EPISODE · Mar 16, 2021 · 1H 11M
Hacking Cameras, Stealing Logins, and Breaking Git
from Day[0] · host dayzerosec
RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible. [00:00:32] Critics fume after Github removes exploit code for Exchange vulnerabilities https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/https://borncity.com/win/2021/03/14/gab-es-beim-exchange-massenhack-ein-leck-bei-microsoft/ [00:09:21] CCTV: Now You See Me, Now You Don't https://research.aurainfosec.io/v380-ip-camera/ [00:13:47] CSRF to RCE Chain in Zabbix [CVE-2021-27927] https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce [00:19:44] Stealing Froxlor login credentials using dangling markup [CVE-2020-29653] https://labs.detectify.com/2021/03/10/cve-2020-29653-stealing-froxlor-login-credentials-dangling-markup/ [00:25:29] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://github.com/gitster/git/commit/684dd4c2b414bcf648505e74498a608f28de4592 [00:30:49] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 [00:33:37] Dell OpenManage Server Administrator File Read [CVE-2020-5377] https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/ [00:38:55] Windows Containers: ContainerUser has Elevated Privileges https://bugs.chromium.org/p/project-zero/issues/detail?id=2127 [00:40:18] Windows Containers: Host Registry Virtual Registry Provider Bypass EoP https://bugs.chromium.org/p/project-zero/issues/detail?id=2129 [00:42:34] F5 Big IP - ASM stack-based buffer overflow in is_hdr_criteria_matches https://bugs.chromium.org/p/project-zero/issues/detail?id=2132 [00:48:59] F5 Big IP - TMM uri_normalize_host infoleak and out-of-bounds write https://bugs.chromium.org/p/project-zero/issues/detail?id=2126 [00:59:37] One day short of a full chain: Part 1 - Android Kernel arbitrary code execution https://securitylab.github.com/research/one_day_short_of_a_fullchain_android [01:08:07] Exploiting a “Simple” Vulnerability, Part 2 – What If We Made Exploitation Harder? https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder [01:09:11] Playing in the (Windows) Sandbox https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/ [01:09:39] Regexploit: DoS-able Regular Expressions https://blog.doyensec.com/2021/03/11/regexploit.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
What this episode covers
RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible. [00:00:32] Critics fume after Github removes exploit code for Exchange vulnerabilities https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/https://borncity.com/win/2021/03/14/gab-es-beim-exchange-massenhack-ein-leck-bei-microsoft/ [00:09:21] CCTV: Now You See Me, Now You Don't https://research.aurainfosec.io/v380-ip-camera/ [00:13:47] CSRF to RCE Chain in Zabbix [CVE-2021-27927] https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce [00:19:44] Stealing Froxlor login credentials using dangling markup [CVE-2020-29653] https://labs.detectify.com/2021/03/10/cve-2020-29653-stealing-froxlor-login-credentials-dangling-markup/ [00:25:29] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://github.com/gitster/git/commit/684dd4c2b414bcf648505e74498a608f28de4592 [00:30:49] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 [00:33:37] Dell OpenManage Server Administrator File Read [CVE-2020-5377] https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/ [00:38:55] Windows Containers: ContainerUser has Elevated Privileges https://bugs.chromium.org/p/project-zero/issues/detail?id=2127 [00:40:18] Windows Containers: Host Registry Virtual Registry Provider Bypass EoP https://bugs.chromium.org/p/project-zero/issues/detail?id=2129 [00:42:34] F5 Big IP - ASM stack-based buffer overflow in is_hdr_criteria_matches https://bugs.chromium.org/p/project-zero/issues/detail?id=2132 [00:48:59] F5 Big IP - TMM uri_normalize_host infoleak and out-of-bounds write https://bugs.chromium.org/p/project-zero/issues/detail?id=2126 [00:59:37] One day short of a full chain: Part 1 - Android Kernel arbitrary code execution https://securitylab.github.com/research/one_day_short_of_a_fullchain_android [01:08:07] Exploiting a “Simple” Vulnerability, Part 2 – What If We Made Exploitation Harder? https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder [01:09:11] Playing in the (Windows) Sandbox https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/ [01:09:39] Regexploit: DoS-able Regular Expressions https://blog.doyensec.com/2021/03/11/regexploit.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
NOW PLAYING
Hacking Cameras, Stealing Logins, and Breaking Git
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m