EPISODE · Mar 10, 2020 · 2H 14M
FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging
from Day[0] · host dayzerosec
A New AMD sidechannel, and an old intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY[0]. [00:00:21] Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote [00:06:52] Announcing Remote Participation in Pwn2Own Vancouver [00:11:22] Revoking certain certificates on March 4 [00:19:40] FuzzBench: Fuzzer Benchmarking as a Service [00:28:53] Intel x86 Root of Trust: loss of trust [00:39:07] Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors [00:49:11] VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636afhttps://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 [00:55:11] MediaTek rootkit affecting millions of Android devices [01:01:56] Zoho ManageEngine RCE [01:11:25] RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555) [01:14:22] Regex Vulnerabilities - parse-community/parse-server [01:18:57] HTTP request smuggling using malformed Transfer-Encoding header [01:27:20] [Nextcloud] Delete All Data of Any User [01:30:36] Dismantling DST80-based Immobiliser Systems [01:37:53] Exploring Backdoor Poisoning Attacks Against Malware Classifiers [01:45:59] Code Renewability for Native Software Protection [01:55:42] Security Analysis of Memory Tagging [02:04:15] DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])
What this episode covers
A New AMD sidechannel, and an old intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY[0]. [00:00:21] Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote [00:06:52] Announcing Remote Participation in Pwn2Own Vancouver [00:11:22] Revoking certain certificates on March 4 [00:19:40] FuzzBench: Fuzzer Benchmarking as a Service [00:28:53] Intel x86 Root of Trust: loss of trust [00:39:07] Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors [00:49:11] VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636afhttps://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 [00:55:11] MediaTek rootkit affecting millions of Android devices [01:01:56] Zoho ManageEngine RCE [01:11:25] RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555) [01:14:22] Regex Vulnerabilities - parse-community/parse-server [01:18:57] HTTP request smuggling using malformed Transfer-Encoding header [01:27:20] [Nextcloud] Delete All Data of Any User [01:30:36] Dismantling DST80-based Immobiliser Systems [01:37:53] Exploring Backdoor Poisoning Attacks Against Malware Classifiers [01:45:59] Code Renewability for Native Software Protection [01:55:42] Security Analysis of Memory Tagging [02:04:15] DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])
NOW PLAYING
FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m