Escaping the Bhyve, WhatsApp, & BrakTooth [Binary Exploitation] episode artwork

EPISODE · Sep 9, 2021 · 1H 18M

Escaping the Bhyve, WhatsApp, & BrakTooth [Binary Exploitation]

from Day[0] · host dayzerosec

A tricky to exploit WhatsApp vulnerability, but still an interesting bug, several Bhyve vulnerabilities, and a named bluetooth vuln (Braktooth) Links and summaries are available on our website: https://dayzerosec.com/podcast/escaping-the-bhyve-whatsapp-braktooth.html [00:00:00] Introduction + The Future [00:02:08] Spot The Vuln Solution [00:07:25] Replay-based attack on Honda and Acura vehicles [00:15:54] A Heap-based Buffer Overflow Bug in the MySQL InnoDB memcached Plugin [CVE-2021-2429] [00:25:44] Vulnerability in WhatsApp could have led to data exposure of users [00:32:26] Code execution outside the virtualized guest in bhyve [CVE-2021-29631] [00:40:59] Your vulnerability is in another OEM! [01:01:36] BrakTooth [01:09:00] HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs The DAY[0] Podcast has two weekly episodes that are streamed live on Twitch (https://www.twitch.tv/dayzerosec) Mondays at 3pm Eastern we focus on vulnerabilities that would be of interest to bounty hunters, and on Tuesdays at 7:00pm Eastern we focus on low-level vulnerabilities. You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

Episode metadata supplied by the publisher feed · Published Sep 9, 2021

A tricky to exploit WhatsApp vulnerability, but still an interesting bug, several Bhyve vulnerabilities, and a named bluetooth vuln (Braktooth) Links and summaries are available on our website: https://dayzerosec.com/podcast/escaping-the-bhyve-whatsapp-braktooth.html [00:00:00] Introduction + The Future [00:02:08] Spot The Vuln Solution [00:07:25] Replay-based attack on Honda and Acura vehicles [00:15:54] A Heap-based Buffer Overflow Bug in the MySQL InnoDB memcached Plugin [CVE-2021-2429] [00:25:44] Vulnerability in WhatsApp could have led to data exposure of users [00:32:26] Code execution outside the virtualized guest in bhyve [CVE-2021-29631] [00:40:59] Your vulnerability is in another OEM! [01:01:36] BrakTooth [01:09:00] HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs The DAY[0] Podcast has two weekly episodes that are streamed live on Twitch (https://www.twitch.tv/dayzerosec) Mondays at 3pm Eastern we focus on vulnerabilities that would be of interest to bounty hunters, and on Tuesdays at 7:00pm Eastern we focus on low-level vulnerabilities. You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Escaping the Bhyve, WhatsApp, & BrakTooth [Binary Exploitation]

0:00 1:18:17

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 18 minutes long.

When was this Day[0] episode published?

This episode was published on September 9, 2021.

What is this episode about?

A tricky to exploit WhatsApp vulnerability, but still an interesting bug, several Bhyve vulnerabilities, and a named bluetooth vuln (Braktooth) Links and summaries are available on our website:...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!