Deanonymization with CloudFlare and Subaru's Security Woes episode artwork

EPISODE · Jan 27, 2025 · 1H 7M

Deanonymization with CloudFlare and Subaru's Security Woes

from Day[0] · host dayzerosec

Zero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a technique leverages CloudFlare to deanonymize users on messaging apps. PortSwigger also publishes a post on the Cookie Sandwich technique, and Subaru's weak admin panel security allows tracking and controlling other people's vehicles. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/270.html [00:00:00] Introduction [00:00:11] ZDI Threat Hunting 2024 - Highlights, Trends, and Challenges [00:21:44] Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform [00:41:54] Stealing HttpOnly cookies with the cookie sandwich technique [00:49:06] Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Episode metadata supplied by the publisher feed · Published Jan 27, 2025

Zero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a technique leverages CloudFlare to deanonymize users on messaging apps. PortSwigger also publishes a post on the Cookie Sandwich technique, and Subaru's weak admin panel security allows tracking and controlling other people's vehicles. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/270.html [00:00:00] Introduction [00:00:11] ZDI Threat Hunting 2024 - Highlights, Trends, and Challenges [00:21:44] Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform [00:41:54] Stealing HttpOnly cookies with the cookie sandwich technique [00:49:06] Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Deanonymization with CloudFlare and Subaru's Security Woes

0:00 1:07:35

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 7 minutes long.

When was this Day[0] episode published?

This episode was published on January 27, 2025.

What is this episode about?

Zero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a technique leverages CloudFlare to deanonymize users on messaging apps. PortSwigger also publishes a post on the...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!