Big episode this week, with a lot of discussion about CTFs, kernel drama, and Github's exploit policy. Then some really interesting exploit strategies on Tesla and Netgear, along with some simple, yet deadly issues in Wordpress and Composer.
[00:00:32] An Update on the UMN Affair
https://lwn.net/SubscriberLink/854645/334317047842b6c3/
https://www-users.cs.umn.edu/%7Ekjlu/papers/full-disclosure.pdf
[00:11:29] [GitHub] Exploits and Malware Policy Updates
https://github.com/github/site-policy/pull/397
https://github.com/github/site-policy/pull/397/commits/f220679709b60dd4d6b34465a56b89bb79efcfe6#diff-24d72c4cb9785e60d5cbf50905291a5e079f4efd8c03f67904077cc2af4b8412L34
[00:18:22] OOO - DEF CON CTF
https://oooverflow.io/
https://twitter.com/oooverflow/status/1388920554111987715
[00:34:23] BadAlloc - Memory Allocation Vulnerabilities
https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
[00:40:15] I See Dead μops: Leaking Secrets via Intel/AMDMicro-Op Caches
http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf
https://comparch.org/2021/05/01/i-see-dead-uops-thoughts-on-the-latest-spectre-paper-targeting-uop-caches/
[00:54:43] Brave - Stealing your cookies remotely
https://infosecwriteups.com/brave-stealing-your-cookies-remotely-1e09d1184675
[00:57:37] Facebook account takeover due to unsafe redirects after the OAuth flow
https://ysamm.com/?p=667
[01:03:11] WordPress 5.7 XXE Vulnerability
https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/
[01:05:43] PHP Supply Chain Attack on Composer
https://blog.sonarsource.com/php-supply-chain-attack-on-composer
[01:10:25] Multiple Issues in Libre Wireless LS9 Modules
https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/
[01:14:50] macOS Gatekeeper Bypass
https://objective-see.com/blog/blog_0x64.html
https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508
[01:19:28] Linux Kernel /proc/pid/syscall information disclosure vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
[01:24:08] Remote Zero-Click Exploit in Tesla Automobiles
https://kunnamon.io/tbone/
[01:31:00] NETGEAR Nighthawk R7000 httpd PreAuth RCE
https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/
[01:34:43] Parallels Desktop RDPMC Hypercall Interface and Vulnerabilities
https://www.zerodayinitiative.com/blog/2021/4/26/parallels-desktop-rdpmc-hypercall-interface-and-vulnerabilities
[01:39:24] Exploiting Undocumented Hardware Blocks in the LPC55S69
https://oxide.computer/blog/lpc55/
[01:40:05] python stdlib "ipaddress" - Improper Input Validation [CVE-2021-29921]
https://sick.codes/sick-2021-014/
[01:40:35] Ham Hacks: Breaking Into Software-defined Radio
https://labs.bishopfox.com/industry-blog/ham-hacks-breaking-into-software-defined-radio
[01:41:59] gand3lf/heappy: A happy heap editor to support your exploitation process
https://github.com/Gand3lf/heappy
[01:43:38] LiveQL Episode II: The Rhino in the room
https://securitylab.github.co