A shorter episode, but some really cool vulns none-the-less, from mitigation bypassing on D-Link routers, to a new set of WiFi protocol design flaws.
[00:01:14] Security Vulnerability Detection Using Deep Learning Natural Language Processing
https://arxiv.org/abs/2105.02388v1
https://samate.nist.gov/SARD/
[00:08:12] Stealing secrets with Rust Macros proof-of-concept via VSCode
https://github.com/lucky/bad_actor_poc
[00:13:21] [GitLab] RCE when removing metadata with ExifTool
https://hackerone.com/reports/1154542
https://github.com/exiftool/exiftool/blob/11.70/lib/Image/ExifTool/DjVu.pm#L233
[00:19:47] Terminal escape injection in AWS CloudShell
https://bugs.chromium.org/p/project-zero/issues/detail?id=2154
https://github.com/c9/core/blob/master/plugins/c9.ide.terminal/aceterm/libterm.js#L1276
[00:23:54] Cross-browser tracking vulnerability in Tor, Safari, Chrome and Firefox
https://fingerprintjs.com/blog/external-protocol-flooding/
[00:34:27] Fei Protocol Flashloan Vulnerability Postmortem
https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affb
https://uniswap.org/docs/v2/smart-contract-integration/providing-liquidity/
[00:44:46] One-click reflected XSS on Instagram
https://ysamm.com/?p=695
[00:47:24] D-Link Vulnerability [CVE-2021-27342]
https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html
[00:51:52] Experimental Security Assessment of Mercedes-Benz Cars
https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
[01:01:08] FragAttacks: Fragmentation & Aggregation Attacks
https://github.com/vanhoefm/fragattacks
https://www.youtube.com/watch?v=OJ9nFeuitIU
[01:10:57] Dell ‘dbutil_2_3.sys’ Kernel Exploit [CVE-2021-21551]
https://connormcgarr.github.io/cve-2020-21551-sploit/
[01:11:45] googleprojectzero/Hyntrospect
https://github.com/googleprojectzero/Hyntrospect
[01:13:01] IDA Free w/ Cloud Decompiler Dropped
https://www.hex-rays.com/ida-free/
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)