EPISODE · Apr 21, 2020 · 2H 30M
Binary Ninja's Decompiler, git credential leak, cross-platform LPEs
from Day[0] · host dayzerosec
Zoom vuln worth $500k? Probably not... What is worth $500k? Binary Ninja's new decompiler...okay probably not but it is exciting.We've also got some stupid issues and some interesting LPEs this episode. [00:00:29] Cognizant suffers Maze Ransomware cyber attack [00:14:08] Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 [00:27:46] How I Reverse Engineered the LastPass CLI Tool [00:35:59] State of the Ninja: Episode 13 [01:02:18] Riot offering up to $100k n Bug Bounty [01:05:31] Research Grants to support Google VRP Bug Hunters during COVID-19 [01:09:08] Denial of service to WP-JSON API by cache poisoning [01:11:43] CSRF to RCE bug chain in Prestashop [01:21:16] Unintended disclosure of OTP [01:24:20] JSON Web Token Validation Bypass in Auth0 Authentication API [01:27:06] git: Newline injection in credential helper [01:31:20] How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability [01:36:34] Pwning vCenter with CVE-2020-3952 [01:45:19] Oracle Solaris 11.x/10 whodo/w Buffer Overflow [01:51:22] Linux Kernel EoP via Improper eBPF Program Verification [CVE-2020-8835] [01:57:39] Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c4f42c24e02ce82392d8f8fe215570568380c8ab [02:07:20] Ricerca Security: "SMBGhost pre-auth RCE https://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/ [02:14:01] IJON: Exploring Deep State Spaces via Fuzzing [02:23:26] Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction [02:27:45] GitHub - wcventure/FuzzingPaper
What this episode covers
Zoom vuln worth $500k? Probably not... What is worth $500k? Binary Ninja's new decompiler...okay probably not but it is exciting.We've also got some stupid issues and some interesting LPEs this episode. [00:00:29] Cognizant suffers Maze Ransomware cyber attack [00:14:08] Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 [00:27:46] How I Reverse Engineered the LastPass CLI Tool [00:35:59] State of the Ninja: Episode 13 [01:02:18] Riot offering up to $100k n Bug Bounty [01:05:31] Research Grants to support Google VRP Bug Hunters during COVID-19 [01:09:08] Denial of service to WP-JSON API by cache poisoning [01:11:43] CSRF to RCE bug chain in Prestashop [01:21:16] Unintended disclosure of OTP [01:24:20] JSON Web Token Validation Bypass in Auth0 Authentication API [01:27:06] git: Newline injection in credential helper [01:31:20] How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability [01:36:34] Pwning vCenter with CVE-2020-3952 [01:45:19] Oracle Solaris 11.x/10 whodo/w Buffer Overflow [01:51:22] Linux Kernel EoP via Improper eBPF Program Verification [CVE-2020-8835] [01:57:39] Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c4f42c24e02ce82392d8f8fe215570568380c8ab [02:07:20] Ricerca Security: "SMBGhost pre-auth RCE https://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/ [02:14:01] IJON: Exploring Deep State Spaces via Fuzzing [02:23:26] Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction [02:27:45] GitHub - wcventure/FuzzingPaper
NOW PLAYING
Binary Ninja's Decompiler, git credential leak, cross-platform LPEs
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m