Day[0] dayzerosec
-
- Technology
-
A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.
-
[binary] Bypassing KASLR and a FortiGate RCE
Bit of a lighter episode this week with a Linux Kernel ASLR bypass and a clever exploit to RCE FortiGate SSL VPN.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/252.html
[00:00:00] Introduction
[00:00:29] KASLR bypass in privilege-less containers
[00:13:13] Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
[00:19:32] Making Mojo Exploits More Difficult
[00:22:57] Robots Dream of Root Shells
[00:27:02] Gaining kernel code execution on an MTE-enabled Pixel 8
[00:28:23] SMM isolation - Security policy reporting (ISSR)
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9 -
[bounty] RCE'ing Mailspring and a .NET CRLF Injection
In this week's bounty episode, an attack takes an XSS to RCE on Mailspring, a simple MFA bypass is covered, and a .NET CRLF injection is detailed in its FTP functionality.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/251.html
[00:00:00] Introduction
[00:00:20] Making Desync attacks easy with TRACE
[00:16:01] Reply to calc: The Attack Chain to Compromise Mailspring
[00:35:29] $600 Simple MFA Bypass with GraphQL
[00:38:38] Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability [CVE-2023-36049]
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9 -
[binary] Future of Exploit Development Followup
In the 250th episode, we have a follow-up discussion to our "Future of
Exploit Development" video from 2020. Memory safety and the impacts of
modern mitigations on memory corruption are the main focus. -
[bounty] libXPC to Root and Digital Lockpicking
In this episode we have an libXPC root privilege escalation, a run-as debuggability check bypass in Android, and digital lockpicking on smart locks.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/249.html
[00:00:00] Introduction
[00:00:21] Progress OpenEdge Authentication Bypass Deep-Dive [CVE-2024-1403]
[00:05:19] xpcroleaccountd Root Privilege Escalation [CVE-2023-42942]
[00:10:50] Bypassing the “run-as” debuggability check on Android via newline injection
[00:18:09] Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2: discovered vulnerabilities)
[00:43:06] Using form hijacking to bypass CSP
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9 -
[binary] Binary Ninja Free and K-LEAK
In this week's binary episode, Binary Ninja Free releases along with Binja 4.0, automated infoleak exploit generation for the Linux kernel is explored, and Nintendo sues Yuzu.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/248.html
[00:00:00] Introduction
[00:00:31] Binary Ninja Free
[00:10:25] K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel
[00:19:53] Glitching in 3D: Low Cost EMFI Attacks
[00:22:08] Nintendo vs. Yuzu
[00:38:32] Finding Gadgets for CPU Side-Channels with Static Analysis Tools
[00:40:12] ThinkstScapes Research Roundup - Q4 - 2023
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9 -
[bounty] Hacking Google AI and SAML
A shorter episode this week, featuring some vulnerabilities impacting Google's AI and a SAML auth bypass.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/247.html
[00:00:00] Introduction
[00:00:31] We Hacked Google A.I. for $50,000
[00:17:26] SAML authentication bypass vulnerability in RobotsAndPencils/go-saml [CVE-2023-48703]
[00:22:17] Exploiting CSP Wildcards for Google Domains
[00:26:11] ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Customer Reviews
Very Insightful
If you are interested in the field or already in it, these conversations are great. They are long but this is not a trivial topic. The links they provide are very helpful
Good Podcast
Good Podcast
Heavy set host constantly interrupts Co host
Love the show but the “heavy set” host seems to have an attitude and is rude to his cohost.