Low-cost Penetration Testing, High Performance Fuzzing and Github RCEs episode artwork

EPISODE · Oct 27, 2020 · 2H 31M

Low-cost Penetration Testing, High Performance Fuzzing and Github RCEs

from Day[0] · host dayzerosec

A lot to cover in this episode, from high performance fuzzing on GPUs, to low-cost pentesters, and APT groups. And, of course many vulns from GitHub RCEs to VMWare Workstation race conditions. [00:01:21] Youtube-dl Cease and Desist [00:14:33] Let’s build a high-performance fuzzer with GPUs! https://gamozolabs.github.io/2020/10/23/some_thoughts_on_gpu_fuzzing.html [00:29:07] Samsung S20 - RCE via Samsung Galaxy Store App [00:33:24] Jitsi Meet Electron - Arbitrary Client Remote Code Execution [CVE-2020-27162] https://github.com/jitsi/jitsi-meet-electron/blob/40866232594442ea77d5144deebcd38ed3d362be/main.js#L126 [00:39:14] 2FA Disable With Wrong Password - Response Tampering. [00:41:22] HTTP Request Smuggling due to CR-to-Hyphen conversion https://hackerone.com/nodejs?type=team [00:46:56] GitHub Gist - Account takeover via open redirect [00:53:19] GitHub - RCE via git option injection (almost) [00:56:36] GitHub Pages - Multiple RCEs via insecure Kramdown configuration [01:01:38] Gateway2Hell - Multiple Privilege Escalation Vulnerabilities in Citrix Gateway Plug-In [01:09:02] Remote code execution on Symfony based websites [01:18:40] Detailing Two VMware Workstation TOCTOU Vulnerabilities [01:25:15] Linksys WRT160NL – Authenticated Remote Buffer Overflow [CVE-2020-26561] [01:32:03] The FreeType Project - Heap buffer overflow due to integer truncation [01:38:54] Uncovering the Hidden Dangers: Finding Unsafe Go Code in the Wild [01:45:15] NSA Warns Chinese State-Sponsored Malicious Cyber Actors Exploiting 25 CVEs [01:57:15] Penetration Testing and Low-Cost Freelancing [02:23:24] WPScan.io "XSS" [02:28:24] MITRE - Adversarial Threat Matrix [02:29:16] Shoutout to Alh4zr3d Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])

Episode metadata supplied by the publisher feed · Published Oct 27, 2020

A lot to cover in this episode, from high performance fuzzing on GPUs, to low-cost pentesters, and APT groups. And, of course many vulns from GitHub RCEs to VMWare Workstation race conditions. [00:01:21] Youtube-dl Cease and Desist [00:14:33] Let’s build a high-performance fuzzer with GPUs! https://gamozolabs.github.io/2020/10/23/some_thoughts_on_gpu_fuzzing.html [00:29:07] Samsung S20 - RCE via Samsung Galaxy Store App [00:33:24] Jitsi Meet Electron - Arbitrary Client Remote Code Execution [CVE-2020-27162] https://github.com/jitsi/jitsi-meet-electron/blob/40866232594442ea77d5144deebcd38ed3d362be/main.js#L126 [00:39:14] 2FA Disable With Wrong Password - Response Tampering. [00:41:22] HTTP Request Smuggling due to CR-to-Hyphen conversion https://hackerone.com/nodejs?type=team [00:46:56] GitHub Gist - Account takeover via open redirect [00:53:19] GitHub - RCE via git option injection (almost) [00:56:36] GitHub Pages - Multiple RCEs via insecure Kramdown configuration [01:01:38] Gateway2Hell - Multiple Privilege Escalation Vulnerabilities in Citrix Gateway Plug-In [01:09:02] Remote code execution on Symfony based websites [01:18:40] Detailing Two VMware Workstation TOCTOU Vulnerabilities [01:25:15] Linksys WRT160NL – Authenticated Remote Buffer Overflow [CVE-2020-26561] [01:32:03] The FreeType Project - Heap buffer overflow due to integer truncation [01:38:54] Uncovering the Hidden Dangers: Finding Unsafe Go Code in the Wild [01:45:15] NSA Warns Chinese State-Sponsored Malicious Cyber Actors Exploiting 25 CVEs [01:57:15] Penetration Testing and Low-Cost Freelancing [02:23:24] WPScan.io "XSS" [02:28:24] MITRE - Adversarial Threat Matrix [02:29:16] Shoutout to Alh4zr3d Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Low-cost Penetration Testing, High Performance Fuzzing and Github RCEs

0:00 2:31:05

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 2 hours and 31 minutes long.

When was this Day[0] episode published?

This episode was published on October 27, 2020.

What is this episode about?

A lot to cover in this episode, from high performance fuzzing on GPUs, to low-cost pentesters, and APT groups. And, of course many vulns from GitHub RCEs to VMWare Workstation race conditions. [00:01:21] Youtube-dl Cease and Desist [00:14:33]...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!