Leading off this week's discussion is the news about the now remote CCC and Offensive Security's plans to retire OSCE. On the exploit side of things, this week we have a few recent bug bounties including a Google Maps XSS, a FreeBSD TOCTOU, and a couple of Linux kernel vulnerabilities.

[00:02:30] CCC going remote this year due to pandemic

[00:09:44] NVIDIA to Acquire Arm for $40 Billion

[00:20:36] OSCE being retired
https://ringzer0.training/
[00:34:21] Giggle; laughable security

[00:44:51] Raccoon Attack
https://portswigger.net/daily-swig/researchers-exploit-http-2-wpa3-protocols-to-stage-highly-efficient-timeless-timing-attacks
[00:53:34] Executing arbitrary code on NVIDIA GeForce NOW VMs

[01:02:07] Cache poisoning via X-Forwarded-Host

[01:08:56] Team object in GraphQL disclosed private_comment

[01:14:08] XSS->Fix->Bypass: 10000$ bounty in Google Maps

[01:28:33] Microsoft Sharepoint and Exchange Server Vulnerabilities
[01:45:35] Short story of 1 Linux Kernel Use-After-Free and 2 CVEs

[01:53:25] FreeBSD Kernel Privilege Escalation [CVE-2020-7460]

[02:02:47] WSL 2.0 dxgkrnl Driver Memory Corruption

[02:10:46] Project Zero: Attacking the Qualcomm Adreno GPU

[02:16:03] GoogleCTF 2020 Challenge Source + Exploits Release

[02:20:08] IDA Pro Tips to Add to Your Bag of Tricks

[02:20:48] Reverse Engineering: Marvel's Avengers - Developing a Server Emulator


Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@DAY[0])

Ver todos los episodios