Avsnitt iOS 0days are worthless, PrintDemon, and a takeover of hackerone Day[0] Spela Dela Facebook Twitter Kopiera länk
Are iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0]. [00:00:52] [UPDATE] Huawei HKSP Introduces Trivially Exploitable Vulnerability https://github.com/cloudsec/aksp/blob/master/hksp.patch [00:11:59] iOS one-click chains prices likely to drop https://www.hackasat.com/ [00:33:30] Defcon Quals 2020 https://hxp.io/blog/72/DEFCON-CTF-Quals-2020-notbefoooled/ [00:46:33] vBulletin 5.6.1 SQL Injection [00:52:52] Subdomain takeover of resources.hackerone.com [01:01:11] MyLittleAdmin PreAuth RCE [01:06:13] DOM-Based XSS at accounts.google.com by Google Voice Extension. [01:16:47] Playing with GZIP: RCE in GLPI [CVE-2020-11060] [01:36:24] Reverse RDP - The Path Not Taken [01:44:19] PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth [CVE-2020-1048] https://twitter.com/VbScrub/status/1260598344650539009 [01:53:34] Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently [02:00:29] Cloud WAF Comparison Using Real-World Attacks https://medium.com/fraktal/cloud-waf-comparison-part-2-e6e2d25f558chttps://en.wikipedia.org/wiki/Server_Side_Includes [02:18:20] Fuzzing TLS certificates from their ASN.1 grammar [02:22:25] DHS CISA and FBI share list of top 10 most exploited vulnerabilities Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0]) Rss Apple Podcaster →