A shorter episode, but some really cool vulns none-the-less, from mitigation bypassing on D-Link routers, to a new set of WiFi protocol design flaws.

[00:01:14] Security Vulnerability Detection Using Deep Learning Natural Language Processing

https://arxiv.org/abs/2105.02388v1

https://samate.nist.gov/SARD/

[00:08:12] Stealing secrets with Rust Macros proof-of-concept via VSCode

https://github.com/lucky/bad_actor_poc

[00:13:21] [GitLab] RCE when removing metadata with ExifTool

https://hackerone.com/reports/1154542

https://github.com/exiftool/exiftool/blob/11.70/lib/Image/ExifTool/DjVu.pm#L233

[00:19:47] Terminal escape injection in AWS CloudShell

https://bugs.chromium.org/p/project-zero/issues/detail?id=2154

https://github.com/c9/core/blob/master/plugins/c9.ide.terminal/aceterm/libterm.js#L1276

[00:23:54] Cross-browser tracking vulnerability in Tor, Safari, Chrome and Firefox

https://fingerprintjs.com/blog/external-protocol-flooding/

[00:34:27] Fei Protocol Flashloan Vulnerability Postmortem

https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affb

https://uniswap.org/docs/v2/smart-contract-integration/providing-liquidity/

[00:44:46] One-click reflected XSS on Instagram

https://ysamm.com/?p=695

[00:47:24] D-Link Vulnerability [CVE-2021-27342]

https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html

[00:51:52] Experimental Security Assessment of Mercedes-Benz Cars

https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/

https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf

[01:01:08] FragAttacks: Fragmentation & Aggregation Attacks

https://github.com/vanhoefm/fragattacks

https://www.youtube.com/watch?v=OJ9nFeuitIU

[01:10:57] Dell ‘dbutil_2_3.sys’ Kernel Exploit [CVE-2021-21551]

https://connormcgarr.github.io/cve-2020-21551-sploit/

[01:11:45] googleprojectzero/Hyntrospect

https://github.com/googleprojectzero/Hyntrospect

[01:13:01] IDA Free w/ Cloud Decompiler Dropped

https://www.hex-rays.com/ida-free/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)

Rss Apple Podcaster
Podden och tillhörande omslagsbild på den här sidan tillhör dayzerosec. Innehållet i podden är skapat av dayzerosec och inte av, eller tillsammans med, Poddtoppen.