Cross-Browser Tracking, Frag Attacks, and Malicious Rust Macros episode artwork

EPISODE · May 18, 2021 · 1H 18M

Cross-Browser Tracking, Frag Attacks, and Malicious Rust Macros

from Day[0] · host dayzerosec

A shorter episode, but some really cool vulns none-the-less, from mitigation bypassing on D-Link routers, to a new set of WiFi protocol design flaws. [00:01:14] Security Vulnerability Detection Using Deep Learning Natural Language Processing https://arxiv.org/abs/2105.02388v1https://samate.nist.gov/SARD/ [00:08:12] Stealing secrets with Rust Macros proof-of-concept via VSCode https://github.com/lucky/bad_actor_poc [00:13:21] [GitLab] RCE when removing metadata with ExifTool https://hackerone.com/reports/1154542https://github.com/exiftool/exiftool/blob/11.70/lib/Image/ExifTool/DjVu.pm#L233 [00:19:47] Terminal escape injection in AWS CloudShell https://bugs.chromium.org/p/project-zero/issues/detail?id=2154https://github.com/c9/core/blob/master/plugins/c9.ide.terminal/aceterm/libterm.js#L1276 [00:23:54] Cross-browser tracking vulnerability in Tor, Safari, Chrome and Firefox https://fingerprintjs.com/blog/external-protocol-flooding/ [00:34:27] Fei Protocol Flashloan Vulnerability Postmortem https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affbhttps://uniswap.org/docs/v2/smart-contract-integration/providing-liquidity/ [00:44:46] One-click reflected XSS on Instagram https://ysamm.com/?p=695 [00:47:24] D-Link Vulnerability [CVE-2021-27342] https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html [00:51:52] Experimental Security Assessment of Mercedes-Benz Cars https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf [01:01:08] FragAttacks: Fragmentation & Aggregation Attacks https://github.com/vanhoefm/fragattackshttps://www.youtube.com/watch?v=OJ9nFeuitIU [01:10:57] Dell ‘dbutil_2_3.sys’ Kernel Exploit [CVE-2021-21551] https://connormcgarr.github.io/cve-2020-21551-sploit/ [01:11:45] googleprojectzero/Hyntrospect https://github.com/googleprojectzero/Hyntrospect [01:13:01] IDA Free w/ Cloud Decompiler Dropped https://www.hex-rays.com/ida-free/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Episode metadata supplied by the publisher feed · Published May 18, 2021

A shorter episode, but some really cool vulns none-the-less, from mitigation bypassing on D-Link routers, to a new set of WiFi protocol design flaws. [00:01:14] Security Vulnerability Detection Using Deep Learning Natural Language Processing https://arxiv.org/abs/2105.02388v1https://samate.nist.gov/SARD/ [00:08:12] Stealing secrets with Rust Macros proof-of-concept via VSCode https://github.com/lucky/bad_actor_poc [00:13:21] [GitLab] RCE when removing metadata with ExifTool https://hackerone.com/reports/1154542https://github.com/exiftool/exiftool/blob/11.70/lib/Image/ExifTool/DjVu.pm#L233 [00:19:47] Terminal escape injection in AWS CloudShell https://bugs.chromium.org/p/project-zero/issues/detail?id=2154https://github.com/c9/core/blob/master/plugins/c9.ide.terminal/aceterm/libterm.js#L1276 [00:23:54] Cross-browser tracking vulnerability in Tor, Safari, Chrome and Firefox https://fingerprintjs.com/blog/external-protocol-flooding/ [00:34:27] Fei Protocol Flashloan Vulnerability Postmortem https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affbhttps://uniswap.org/docs/v2/smart-contract-integration/providing-liquidity/ [00:44:46] One-click reflected XSS on Instagram https://ysamm.com/?p=695 [00:47:24] D-Link Vulnerability [CVE-2021-27342] https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html [00:51:52] Experimental Security Assessment of Mercedes-Benz Cars https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf [01:01:08] FragAttacks: Fragmentation & Aggregation Attacks https://github.com/vanhoefm/fragattackshttps://www.youtube.com/watch?v=OJ9nFeuitIU [01:10:57] Dell ‘dbutil_2_3.sys’ Kernel Exploit [CVE-2021-21551] https://connormcgarr.github.io/cve-2020-21551-sploit/ [01:11:45] googleprojectzero/Hyntrospect https://github.com/googleprojectzero/Hyntrospect [01:13:01] IDA Free w/ Cloud Decompiler Dropped https://www.hex-rays.com/ida-free/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Cross-Browser Tracking, Frag Attacks, and Malicious Rust Macros

0:00 1:18:52

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 18 minutes long.

When was this Day[0] episode published?

This episode was published on May 18, 2021.

What is this episode about?

A shorter episode, but some really cool vulns none-the-less, from mitigation bypassing on D-Link routers, to a new set of WiFi protocol design flaws. [00:01:14] Security Vulnerability Detection Using Deep Learning Natural Language...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!