FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging episode artwork

EPISODE · Mar 10, 2020 · 2H 14M

FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

from Day[0] · host dayzerosec

A New AMD sidechannel, and an old intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY[0]. [00:00:21] Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote [00:06:52] Announcing Remote Participation in Pwn2Own Vancouver [00:11:22] Revoking certain certificates on March 4 [00:19:40] FuzzBench: Fuzzer Benchmarking as a Service [00:28:53] Intel x86 Root of Trust: loss of trust [00:39:07] Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors [00:49:11] VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636afhttps://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 [00:55:11] MediaTek rootkit affecting millions of Android devices [01:01:56] Zoho ManageEngine RCE [01:11:25] RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555) [01:14:22] Regex Vulnerabilities - parse-community/parse-server [01:18:57] HTTP request smuggling using malformed Transfer-Encoding header [01:27:20] [Nextcloud] Delete All Data of Any User [01:30:36] Dismantling DST80-based Immobiliser Systems [01:37:53] Exploring Backdoor Poisoning Attacks Against Malware Classifiers [01:45:59] Code Renewability for Native Software Protection [01:55:42] Security Analysis of Memory Tagging [02:04:15] DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])

Episode metadata supplied by the publisher feed · Published Mar 10, 2020

A New AMD sidechannel, and an old intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY[0]. [00:00:21] Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote [00:06:52] Announcing Remote Participation in Pwn2Own Vancouver [00:11:22] Revoking certain certificates on March 4 [00:19:40] FuzzBench: Fuzzer Benchmarking as a Service [00:28:53] Intel x86 Root of Trust: loss of trust [00:39:07] Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors [00:49:11] VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636afhttps://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 [00:55:11] MediaTek rootkit affecting millions of Android devices [01:01:56] Zoho ManageEngine RCE [01:11:25] RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555) [01:14:22] Regex Vulnerabilities - parse-community/parse-server [01:18:57] HTTP request smuggling using malformed Transfer-Encoding header [01:27:20] [Nextcloud] Delete All Data of Any User [01:30:36] Dismantling DST80-based Immobiliser Systems [01:37:53] Exploring Backdoor Poisoning Attacks Against Malware Classifiers [01:45:59] Code Renewability for Native Software Protection [01:55:42] Security Analysis of Memory Tagging [02:04:15] DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

0:00 2:14:29

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 2 hours and 14 minutes long.

When was this Day[0] episode published?

This episode was published on March 10, 2020.

What is this episode about?

A New AMD sidechannel, and an old intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY[0]. [00:00:21] Election Security 2020:...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!