EPISODE · Mar 23, 2021 · 1H 45M
Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!
from Day[0] · host dayzerosec
Time to rewrite Linux in Rust? Probably not, but it has landed in linux-next which we talked about. We also look at a couple interesting GitHub vulns, and talk about fuzzing. [00:00:28] Rust in the Linux Kernel https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/rust?id=c77c8025525c36c9d2b9d82e4539403701276a1dhttps://www.youtube.com/watch?v=FFjV9f_Ub9o&t=2066shttps://lkml.org/lkml/2020/7/9/952https://lkml.org/lkml/2020/7/10/1261 [00:13:40] Two Undocumented Instructions to Update Microcode Discovered https://twitter.com/_markel___/status/1373059797155778562 [00:19:06] DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS https://palant.info/2021/03/15/duckduckgo-privacy-essentials-vulnerabilities-insecure-communication-and-universal-xss/ [00:26:46] Abusing VoIPmonitor for Remote Code Execution https://www.rtcsec.com/post/2021/03/bug-discovery-diaries-abusing-voipmonitor-for-remote-code-execution/ [00:32:18] Stealing arbitrary GitHub Actions secrets https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html [00:40:29] How we found and fixed a rare race condition in our session handling https://github.blog/2021-03-18-how-we-found-and-fixed-a-rare-race-condition-in-our-session-handling/ [00:49:05] GitLab - Ability To Delete User(s) Account Without User Interaction https://hackerone.com/reports/928255 [00:52:49] New Old Bugs in the Linux Kernel https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.htmlhttps://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.03.12-linux-iscsi [01:00:33] Fuzzing: FastStone Image Viewer [CVE-2021-26236] https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236/ [01:06:53] A Replay-Style Deserialization Attack Against SharePoint [CVE-2021-27076] https://www.thezdi.com/blog/2021/3/17/cve-2021-27076-a-replay-style-deserialization-attack-against-sharepoint [01:12:38] One day short of a full chain: Part 2 - Chrome sandbox escape https://securitylab.github.com/research/one_day_short_of_a_fullchain_sbx [01:18:58] Code execution in Wireshark via non-http(s) schemes in URL fields https://gitlab.com/wireshark/wireshark/-/issues/17232 [01:21:59] Attacking and Defending OAuth 2.0 (Part 2 of 2: Attacking OAuth 2.0 Authorization Servers) https://www.praetorian.com/blog/attacking-and-defending-oauth-2/ [01:30:37] Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace https://blog.trailofbits.com/2021/03/19/un-bee-lievable-performance-fast-coverage-guided-fuzzing-with-honeybee-and-intel-processor-trace/ [01:42:00] Pulling Bits From ROM Silicon Die Images: Unknown Architecture https://ryancor.medium.com/pulling-bits-from-rom-silicon-die-images-unknown-architecture-b73b6b0d4e5d [01:42:28] 0dayfans.com https://0dayfans.com/https://github.com/dayzerosec/feedgenhttps://shop.spreadshirt.com/dayzerosec/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
What this episode covers
Time to rewrite Linux in Rust? Probably not, but it has landed in linux-next which we talked about. We also look at a couple interesting GitHub vulns, and talk about fuzzing. [00:00:28] Rust in the Linux Kernel https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/rust?id=c77c8025525c36c9d2b9d82e4539403701276a1dhttps://www.youtube.com/watch?v=FFjV9f_Ub9o&t=2066shttps://lkml.org/lkml/2020/7/9/952https://lkml.org/lkml/2020/7/10/1261 [00:13:40] Two Undocumented Instructions to Update Microcode Discovered https://twitter.com/_markel___/status/1373059797155778562 [00:19:06] DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS https://palant.info/2021/03/15/duckduckgo-privacy-essentials-vulnerabilities-insecure-communication-and-universal-xss/ [00:26:46] Abusing VoIPmonitor for Remote Code Execution https://www.rtcsec.com/post/2021/03/bug-discovery-diaries-abusing-voipmonitor-for-remote-code-execution/ [00:32:18] Stealing arbitrary GitHub Actions secrets https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html [00:40:29] How we found and fixed a rare race condition in our session handling https://github.blog/2021-03-18-how-we-found-and-fixed-a-rare-race-condition-in-our-session-handling/ [00:49:05] GitLab - Ability To Delete User(s) Account Without User Interaction https://hackerone.com/reports/928255 [00:52:49] New Old Bugs in the Linux Kernel https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.htmlhttps://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.03.12-linux-iscsi [01:00:33] Fuzzing: FastStone Image Viewer [CVE-2021-26236] https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236/ [01:06:53] A Replay-Style Deserialization Attack Against SharePoint [CVE-2021-27076] https://www.thezdi.com/blog/2021/3/17/cve-2021-27076-a-replay-style-deserialization-attack-against-sharepoint [01:12:38] One day short of a full chain: Part 2 - Chrome sandbox escape https://securitylab.github.com/research/one_day_short_of_a_fullchain_sbx [01:18:58] Code execution in Wireshark via non-http(s) schemes in URL fields https://gitlab.com/wireshark/wireshark/-/issues/17232 [01:21:59] Attacking and Defending OAuth 2.0 (Part 2 of 2: Attacking OAuth 2.0 Authorization Servers) https://www.praetorian.com/blog/attacking-and-defending-oauth-2/ [01:30:37] Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace https://blog.trailofbits.com/2021/03/19/un-bee-lievable-performance-fast-coverage-guided-fuzzing-with-honeybee-and-intel-processor-trace/ [01:42:00] Pulling Bits From ROM Silicon Die Images: Unknown Architecture https://ryancor.medium.com/pulling-bits-from-rom-silicon-die-images-unknown-architecture-b73b6b0d4e5d [01:42:28] 0dayfans.com https://0dayfans.com/https://github.com/dayzerosec/feedgenhttps://shop.spreadshirt.com/dayzerosec/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
NOW PLAYING
Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m