[binary] Attacking VirtualBox and Malicious Chess episode artwork

EPISODE · May 18, 2023 · 50 MIN

[binary] Attacking VirtualBox and Malicious Chess

from Day[0] · host dayzerosec

This week we we've got a neat little printer corruption, a probably unexploitable stockfish bug, though we speculate about exploitation a bit. Then into a VirtualBox escape bug, and an Andreno "vulnerability". Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/212.html [00:00:00] Introduction [00:01:31] Spot the Vuln - To Upload or Not To Upload [00:05:25] The printer goes brrrrr, again! [00:09:34] [Stockfish] Increase MAX_MOVES to prevent buffer overflow and stack corruption [00:27:53] Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991 [00:37:09] Qualcomm Adreno/KGSL: secure buffers are addressable by all GPU users [00:43:37] RET2ASLR - Leaking ASLR from return instructions [00:46:13] Apple Fails to Fully Reboot iOS Simulator Copyright Case The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Episode metadata supplied by the publisher feed · Published May 18, 2023

This week we we've got a neat little printer corruption, a probably unexploitable stockfish bug, though we speculate about exploitation a bit. Then into a VirtualBox escape bug, and an Andreno "vulnerability". Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/212.html [00:00:00] Introduction [00:01:31] Spot the Vuln - To Upload or Not To Upload [00:05:25] The printer goes brrrrr, again! [00:09:34] [Stockfish] Increase MAX_MOVES to prevent buffer overflow and stack corruption [00:27:53] Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991 [00:37:09] Qualcomm Adreno/KGSL: secure buffers are addressable by all GPU users [00:43:37] RET2ASLR - Leaking ASLR from return instructions [00:46:13] Apple Fails to Fully Reboot iOS Simulator Copyright Case The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

[binary] Attacking VirtualBox and Malicious Chess

0:00 50:40

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 50 minutes long.

When was this Day[0] episode published?

This episode was published on May 18, 2023.

What is this episode about?

This week we we've got a neat little printer corruption, a probably unexploitable stockfish bug, though we speculate about exploitation a bit. Then into a VirtualBox escape bug, and an Andreno "vulnerability". Links and vulnerability summaries for...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!