Some solid exploit development talk in this episode as we look at an iOS vuln, discuss the exploitability of a cURL buffer overflow and examine a new kernel UAF mitigation.
[00:00:43] Improving open source security during the Google summer internship program
https://security.googleblog.com/2020/12/improving-open-source-security-during.html
[00:03:35] Justices seem wary of breadth of federal computer fraud statute
https://www.scotusblog.com/2020/12/argument-analysis-justices-seem-wary-of-breadth-of-federal-computer-fraud-statute/
[00:11:37] Update regarding Snapchat SSRF
https://hackerone.com/reports/530974
[00:12:53] A 3D Printed Shell
https://www.securifera.com/blog/2020/12/02/a-3d-printed-shell/
[00:20:19] Site Wide CSRF on Glassdoor
https://blog.witcoat.com/2020/12/03/site-wide-csrf-on-glassdoor/
[00:24:24] [GitLab] Stored-XSS in error message of build-dependencies
https://hackerone.com/reports/950190
[00:27:44] Playstation Now RCE
https://hackerone.com/reports/873614
[00:32:29] MS Teams RCE (Important, Spoofing)
https://github.com/oskarsve/ms-teams-rce/
[00:38:34] An iOS zero-click radio proximity exploit odyssey
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1982
[00:54:58] [curl] heap-based buffer overrun in /lib/urlapi.c
https://hackerone.com/reports/547630
[01:02:51] Google Duo: Race condition can cause callee to leak video packets from unanswered call
https://bugs.chromium.org/p/project-zero/issues/detail?id=2085
[01:05:35] Linux kernel heap quarantine versus use-after-free exploits
https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html
https://lore.kernel.org/kernel-hardening/CAG48ez1tNU_7n8qtnxTYZ5qt-upJ81Fcb0P2rZe38ARK=iyBkA@mail.gmail.com/T/#u
[01:13:23] Hey Alexa what did I just type? Decoding smartphone sounds with a voice assistant
https://arxiv.org/abs/2012.00687
[01:22:57] XS-Leaks Wiki
https://xsleaks.dev/
https://security.googleblog.com/2020/12/fostering-research-on-new-web-security.html
[01:27:14] Hacking 101 by No Starch Press
https://www.humblebundle.com/books/hacking-101-no-starch-press-books
[01:33:40] Gamozo Labs FuzzOS
https://gamozolabs.github.io/fuzzing/2020/12/06/fuzzos.html
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
![Day[0]](https://is1-ssl.mzstatic.com/image/thumb/Podcasts125/v4/a6/69/69/a6696919-3987-fbc0-8e0c-1ba0e1349a2b/mza_6631746544165345331.jpg/300x300bb-75.jpg)