EPISODE · Jan 20, 2025 · 1H 12M
Excavating Exploits and PHP Footguns
from Day[0] · host dayzerosec
This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excavating an exploit strategy from crash logs of an In-The-Wild campaign. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/269.html [00:00:00] Introduction [00:07:48] Attacking Hypervisors - From KVM to Mobile Security Platforms [00:12:18] Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal [00:19:41] How an obscure PHP footgun led to RCE in Craft CMS [00:34:44] oss-security - RSYNC: 6 vulnerabilities [00:42:13] The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit [00:59:59] security-research/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/docs/exploit.md [01:10:35] GLibc Heap Exploitation Training Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
What this episode covers
This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excavating an exploit strategy from crash logs of an In-The-Wild campaign. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/269.html [00:00:00] Introduction [00:07:48] Attacking Hypervisors - From KVM to Mobile Security Platforms [00:12:18] Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal [00:19:41] How an obscure PHP footgun led to RCE in Craft CMS [00:34:44] oss-security - RSYNC: 6 vulnerabilities [00:42:13] The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit [00:59:59] security-research/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/docs/exploit.md [01:10:35] GLibc Heap Exploitation Training Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
NOW PLAYING
Excavating Exploits and PHP Footguns
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m