Hacking Cameras, Stealing Logins, and Breaking Git episode artwork

EPISODE · Mar 16, 2021 · 1H 11M

Hacking Cameras, Stealing Logins, and Breaking Git

from Day[0] · host dayzerosec

RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible. [00:00:32] Critics fume after Github removes exploit code for Exchange vulnerabilities https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/https://borncity.com/win/2021/03/14/gab-es-beim-exchange-massenhack-ein-leck-bei-microsoft/ [00:09:21] CCTV: Now You See Me, Now You Don't https://research.aurainfosec.io/v380-ip-camera/ [00:13:47] CSRF to RCE Chain in Zabbix [CVE-2021-27927] https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce [00:19:44] Stealing Froxlor login credentials using dangling markup [CVE-2020-29653] https://labs.detectify.com/2021/03/10/cve-2020-29653-stealing-froxlor-login-credentials-dangling-markup/ [00:25:29] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://github.com/gitster/git/commit/684dd4c2b414bcf648505e74498a608f28de4592 [00:30:49] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 [00:33:37] Dell OpenManage Server Administrator File Read [CVE-2020-5377] https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/ [00:38:55] Windows Containers: ContainerUser has Elevated Privileges https://bugs.chromium.org/p/project-zero/issues/detail?id=2127 [00:40:18] Windows Containers: Host Registry Virtual Registry Provider Bypass EoP https://bugs.chromium.org/p/project-zero/issues/detail?id=2129 [00:42:34] F5 Big IP - ASM stack-based buffer overflow in is_hdr_criteria_matches https://bugs.chromium.org/p/project-zero/issues/detail?id=2132 [00:48:59] F5 Big IP - TMM uri_normalize_host infoleak and out-of-bounds write https://bugs.chromium.org/p/project-zero/issues/detail?id=2126 [00:59:37] One day short of a full chain: Part 1 - Android Kernel arbitrary code execution https://securitylab.github.com/research/one_day_short_of_a_fullchain_android [01:08:07] Exploiting a “Simple” Vulnerability, Part 2 – What If We Made Exploitation Harder? https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder [01:09:11] Playing in the (Windows) Sandbox https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/ [01:09:39] Regexploit: DoS-able Regular Expressions https://blog.doyensec.com/2021/03/11/regexploit.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Episode metadata supplied by the publisher feed · Published Mar 16, 2021

RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible. [00:00:32] Critics fume after Github removes exploit code for Exchange vulnerabilities https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/https://borncity.com/win/2021/03/14/gab-es-beim-exchange-massenhack-ein-leck-bei-microsoft/ [00:09:21] CCTV: Now You See Me, Now You Don't https://research.aurainfosec.io/v380-ip-camera/ [00:13:47] CSRF to RCE Chain in Zabbix [CVE-2021-27927] https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce [00:19:44] Stealing Froxlor login credentials using dangling markup [CVE-2020-29653] https://labs.detectify.com/2021/03/10/cve-2020-29653-stealing-froxlor-login-credentials-dangling-markup/ [00:25:29] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://github.com/gitster/git/commit/684dd4c2b414bcf648505e74498a608f28de4592 [00:30:49] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 [00:33:37] Dell OpenManage Server Administrator File Read [CVE-2020-5377] https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/ [00:38:55] Windows Containers: ContainerUser has Elevated Privileges https://bugs.chromium.org/p/project-zero/issues/detail?id=2127 [00:40:18] Windows Containers: Host Registry Virtual Registry Provider Bypass EoP https://bugs.chromium.org/p/project-zero/issues/detail?id=2129 [00:42:34] F5 Big IP - ASM stack-based buffer overflow in is_hdr_criteria_matches https://bugs.chromium.org/p/project-zero/issues/detail?id=2132 [00:48:59] F5 Big IP - TMM uri_normalize_host infoleak and out-of-bounds write https://bugs.chromium.org/p/project-zero/issues/detail?id=2126 [00:59:37] One day short of a full chain: Part 1 - Android Kernel arbitrary code execution https://securitylab.github.com/research/one_day_short_of_a_fullchain_android [01:08:07] Exploiting a “Simple” Vulnerability, Part 2 – What If We Made Exploitation Harder? https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder [01:09:11] Playing in the (Windows) Sandbox https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/ [01:09:39] Regexploit: DoS-able Regular Expressions https://blog.doyensec.com/2021/03/11/regexploit.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Hacking Cameras, Stealing Logins, and Breaking Git

0:00 1:11:35

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 11 minutes long.

When was this Day[0] episode published?

This episode was published on March 16, 2021.

What is this episode about?

RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible. [00:00:32] Critics fume after Github removes exploit code for Exchange...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!