EPISODE · Oct 6, 2020 · 2H 4M
Fingerprinting Exploit Devs, BLURtooth and Punking Punkbuster
from Day[0] · host dayzerosec
Every wondering how you might fingerprint and trace exploit devs in the wild? Wondered what a backdoor in a D-Link router looks like? Want to hack Facebook (for Android)? We have all of that and more! [00:00:43] Google: Android Partner Vulnerability Initiative https://bugs.chromium.org/p/apvi/issues/list?q=&can=1 [00:02:55] Project Zero: Announcing the Fuzzilli Research Grant Program [00:08:40] GitHub: Code scanning is now available [00:16:39] Hunting for exploits by looking for the author's fingerprints [00:22:26] Forcing Firefox to Execute XSS Payloads during 302 Redirects [00:27:10] Exploiting fine-grained AWS IAM permissions for total cloud compromise https://medium.com/bugbountywriteup/aws-iam-explained-for-red-and-blue-teams-2dda8b20fbf7 [00:38:04] BLURtooth (the BLUR attacks) [00:44:25] Arbitrary code execution on Facebook for Android [00:51:44] [stripo] Public and secret api key leaked in JavaScript source [01:00:14] [GitLab] Unvalidated Oauth email results in accounts takeovers on 3rd parties [01:06:03] Hacking Grindr Accounts with Copy and Paste [01:16:37] Exploiting Other Remote Protocols in IBM WebSphere https://portswigger.net/web-security/deserialization/exploiting [01:25:57] The Anatomy of a Bug Door: Dissecting Two D-Link Router Authentication Bypasses [01:38:36] Hacking Punkbuster. [01:43:26] Race Condition in handling of PID by apport [CVE-2020-15702] [01:57:24] Hardware Hacking Experiments [01:59:11] How I automated McDonalds mobile game to win free iPhones [01:59:42] Voyager - A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel) [02:00:28] zznop/sploit: Go package that aids in binary analysis and exploitation Watch
What this episode covers
Every wondering how you might fingerprint and trace exploit devs in the wild? Wondered what a backdoor in a D-Link router looks like? Want to hack Facebook (for Android)? We have all of that and more! [00:00:43] Google: Android Partner Vulnerability Initiative https://bugs.chromium.org/p/apvi/issues/list?q=&can=1 [00:02:55] Project Zero: Announcing the Fuzzilli Research Grant Program [00:08:40] GitHub: Code scanning is now available [00:16:39] Hunting for exploits by looking for the author's fingerprints [00:22:26] Forcing Firefox to Execute XSS Payloads during 302 Redirects [00:27:10] Exploiting fine-grained AWS IAM permissions for total cloud compromise https://medium.com/bugbountywriteup/aws-iam-explained-for-red-and-blue-teams-2dda8b20fbf7 [00:38:04] BLURtooth (the BLUR attacks) [00:44:25] Arbitrary code execution on Facebook for Android [00:51:44] [stripo] Public and secret api key leaked in JavaScript source [01:00:14] [GitLab] Unvalidated Oauth email results in accounts takeovers on 3rd parties [01:06:03] Hacking Grindr Accounts with Copy and Paste [01:16:37] Exploiting Other Remote Protocols in IBM WebSphere https://portswigger.net/web-security/deserialization/exploiting [01:25:57] The Anatomy of a Bug Door: Dissecting Two D-Link Router Authentication Bypasses [01:38:36] Hacking Punkbuster. [01:43:26] Race Condition in handling of PID by apport [CVE-2020-15702] [01:57:24] Hardware Hacking Experiments [01:59:11] How I automated McDonalds mobile game to win free iPhones [01:59:42] Voyager - A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel) [02:00:28] zznop/sploit: Go package that aids in binary analysis and exploitation Watch
NOW PLAYING
Fingerprinting Exploit Devs, BLURtooth and Punking Punkbuster
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m