Filtrar por gênero

Day[0]

Day[0]

dayzerosec

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.

263 - FortiJump Higher, Pishi, and Breaking Control Flow Flattening
0:00 / 0:00
1x
  • 263 - FortiJump Higher, Pishi, and Breaking Control Flow Flattening

    This week, we dive into some changes to V8CTF, the FortiJump Higher bug in Fortinet's FortiManager, as well as some coverage instrumentation on blackbox macOS binaries via Pishi.


    Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/263.html


    [00:00:00] Introduction

    [00:00:25] V8 Sandbox Bypass Rewards

    [00:25:39] Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager [CVE-2024-47575]

    [00:38:07] Pishi: Coverage guided macOS KEXT fuzzing.

    [00:44:20] Breaking Control Flow Flattening: A Deep Technical Analysis

    [00:55:10] Firefox Animation CVE-2024-9680 - Dimitri Fourny

    [00:57:13] Internship Offers for the 2024-2025 Season


    Podcast episodes are available on the usual podcast platforms:

    -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

    -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

    -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

    -- Other audio platforms can be found at https://anchor.fm/dayzerosec


    You can also join our discord: https://discord.gg/daTxTK9

    Mon, 18 Nov 2024 - 1h 00min
  • 262 - Static Analysis, LLMs, and In-The-Wild Exploit Chains

    Methodology is the theme of this week's episode. We cover posts about static analysis via CodeQL, as well as a novel blackbox binary querying language called QueryX. Project Zero also leverages Large Language Models to successfully find a SQLite vulnerability. Finally, we wrap up with some discussion on Hexacon and WOOT talks, with a focus on Clem1's In-The-Wild exploit chains insights via Google's Threat Analysis Group.


    Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/262.html


    [00:00:00] Introduction

    [00:00:35] Discovering Hidden Vulnerabilities in Portainer with CodeQL

    [00:18:12] Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX

    [00:28:25] From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

    [00:50:00] Hexacon2024 - Caught in the Wild, Past, Present and Future by Clem1

    [01:06:34] Hexacon 2024 Videos

    [01:11:34] WOOT 2024 Videos

    [01:18:38] Securing the open source supply chain: The essential role of CVEs

    [01:20:19] A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities


    Podcast episodes are available on the usual podcast platforms:

    -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

    -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

    -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

    -- Other audio platforms can be found at https://anchor.fm/dayzerosec


    You can also join our discord: https://discord.gg/daTxTK9

    Mon, 11 Nov 2024 - 1h 22min
  • 261 - Attacking Browser Extensions and CyberPanel

    In this week's episode, we talk a little bit about LLMs and how they can be used with static analysis. We also cover GitHub Security Blog's post on attacking browser extensions, as well as a somewhat controversial CyberPanel Pre-Auth RCE that was disclosed.


    Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/261.html


    [00:00:00] Introduction

    [00:01:56] Autonomous Discovery of Critical Zero-Days

    [00:14:43] Attacking browser extensions

    [00:25:26] What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE

    [00:52:15] Security research on Private Cloud Compute

    [01:01:02] Bluetooth Low Energy GATT Fuzzing


    Podcast episodes are available on the usual podcast platforms:

    -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

    -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

    -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

    -- Other audio platforms can be found at https://anchor.fm/dayzerosec


    You can also join our discord: https://discord.gg/daTxTK9


    Mon, 04 Nov 2024 - 58min
  • 260 - Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation

    In this week's episode, Specter recaps his experiences at Hardwear.IO and a PS5 hypervisor exploit chain presented there. We also cover some of the recently released DEF CON 32 talks. After the conference talk, we get into some filesystem exploit tricks and how arbitrary file write can be taken to code execution in read-only environments.


    Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/260.html


    [00:00:00] Introduction

    [00:00:27] Hardwear.io NL 2024

    [00:14:27] Byepervisor - Breaking the PS5 Hypervisor Security

    [00:26:38] DEF CON 32 Main Stage Talks

    [00:51:16] The Missing Guide to Filesystem Security

    [01:00:51] Why Code Security Matters - Even in Hardened Environments

    [01:09:12] How I Defeated An MMO Game Hack Author


    Podcast episodes are available on the usual podcast platforms:

    -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

    -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

    -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

    -- Other audio platforms can be found at https://anchor.fm/dayzerosec


    You can also join our discord: https://discord.gg/daTxTK9

    Tue, 29 Oct 2024 - 1h 11min
  • 259 - Zendesk's Email Fiasco and Rooting Linux with a Lighter

    In this week's episode, we cover the fiasco of a vulnerability in Zendesk that could allow intrusion into multiple fortune 500 companies. We also discuss a project zero blogpost that talks about fuzzing Dav1d and the challenges of fuzzing, as well as rooting Linux via EMFI with a lighter.


    Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/259.html


    [00:00:00] Introduction

    [00:00:57] 1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

    [00:27:10] Effective Fuzzing: A Dav1d Case Study

    [00:40:15] Can You Get Root With Only a Cigarette Lighter?


    Podcast episodes are available on the usual podcast platforms:

    -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

    -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

    -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

    -- Other audio platforms can be found at https://anchor.fm/dayzerosec


    You can also join our discord: https://discord.gg/daTxTK9

    Wed, 16 Oct 2024 - 50min
Mostrar mais episódios