More SD-PWN, more Tesla hacks, potential RCE in Drupal, and a couple windows vulns.
[00:00:27] Congress unanimously passes federal IoT security law
https://blog.rapid7.com/2020/11/18/congress-unanimously-passes-federal-iot-security-law/
[00:06:52] The Supreme Court will hear its first big CFAA case
https://www.scotusblog.com/2020/11/case-preview-justices-to-consider-breadth-of-federal-computer-fraud-statute/
[00:13:35] How much is unauthorized access sold for?
https://xorl.wordpress.com/2020/08/26/how-much-is-unauthorized-access-sold-for/
[00:20:10] Getting Banned for Security Research
https://nedwill.github.io/blog/jekyll/update/2020/11/25/banned-for-research.html
[00:33:11] SD-PWN Part 3 - Cisco vManage
https://medium.com/realmodelabs/sd-pwn-part-3-cisco-vmanage-another-day-another-network-takeover-15731a4d75b7
[00:36:10] SD-PWN Part 4 - VMware VeloCloud
https://medium.com/realmodelabs/sd-pwn-part-4-vmware-velocloud-the-last-takeover-a7016f9a9175
[00:40:39] CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)
https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/
https://github.com/opencrx/opencrx/commit/389ff0e22851407560091dfd25b25fee0b384eed?branch=389ff0e22851407560091dfd25b25fee0b384eed&diff=split#diff-2bb58016ce7d5cdb2f11bdb60d4aa7dd5c2e2cb816c9120a7f36ac93d0b64f33L702
[00:43:54] Multiple vulnerabilities through filename manipulation (CVE-2020-28948 and CVE-2020-28949)
https://github.com/pear/Archive_Tar/issues/33
https://www.drupal.org/sa-core-2020-013
[00:47:14] SSRFs caused by bad RegEx in "private-ip"
https://johnjhacking.com/blog/cve-2020-28360/
[00:53:13] [SnapChat] Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
https://hackerone.com/reports/530974
[00:57:50] Serious flaws in Tesla Model X keyless entry system
https://www.imec-int.com/en/press/belgian-security-researchers-ku-leuven-and-imec-demonstrate-serious-flaws-tesla-model-x
[01:03:48] Windows Print Spooler Vulnerability
https://www.accenture.com/us-en/blogs/cyber-defense/discovering-exploiting-shutting-down-dangerous-windows-print-spooler-vulnerability
[01:08:30] Exploiting a “Simple” Vulnerability - In 35 Easy Steps or Less!
https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less/
https://twitter.com/gabe_k/status/1330966182543777792
There was previously a link to br0vvnn here, this blog has been shown to be part of an attempt to compromise security researchers.https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers
[01:17:55] Hitcon2020 Challenge Files + Solutions
https://github.com/david942j/ctf-writeups/tree/master/hitcon-2020
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
![Day[0]](https://is1-ssl.mzstatic.com/image/thumb/Podcasts125/v4/a6/69/69/a6696919-3987-fbc0-8e0c-1ba0e1349a2b/mza_6631746544165345331.jpg/300x300bb-75.jpg)