Defcon Quals, Dead μops, BadAllocs, Wordpress XXE episode artwork

EPISODE · May 4, 2021 · 1H 44M

Defcon Quals, Dead μops, BadAllocs, Wordpress XXE

from Day[0] · host dayzerosec

Big episode this week, with a lot of discussion about CTFs, kernel drama, and Github's exploit policy. Then some really interesting exploit strategies on Tesla and Netgear, along with some simple, yet deadly issues in Wordpress and Composer. [00:00:32] An Update on the UMN Affair https://lwn.net/SubscriberLink/854645/334317047842b6c3/https://www-users.cs.umn.edu/%7Ekjlu/papers/full-disclosure.pdf [00:11:29] [GitHub] Exploits and Malware Policy Updates https://github.com/github/site-policy/pull/397https://github.com/github/site-policy/pull/397/commits/f220679709b60dd4d6b34465a56b89bb79efcfe6#diff-24d72c4cb9785e60d5cbf50905291a5e079f4efd8c03f67904077cc2af4b8412L34 [00:18:22] OOO - DEF CON CTF https://oooverflow.io/https://twitter.com/oooverflow/status/1388920554111987715 [00:34:23] BadAlloc - Memory Allocation Vulnerabilities https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04 [00:40:15] I See Dead μops: Leaking Secrets via Intel/AMDMicro-Op Caches http://www.cs.virginia.edu/venkat/papers/isca2021a.pdfhttps://comparch.org/2021/05/01/i-see-dead-uops-thoughts-on-the-latest-spectre-paper-targeting-uop-caches/ [00:54:43] Brave - Stealing your cookies remotely https://infosecwriteups.com/brave-stealing-your-cookies-remotely-1e09d1184675 [00:57:37] Facebook account takeover due to unsafe redirects after the OAuth flow https://ysamm.com/?p=667 [01:03:11] WordPress 5.7 XXE Vulnerability https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/ [01:05:43] PHP Supply Chain Attack on Composer https://blog.sonarsource.com/php-supply-chain-attack-on-composer [01:10:25] Multiple Issues in Libre Wireless LS9 Modules https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ [01:14:50] macOS Gatekeeper Bypass https://objective-see.com/blog/blog_0x64.htmlhttps://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508 [01:19:28] Linux Kernel /proc/pid/syscall information disclosure vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211 [01:24:08] Remote Zero-Click Exploit in Tesla Automobiles https://kunnamon.io/tbone/ [01:31:00] NETGEAR Nighthawk R7000 httpd PreAuth RCE https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/ [01:34:43] Parallels Desktop RDPMC Hypercall Interface and Vulnerabilities https://www.zerodayinitiative.com/blog/2021/4/26/parallels-desktop-rdpmc-hypercall-interface-and-vulnerabilities [01:39:24] Exploiting Undocumented Hardware Blocks in the LPC55S69 https://oxide.computer/blog/lpc55/ [01:40:05] python stdlib "ipaddress" - Improper Input Validation [CVE-2021-29921] https://sick.codes/sick-2021-014/ [01:40:35] Ham Hacks: Breaking Into Software-defined Radio https://labs.bishopfox.com/industry-blog/ham-hacks-breaking-into-software-defined-radio [01:41:59] gand3lf/heappy: A happy heap editor to support your exploitation process https://github.com/Gand3lf/heappy [01:43:38] LiveQL Episode II: The Rhino in the room https://securitylab.github.co

Episode metadata supplied by the publisher feed · Published May 4, 2021

Big episode this week, with a lot of discussion about CTFs, kernel drama, and Github's exploit policy. Then some really interesting exploit strategies on Tesla and Netgear, along with some simple, yet deadly issues in Wordpress and Composer. [00:00:32] An Update on the UMN Affair https://lwn.net/SubscriberLink/854645/334317047842b6c3/https://www-users.cs.umn.edu/%7Ekjlu/papers/full-disclosure.pdf [00:11:29] [GitHub] Exploits and Malware Policy Updates https://github.com/github/site-policy/pull/397https://github.com/github/site-policy/pull/397/commits/f220679709b60dd4d6b34465a56b89bb79efcfe6#diff-24d72c4cb9785e60d5cbf50905291a5e079f4efd8c03f67904077cc2af4b8412L34 [00:18:22] OOO - DEF CON CTF https://oooverflow.io/https://twitter.com/oooverflow/status/1388920554111987715 [00:34:23] BadAlloc - Memory Allocation Vulnerabilities https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04 [00:40:15] I See Dead μops: Leaking Secrets via Intel/AMDMicro-Op Caches http://www.cs.virginia.edu/venkat/papers/isca2021a.pdfhttps://comparch.org/2021/05/01/i-see-dead-uops-thoughts-on-the-latest-spectre-paper-targeting-uop-caches/ [00:54:43] Brave - Stealing your cookies remotely https://infosecwriteups.com/brave-stealing-your-cookies-remotely-1e09d1184675 [00:57:37] Facebook account takeover due to unsafe redirects after the OAuth flow https://ysamm.com/?p=667 [01:03:11] WordPress 5.7 XXE Vulnerability https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/ [01:05:43] PHP Supply Chain Attack on Composer https://blog.sonarsource.com/php-supply-chain-attack-on-composer [01:10:25] Multiple Issues in Libre Wireless LS9 Modules https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ [01:14:50] macOS Gatekeeper Bypass https://objective-see.com/blog/blog_0x64.htmlhttps://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508 [01:19:28] Linux Kernel /proc/pid/syscall information disclosure vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211 [01:24:08] Remote Zero-Click Exploit in Tesla Automobiles https://kunnamon.io/tbone/ [01:31:00] NETGEAR Nighthawk R7000 httpd PreAuth RCE https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/ [01:34:43] Parallels Desktop RDPMC Hypercall Interface and Vulnerabilities https://www.zerodayinitiative.com/blog/2021/4/26/parallels-desktop-rdpmc-hypercall-interface-and-vulnerabilities [01:39:24] Exploiting Undocumented Hardware Blocks in the LPC55S69 https://oxide.computer/blog/lpc55/ [01:40:05] python stdlib "ipaddress" - Improper Input Validation [CVE-2021-29921] https://sick.codes/sick-2021-014/ [01:40:35] Ham Hacks: Breaking Into Software-defined Radio https://labs.bishopfox.com/industry-blog/ham-hacks-breaking-into-software-defined-radio [01:41:59] gand3lf/heappy: A happy heap editor to support your exploitation process https://github.com/Gand3lf/heappy [01:43:38] LiveQL Episode II: The Rhino in the room https://securitylab.github.co

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Defcon Quals, Dead μops, BadAllocs, Wordpress XXE

0:00 1:44:36

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 44 minutes long.

When was this Day[0] episode published?

This episode was published on May 4, 2021.

What is this episode about?

Big episode this week, with a lot of discussion about CTFs, kernel drama, and Github's exploit policy. Then some really interesting exploit strategies on Tesla and Netgear, along with some simple, yet deadly issues in Wordpress and...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!