April 07, 2020

Zoom-ers, VM Escapes, and Pegasus Resurfaces

2 hours 10 minutes

First, we talk about Facebook trying to buy some spyware, and then we feast upon a number of Zoom "vulns." Follow that up with some interesting vulnerabilities including a hyper-visor Guest-to-host escape, a complicated Safari permissions bypass, and a Gitlab Parser Differential.

[00:09:31] Facebook tried to buy NSO Group's iOS spyware to monitor iPhone users

[00:14:49] Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings

[00:28:28] Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1

[00:33:20] Bug bounty platforms buy researcher silence, violate labor laws, critics say

[00:53:56] Zoom NTLM Hash Leak

[00:59:44] The 'S' in Zoom, Stands for Security

[01:05:52] Use-After-Free Vulnerability in the VMware Workstation DHCP Component [CVE-2020-3947]

https://www.vmware.com/security/advisories/VMSA-2020-0004.html

https://www.zerodayinitiative.com/advisories/ZDI-20-298/

[01:15:38] Exploiting SMBGhost for a Local Privilege Escalation [CVE-2020-0796]

[01:26:31] How to exploit parser differentials

[01:37:07] Unauthorized Camera access on iOS and macOS

[01:49:07] [Slack] Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation

[01:54:21] Physically Realizable Adversarial Examples for LiDAR Object Detection

[02:01:39] Attack matrix for Kubernetes

[02:03:34] Project Zero: TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln

[02:04:13] Tale of two hypervisor bugs - Escaping from FreeBSD bhyve

[02:08:21] So you want to be a web security researcher?

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

View all episodes

By dayzerosec

1010 ratings

April 07, 2020

Zoom-ers, VM Escapes, and Pegasus Resurfaces

2 hours 10 minutes

[00:09:31] Facebook tried to buy NSO Group's iOS spyware to monitor iPhone users

[00:14:49] Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings

[00:28:28] Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1

[00:33:20] Bug bounty platforms buy researcher silence, violate labor laws, critics say

[00:53:56] Zoom NTLM Hash Leak

[00:59:44] The 'S' in Zoom, Stands for Security

[01:05:52] Use-After-Free Vulnerability in the VMware Workstation DHCP Component [CVE-2020-3947]

https://www.vmware.com/security/advisories/VMSA-2020-0004.html

https://www.zerodayinitiative.com/advisories/ZDI-20-298/

[01:15:38] Exploiting SMBGhost for a Local Privilege Escalation [CVE-2020-0796]

[01:26:31] How to exploit parser differentials

[01:37:07] Unauthorized Camera access on iOS and macOS

[01:49:07] [Slack] Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation

[01:54:21] Physically Realizable Adversarial Examples for LiDAR Object Detection

[02:01:39] Attack matrix for Kubernetes

[02:03:34] Project Zero: TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln

[02:04:13] Tale of two hypervisor bugs - Escaping from FreeBSD bhyve

[02:08:21] So you want to be a web security researcher?

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

...more

More shows like Day[0]

View all

Critical Thinking - Bug Bounty Podcast

56 Listeners

Share Zoom-ers, VM Escapes, and Pegasus Resurfaces

Sign up to save your podcasts

Zoom-ers, VM Escapes, and Pegasus Resurfaces

Zoom-ers, VM Escapes, and Pegasus Resurfaces

More shows like Day[0]

Critical Thinking - Bug Bounty Podcast