Go offline with the Player FM app!
Raccoons, Incomplete fixes and Kernel Exploits
Manage episode 272135380 series 2606557
Leading off this week's discussion is the news about the now remote CCC and Offensive Security's plans to retire OSCE. On the exploit side of things, this week we have a few recent bug bounties including a Google Maps XSS, a FreeBSD TOCTOU, and a couple of Linux kernel vulnerabilities.
- [00:02:30] CCC going remote this year due to pandemic
- [00:09:44] NVIDIA to Acquire Arm for $40 Billion
- [00:20:36] OSCE being retired
- [00:34:21] Giggle; laughable security
- [00:44:51] Raccoon Attack
- [00:53:34] Executing arbitrary code on NVIDIA GeForce NOW VMs
- [01:02:07] Cache poisoning via X-Forwarded-Host
- [01:08:56] Team object in GraphQL disclosed private_comment
- [01:14:08] XSS->Fix->Bypass: 10000$ bounty in Google Maps
- [01:28:33] Microsoft Sharepoint and Exchange Server Vulnerabilities
- [01:45:35] Short story of 1 Linux Kernel Use-After-Free and 2 CVEs
- [01:53:25] FreeBSD Kernel Privilege Escalation [CVE-2020-7460]
- [02:02:47] WSL 2.0 dxgkrnl Driver Memory Corruption
- [02:10:46] Project Zero: Attacking the Qualcomm Adreno GPU
- [02:16:03] GoogleCTF 2020 Challenge Source + Exploits Release
- [02:20:08] IDA Pro Tips to Add to Your Bag of Tricks
- [02:20:48] Reverse Engineering: Marvel's Avengers - Developing a Server Emulator
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@DAY[0])
253 episodes
Manage episode 272135380 series 2606557
Leading off this week's discussion is the news about the now remote CCC and Offensive Security's plans to retire OSCE. On the exploit side of things, this week we have a few recent bug bounties including a Google Maps XSS, a FreeBSD TOCTOU, and a couple of Linux kernel vulnerabilities.
- [00:02:30] CCC going remote this year due to pandemic
- [00:09:44] NVIDIA to Acquire Arm for $40 Billion
- [00:20:36] OSCE being retired
- [00:34:21] Giggle; laughable security
- [00:44:51] Raccoon Attack
- [00:53:34] Executing arbitrary code on NVIDIA GeForce NOW VMs
- [01:02:07] Cache poisoning via X-Forwarded-Host
- [01:08:56] Team object in GraphQL disclosed private_comment
- [01:14:08] XSS->Fix->Bypass: 10000$ bounty in Google Maps
- [01:28:33] Microsoft Sharepoint and Exchange Server Vulnerabilities
- [01:45:35] Short story of 1 Linux Kernel Use-After-Free and 2 CVEs
- [01:53:25] FreeBSD Kernel Privilege Escalation [CVE-2020-7460]
- [02:02:47] WSL 2.0 dxgkrnl Driver Memory Corruption
- [02:10:46] Project Zero: Attacking the Qualcomm Adreno GPU
- [02:16:03] GoogleCTF 2020 Challenge Source + Exploits Release
- [02:20:08] IDA Pro Tips to Add to Your Bag of Tricks
- [02:20:48] Reverse Engineering: Marvel's Avengers - Developing a Server Emulator
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@DAY[0])
253 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.