252 episodes

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.

Day[0‪]‬ dayzerosec

    • Technology
    • 4.1 • 9 Ratings

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.

    [binary] Bypassing KASLR and a FortiGate RCE

    [binary] Bypassing KASLR and a FortiGate RCE

    Bit of a lighter episode this week with a Linux Kernel ASLR bypass and a clever exploit to RCE FortiGate SSL VPN.



    Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/252.html



    [00:00:00] Introduction

    [00:00:29] KASLR bypass in privilege-less containers

    [00:13:13] Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

    [00:19:32] Making Mojo Exploits More Difficult

    [00:22:57] Robots Dream of Root Shells

    [00:27:02] Gaining kernel code execution on an MTE-enabled Pixel 8

    [00:28:23] SMM isolation - Security policy reporting (ISSR)



    Podcast episodes are available on the usual podcast platforms:

    -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

    -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

    -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

    -- Other audio platforms can be found at https://anchor.fm/dayzerosec



    You can also join our discord: https://discord.gg/daTxTK9

    • 29 min
    [bounty] RCE'ing Mailspring and a .NET CRLF Injection

    [bounty] RCE'ing Mailspring and a .NET CRLF Injection

    In this week's bounty episode, an attack takes an XSS to RCE on Mailspring, a simple MFA bypass is covered, and a .NET CRLF injection is detailed in its FTP functionality.



    Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/251.html



    [00:00:00] Introduction

    [00:00:20] Making Desync attacks easy with TRACE

    [00:16:01] Reply to calc: The Attack Chain to Compromise Mailspring

    [00:35:29] $600 Simple MFA Bypass with GraphQL

    [00:38:38] Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability [CVE-2023-36049]



    Podcast episodes are available on the usual podcast platforms:

    -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

    -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

    -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

    -- Other audio platforms can be found at https://anchor.fm/dayzerosec



    You can also join our discord: https://discord.gg/daTxTK9

    • 43 min
    [binary] Future of Exploit Development Followup

    [binary] Future of Exploit Development Followup

    In the 250th episode, we have a follow-up discussion to our "Future of
    Exploit Development" video from 2020. Memory safety and the impacts of
    modern mitigations on memory corruption are the main focus.

    • 46 min
    [bounty] libXPC to Root and Digital Lockpicking

    [bounty] libXPC to Root and Digital Lockpicking

    In this episode we have an libXPC root privilege escalation, a run-as debuggability check bypass in Android, and digital lockpicking on smart locks.



    Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/249.html



    [00:00:00] Introduction

    [00:00:21] Progress OpenEdge Authentication Bypass Deep-Dive [CVE-2024-1403]

    [00:05:19] xpcroleaccountd Root Privilege Escalation [CVE-2023-42942]

    [00:10:50] Bypassing the “run-as” debuggability check on Android via newline injection

    [00:18:09] Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2: discovered vulnerabilities)

    [00:43:06] Using form hijacking to bypass CSP



    The DAY[0] Podcast episodes are streamed live on Twitch twice a week:

    -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities

    -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.



    We are also available on the usual podcast platforms:

    -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

    -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

    -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

    -- Other audio platforms can be found at https://anchor.fm/dayzerosec



    You can also join our discord: https://discord.gg/daTxTK9

    • 45 min
    [binary] Binary Ninja Free and K-LEAK

    [binary] Binary Ninja Free and K-LEAK

    In this week's binary episode, Binary Ninja Free releases along with Binja 4.0, automated infoleak exploit generation for the Linux kernel is explored, and Nintendo sues Yuzu.



    Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/248.html



    [00:00:00] Introduction

    [00:00:31] Binary Ninja Free

    [00:10:25] K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel

    [00:19:53] Glitching in 3D: Low Cost EMFI Attacks

    [00:22:08] Nintendo vs. Yuzu

    [00:38:32] Finding Gadgets for CPU Side-Channels with Static Analysis Tools

    [00:40:12] ThinkstScapes Research Roundup - Q4 - 2023



    The DAY[0] Podcast episodes are streamed live on Twitch twice a week:

    -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities

    -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.



    We are also available on the usual podcast platforms:

    -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

    -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

    -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

    -- Other audio platforms can be found at https://anchor.fm/dayzerosec



    You can also join our discord: https://discord.gg/daTxTK9

    • 41 min
    [bounty] Hacking Google AI and SAML

    [bounty] Hacking Google AI and SAML

    A shorter episode this week, featuring some vulnerabilities impacting Google's AI and a SAML auth bypass.



    Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/247.html



    [00:00:00] Introduction

    [00:00:31] We Hacked Google A.I. for $50,000

    [00:17:26] SAML authentication bypass vulnerability in RobotsAndPencils/go-saml [CVE-2023-48703]

    [00:22:17] Exploiting CSP Wildcards for Google Domains

    [00:26:11] ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing



    The DAY[0] Podcast episodes are streamed live on Twitch twice a week:

    -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities

    -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.



    We are also available on the usual podcast platforms:

    -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

    -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

    -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

    -- Other audio platforms can be found at https://anchor.fm/dayzerosec



    You can also join our discord: https://discord.gg/daTxTK9

    • 29 min

Customer Reviews

4.1 out of 5
9 Ratings

9 Ratings

Stauroucristou ,

Very Insightful

If you are interested in the field or already in it, these conversations are great. They are long but this is not a trivial topic. The links they provide are very helpful

watermelon animator ,

Good Podcast

Good Podcast

gghgdhj ,

Heavy set host constantly interrupts Co host

Love the show but the “heavy set” host seems to have an attitude and is rude to his cohost.

Top Podcasts In Technology

Lex Fridman Podcast
Lex Fridman
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
No Priors: Artificial Intelligence | Machine Learning | Technology | Startups
Conviction | Pod People
Acquired
Ben Gilbert and David Rosenthal
BG2Pod with Brad Gerstner and Bill Gurley
BG2Pod
TED Radio Hour
NPR

You Might Also Like

Malicious Life
Malicious Life
Hacked
Hacked
Hacking Humans
N2K Networks
Smashing Security
Graham Cluley & Carole Theriault
Darknet Diaries
Jack Rhysider
CyberWire Daily
N2K Networks