23 minutes

Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups.

[00:00:26] Project Zero: Policy and Disclosure: 2021 Edition

https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html

[00:06:27] Remote exploitation of a man-in-the-disk vulnerability in WhatsApp [CVE-2021-24027]

https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/

[00:14:06] Allow arbitrary URLs, expect arbitrary code execution

https://positive.security/blog/url-open-rce

[00:18:29] GHSL-2020-340: log injection in SAP/Infrabox

https://securitylab.github.com/advisories/GHSL-2020-340/

[00:22:21] Duo Two-factor Authentication Bypass

https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/

[00:31:22] [Grammarly] Ability to DOS any organization's SSO and open up the door to account takeovers

https://hackerone.com/reports/976603

[00:35:50] From 0 to RCE: Cockpit CMS

https://swarm.ptsecurity.com/rce-cockpit-cms/?d

[00:41:41] Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape

https://www.bugcrowd.com/blog/big-bugs-cve-2020-28914/

[00:48:52] xscreensaver: raw socket leaked

https://bugs.chromium.org/p/project-zero/issues/detail?id=2174

[00:51:31] Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)

https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/

https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html

[00:59:49] Exploiting System Mechanic Driver

https://voidsec.com/exploiting-system-mechanic-driver/

[01:03:27] Zero-day vulnerability in Desktop Window Manager used in the wild [CVE-2021-28310]

https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/

[01:08:33] Windows Defender mpengine remote code execution [CVE-2021-1647]

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1647.html

[01:13:55] ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3

https://leethax0.rs/2021/04/ElectricChrome/

http://www.phrack.org/papers/attacking_javascript_engines.html

[01:20:36] QEMU and U: Whole-system tracing with QEMU customization

https://www.atredis.com/blog/qemu-and-u-whole-system-tracing-with-qemu-customization

[01:21:31] Learning Resource - Hexterisk Blog

https://hexterisk.github.io/blog/posts/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)

...more

View all episodes

By dayzerosec

1010 ratings

April 20, 2021

Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering

1 hour 23 minutes

Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups.

[00:00:26] Project Zero: Policy and Disclosure: 2021 Edition

https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html

[00:06:27] Remote exploitation of a man-in-the-disk vulnerability in WhatsApp [CVE-2021-24027]

https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/

[00:14:06] Allow arbitrary URLs, expect arbitrary code execution

https://positive.security/blog/url-open-rce

[00:18:29] GHSL-2020-340: log injection in SAP/Infrabox

https://securitylab.github.com/advisories/GHSL-2020-340/

[00:22:21] Duo Two-factor Authentication Bypass

https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/

[00:31:22] [Grammarly] Ability to DOS any organization's SSO and open up the door to account takeovers

https://hackerone.com/reports/976603

[00:35:50] From 0 to RCE: Cockpit CMS

https://swarm.ptsecurity.com/rce-cockpit-cms/?d

[00:41:41] Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape

https://www.bugcrowd.com/blog/big-bugs-cve-2020-28914/

[00:48:52] xscreensaver: raw socket leaked

https://bugs.chromium.org/p/project-zero/issues/detail?id=2174

[00:51:31] Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)

https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/

https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html

[00:59:49] Exploiting System Mechanic Driver

https://voidsec.com/exploiting-system-mechanic-driver/

[01:03:27] Zero-day vulnerability in Desktop Window Manager used in the wild [CVE-2021-28310]

https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/

[01:08:33] Windows Defender mpengine remote code execution [CVE-2021-1647]

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1647.html

[01:13:55] ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3

https://leethax0.rs/2021/04/ElectricChrome/

http://www.phrack.org/papers/attacking_javascript_engines.html

[01:20:36] QEMU and U: Whole-system tracing with QEMU customization

https://www.atredis.com/blog/qemu-and-u-whole-system-tracing-with-qemu-customization

[01:21:31] Learning Resource - Hexterisk Blog

https://hexterisk.github.io/blog/posts/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering

Sign up to save your podcasts

Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering

Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast