IDA...Go home, Sandboxie source, and some RCEs (TP-Link, Starcraft 1, OhMyZsh)

Starting off the week with a discussion about the disappointing IDA Home, before moving into a few easy command injections, code-reuse attacks applied to XSS, detecting trojaned hardware and ending with a subtle crypto-bug.

[00:00:45] DAY[0] Episode Transcripts now Available

[00:02:53] Microsoft Buys Corp.com to Keep It Safe from Hackers (Over $1.7 Million Deal)

[00:05:42] Hack for Good: Easily Donate Bounties to WHO’s COVID-19 Response Fund

[00:10:55] RetDec v4.0 is out

[00:17:33] IDA Home is coming

• https://www.sophia.re/Binary-Rockstar/index.html
• https://nostarch.com/GhidraBook

[00:33:44] Sandboxie Open Source Code is available

• https://github.com/xanasoft/Sandboxie

[00:38:01] Exploiting the TP-Link Archer A7

[00:46:50] Exploiting the Starcraft 1 EUD Bug

[00:51:23] OhMyZsh dotenv Remote Code Execution

[00:56:19] Symantec Web Gateway 5.0.2.8 Remote Code Execution

[00:59:15] VMware vCenter Server Sensitive Information Disclosure [CVE-2020-3952]

[01:01:39] Bypassing modern XSS mitigations with code-reuse attacks

[01:07:49] Practical Data Poisoning Attack against Next-Item Recommendation

[01:11:40] Hardware Trojan Detection Using Controlled Circuit Aging

[01:16:18] A "Final" Security Bug

[01:27:05] RCEed version of computer malware / rootkit MyRTUs / Stuxnet.

• https://github.com/christian-roggia/open-myrtus/blob/master/rootkit/FastIo.c
• https://xkcd.com/350/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])