EPISODE · Feb 9, 2021 · 1H 34M
MediaTek BootROM Broken, Free Coffee, and an iOS Kernel Exploit
from Day[0] · host dayzerosec
A lot of discussion this week about OSS security and security processes, an iOS kernel type confusion and MediaTek Bootloader bypass impacting everything since atleast 2014. [00:04:54] Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html [00:15:18] Launching OSV - Better vulnerability triage for open source https://security.googleblog.com/2021/02/launching-osv-better-vulnerability.html [00:22:38] Most Common Bugs of 2021 So Far https://www.bugcrowd.com/blog/common-bugs-of-2021/ [00:31:59] Exploiting the Nespresso smart cards for fun and coffee https://pollevanhoof.be/nuggets/smart_cards/nespresso [00:39:10] Spoofing and Attacking With Skype https://blog.thecybersecuritytutor.com/spoofing-and-attacking-with-skype/ [00:45:01] Getting root on webOS https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html [00:51:31] Applying Offensive Reverse Engineering to Facebook Gameroom https://spaceraccoon.dev/applying-offensive-reverse-engineering-to-facebook-gameroom [00:59:36] Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered [01:06:32] MTK Bypass Universal https://megafon929.github.io/mtk [01:14:13] Project Zero: iOS Kernel privesc with turnstiles [CVE-2020-27932] https://googleprojectzero.blogspot.com/p/rca-cve-2020-27932.htmlhttps://googleprojectzero.blogspot.com/p/rca.html [01:21:41] Why Security Defects Go Unnoticed during Code Reviews? http://amiangshu.com/papers/paul-ICSE-2021.pdf Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
What this episode covers
A lot of discussion this week about OSS security and security processes, an iOS kernel type confusion and MediaTek Bootloader bypass impacting everything since atleast 2014. [00:04:54] Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html [00:15:18] Launching OSV - Better vulnerability triage for open source https://security.googleblog.com/2021/02/launching-osv-better-vulnerability.html [00:22:38] Most Common Bugs of 2021 So Far https://www.bugcrowd.com/blog/common-bugs-of-2021/ [00:31:59] Exploiting the Nespresso smart cards for fun and coffee https://pollevanhoof.be/nuggets/smart_cards/nespresso [00:39:10] Spoofing and Attacking With Skype https://blog.thecybersecuritytutor.com/spoofing-and-attacking-with-skype/ [00:45:01] Getting root on webOS https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html [00:51:31] Applying Offensive Reverse Engineering to Facebook Gameroom https://spaceraccoon.dev/applying-offensive-reverse-engineering-to-facebook-gameroom [00:59:36] Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered [01:06:32] MTK Bypass Universal https://megafon929.github.io/mtk [01:14:13] Project Zero: iOS Kernel privesc with turnstiles [CVE-2020-27932] https://googleprojectzero.blogspot.com/p/rca-cve-2020-27932.htmlhttps://googleprojectzero.blogspot.com/p/rca.html [01:21:41] Why Security Defects Go Unnoticed during Code Reviews? http://amiangshu.com/papers/paul-ICSE-2021.pdf Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
NOW PLAYING
MediaTek BootROM Broken, Free Coffee, and an iOS Kernel Exploit
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m