EPISODE · Jan 5, 2021 · 1H 31M
Hacking Nintendo 3DS, Apple vs Corellium, and Android Bugs
from Day[0] · host dayzerosec
An update on Apple v. Corellium, some 3DS vulnerabilities, and some drama on this weeks episode. [00:00:34] Remote Chaos Experience https://media.ccc.de/c/rc3 [00:20:06] Apple Inc. v. Corellium, LLC https://www.courtlistener.com/docket/16064642/784/apple-inc-v-corellium-llc/ [00:28:17] The Great Suspender - New maintainer is probably malicious https://github.com/greatsuspender/thegreatsuspender/issues/1263 [00:36:59] An HTML Injection Worth 600$ Dollars https://medium.com/bugbountywriteup/a-html-injection-worth-600-dollars-5f065be0ab49 [00:44:06] Zoom Meeting Connector Post-Auth Remote Root https://packetstormsecurity.com/files/160736/zoomer.py.txt [00:46:21] Hijacking Google Docs Screenshots https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/ [00:49:49] Nintendo 3DS - Improper certificate validation allows an attacker to perform MitM attacks https://hackerone.com/reports/894922 [00:52:02] Nintendo 3DS - Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player https://hackerone.com/reports/897606https://twitter.com/forestillusion/status/1341230631913541633https://news.ycombinator.com/item?id=25508782 [00:55:45] Apple macOS 6LowPAN Vulnerability [CVE-2020-9967] https://alexplaskett.github.io/CVE-2020-9967/ [01:01:24] An iOS hacker tries Android https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html [01:14:29] Turning Imprisonment to Advantage in the FreeBSD ftpd chroot Jail [CVE-2020-7468] https://www.thezdi.com/blog/2020/12/21/cve-2020-7468-turning-imprisonment-to-advantage-in-the-freebsd-ftpd-chroot-jail [01:18:36] Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More) https://arxiv.org/abs/2012.07432 [01:27:17] Helping secure DOMPurify (part 1) https://research.securitum.com/helping-secure-dompurify-part-1/ [01:28:23] A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation https://github.com/ant4g0nist/Vulnerable-Kext [01:30:01] PS4 7.02 WebKit + Kernel Chain Implementation https://github.com/ChendoChap/ps4-ipv6-uaf/tree/7.00-7.02 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
What this episode covers
An update on Apple v. Corellium, some 3DS vulnerabilities, and some drama on this weeks episode. [00:00:34] Remote Chaos Experience https://media.ccc.de/c/rc3 [00:20:06] Apple Inc. v. Corellium, LLC https://www.courtlistener.com/docket/16064642/784/apple-inc-v-corellium-llc/ [00:28:17] The Great Suspender - New maintainer is probably malicious https://github.com/greatsuspender/thegreatsuspender/issues/1263 [00:36:59] An HTML Injection Worth 600$ Dollars https://medium.com/bugbountywriteup/a-html-injection-worth-600-dollars-5f065be0ab49 [00:44:06] Zoom Meeting Connector Post-Auth Remote Root https://packetstormsecurity.com/files/160736/zoomer.py.txt [00:46:21] Hijacking Google Docs Screenshots https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/ [00:49:49] Nintendo 3DS - Improper certificate validation allows an attacker to perform MitM attacks https://hackerone.com/reports/894922 [00:52:02] Nintendo 3DS - Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player https://hackerone.com/reports/897606https://twitter.com/forestillusion/status/1341230631913541633https://news.ycombinator.com/item?id=25508782 [00:55:45] Apple macOS 6LowPAN Vulnerability [CVE-2020-9967] https://alexplaskett.github.io/CVE-2020-9967/ [01:01:24] An iOS hacker tries Android https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html [01:14:29] Turning Imprisonment to Advantage in the FreeBSD ftpd chroot Jail [CVE-2020-7468] https://www.thezdi.com/blog/2020/12/21/cve-2020-7468-turning-imprisonment-to-advantage-in-the-freebsd-ftpd-chroot-jail [01:18:36] Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More) https://arxiv.org/abs/2012.07432 [01:27:17] Helping secure DOMPurify (part 1) https://research.securitum.com/helping-secure-dompurify-part-1/ [01:28:23] A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation https://github.com/ant4g0nist/Vulnerable-Kext [01:30:01] PS4 7.02 WebKit + Kernel Chain Implementation https://github.com/ChendoChap/ps4-ipv6-uaf/tree/7.00-7.02 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
NOW PLAYING
Hacking Nintendo 3DS, Apple vs Corellium, and Android Bugs
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m