Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption.
[00:00:46] Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy
https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/
[00:21:48] PHP Git Compromised
https://news-web.php.net/php.internals/113838
https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a
[00:32:24] [Google Chrome] File System Access API vulnerabilities
https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome
[00:37:58] Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos
https://hackerone.com/reports/1034257
[00:42:05] GHSL-2020-323: Template injection in a GitHub workflow of geek-cookbook
https://securitylab.github.com/advisories/GHSL-2020-323-geek-cookbook-workflow/
[00:47:58] H2C Smuggling in the Wild
https://blog.assetnote.io/2021/03/18/h2c-smuggling/
https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c
[00:53:27] H2C Smuggling in the Wild
https://blog.assetnote.io/2021/03/18/h2c-smuggling/
[00:57:18] Multiple Authorization bypass issues in Google's Richmedia Studio
https://www.ehpus.com/post/multiple-authorization-bypass-issues-in-google-s-richmedia-studio
[01:06:15] DD-WRT UPNP Buffer Overflow
https://ssd-disclosure.com/ssd-advisory-dd-wrt-upnp-buffer-overflow/
https://github.com/mirror/dd-wrt/commit/da1d65a2ec471f652c77ae0067544994cdaf5e27
[01:10:36] GHSL-2021-045: Integer Overflow in GLib - [CVE-2021-27219]
https://securitylab.github.com/advisories/GHSL-2021-045-g_bytes_new/
[01:14:12] Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities
https://raelize.com/blog/qualcomm-ipq40xx-analysis-of-critical-qsee-vulnerabilities/
[01:22:50] One day short of a full chain: Part 3 - Chrome renderer RCE
https://securitylab.github.com/research/one_day_short_of_a_fullchain_renderer/
[01:35:37] Chat Question: Where to learn about Windows Heap exploitation
https://dayzerosec.com
[01:39:44] Adobe Reader CoolType arbitrary stack manipulation in Type 1/Multiple Master othersubrs 14-18
https://bugs.chromium.org/p/project-zero/issues/detail?id=2131
[01:46:26] Eliminating XSS from WebUI with Trusted Types
https://microsoftedge.github.io/edgevr/posts/eliminating-xss-with-trusted-types/
[01:54:19] Hidden OAuth attack vectors
https://portswigger.net/research/hidden-oauth-attack-vectors
[02:03:05] The Future of C Code Review
https://research.nccgroup.com/2021/03/23/the-future-of-c-code-review/
[02:15:03] Microsoft Exchange Server-Side Request Forgery [CVE-2021-26855]
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-26855.html
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)