EPISODE · Sep 9, 2021 · 1H 18M
Escaping the Bhyve, WhatsApp, & BrakTooth [Binary Exploitation]
from Day[0] · host dayzerosec
A tricky to exploit WhatsApp vulnerability, but still an interesting bug, several Bhyve vulnerabilities, and a named bluetooth vuln (Braktooth) Links and summaries are available on our website: https://dayzerosec.com/podcast/escaping-the-bhyve-whatsapp-braktooth.html [00:00:00] Introduction + The Future [00:02:08] Spot The Vuln Solution [00:07:25] Replay-based attack on Honda and Acura vehicles [00:15:54] A Heap-based Buffer Overflow Bug in the MySQL InnoDB memcached Plugin [CVE-2021-2429] [00:25:44] Vulnerability in WhatsApp could have led to data exposure of users [00:32:26] Code execution outside the virtualized guest in bhyve [CVE-2021-29631] [00:40:59] Your vulnerability is in another OEM! [01:01:36] BrakTooth [01:09:00] HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs The DAY[0] Podcast has two weekly episodes that are streamed live on Twitch (https://www.twitch.tv/dayzerosec) Mondays at 3pm Eastern we focus on vulnerabilities that would be of interest to bounty hunters, and on Tuesdays at 7:00pm Eastern we focus on low-level vulnerabilities. You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.
What this episode covers
A tricky to exploit WhatsApp vulnerability, but still an interesting bug, several Bhyve vulnerabilities, and a named bluetooth vuln (Braktooth) Links and summaries are available on our website: https://dayzerosec.com/podcast/escaping-the-bhyve-whatsapp-braktooth.html [00:00:00] Introduction + The Future [00:02:08] Spot The Vuln Solution [00:07:25] Replay-based attack on Honda and Acura vehicles [00:15:54] A Heap-based Buffer Overflow Bug in the MySQL InnoDB memcached Plugin [CVE-2021-2429] [00:25:44] Vulnerability in WhatsApp could have led to data exposure of users [00:32:26] Code execution outside the virtualized guest in bhyve [CVE-2021-29631] [00:40:59] Your vulnerability is in another OEM! [01:01:36] BrakTooth [01:09:00] HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs The DAY[0] Podcast has two weekly episodes that are streamed live on Twitch (https://www.twitch.tv/dayzerosec) Mondays at 3pm Eastern we focus on vulnerabilities that would be of interest to bounty hunters, and on Tuesdays at 7:00pm Eastern we focus on low-level vulnerabilities. You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.
NOW PLAYING
Escaping the Bhyve, WhatsApp, & BrakTooth [Binary Exploitation]
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m