Some interesting tips and tricks as we look at multiple privileges escalations from XNU to Ubuntu, Bitdefender, and Dropbox (HelloSign).

[00:01:31] Apple allegedly not crediting researchers

[00:10:26] Response to Voatz's Supreme Court Amicus Brief

[00:23:45] Standing up for developers: youtube-dl is back

[00:30:05] HelloSign SSRF leads to AWS private key disclosure

[00:38:02] Silver Peak Unity Orchestrator RCE

[00:42:51] Get root by pretending nobody's /home

[00:48:20] Project Zero: Oops, I missed it again!

[00:55:12] Bitdefender: UPX Unpacking Featuring Ten Memory Corruptions

[01:01:07] Sleep Attack: Intel Bootguard vulnerability waking from S3

[01:05:56] SAD DNS Explained

[01:12:02] Cache-in-the-Middle (CITM) Attacks: Manipulating Sensitive Data in Isolated Execution Envrionments

[01:23:33] A Systematic Study of Elastic Objects in Kernel Exploitation


Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@DAY[0])

Ver todos los episodios