Pulling Gemini Secrets and Windows HVPT episode artwork

EPISODE · Apr 16, 2025 · 1H 33M

Pulling Gemini Secrets and Windows HVPT

from Day[0] · host dayzerosec

A long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Windows new Hypervisor-enforced Paging Translation (HVPT).Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/280.html[00:00:00] Introduction[00:00:18] Doing the Due Diligence - Analyzing the Next.js Middleware Bypass [CVE-2025-29927][00:29:20] We hacked Google’s A.I Gemini and leaked its source code (at least some part)[00:44:40] Improper Use of Private iOS APIs in some Vietnamese Banking Apps[00:55:03] Protecting linear address translations with Hypervisor-enforced Paging Translation (HVPT)[01:06:57] Code reuse in the age of kCET and HVCI[01:13:02] GhidraMCP: LLM Assisted RE[01:31:45] Emulating iOS 14 with qemuPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9

Episode metadata supplied by the publisher feed · Published Apr 16, 2025

A long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Windows new Hypervisor-enforced Paging Translation (HVPT).Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/280.html[00:00:00] Introduction[00:00:18] Doing the Due Diligence - Analyzing the Next.js Middleware Bypass [CVE-2025-29927][00:29:20] We hacked Google’s A.I Gemini and leaked its source code (at least some part)[00:44:40] Improper Use of Private iOS APIs in some Vietnamese Banking Apps[00:55:03] Protecting linear address translations with Hypervisor-enforced Paging Translation (HVPT)[01:06:57] Code reuse in the age of kCET and HVCI[01:13:02] GhidraMCP: LLM Assisted RE[01:31:45] Emulating iOS 14 with qemuPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Pulling Gemini Secrets and Windows HVPT

0:00 1:33:22

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 33 minutes long.

When was this Day[0] episode published?

This episode was published on April 16, 2025.

What is this episode about?

A long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Windows new Hypervisor-enforced Paging Translation (HVPT).Links and vulnerability summaries for this episode are...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!