Pwn2own, Linux Kernel Exploits, and Malicious Mail episode artwork

EPISODE · Apr 13, 2021 · 1H 40M

Pwn2own, Linux Kernel Exploits, and Malicious Mail

from Day[0] · host dayzerosec

MD5 is trending in 2021...a few kernel vulnerabilities, and some drama around pwn2own. [00:00:26] Update on git.php.net incident https://externals.io/message/113981 [00:06:38] Pwn2Own 2021 - Results https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results [00:18:53] CSGO exploit allows hackers to steal passwords, and Valve hasn't fixed it https://www.dexerto.com/csgo/csgo-exploit-allows-hackers-steal-passwords-valve-no-fix-1551056/?amp [00:26:20] I Built a TV That Plays All of Your Private YouTube Videos https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/ [00:33:27] Leak of all accounts mail login md5 pass https://hackerone.com/reports/514488 [00:37:11] What if you could deposit money into your Betting account for free? https://mikey96.medium.com/what-if-you-could-deposit-money-into-your-betting-account-for-free-24f6690aff46 [00:41:41] Zero click vulnerability in Apple’s macOS Mail https://mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c [00:44:54] Stored XSS on the DuckDuckGo search results page https://monke.ie/duckduckgoxss/ [00:49:13] Breaking GitHub Private Pages for $35k https://robertchen.cc/blog/2021/04/03/github-pages-xss [00:57:03] Royal Flush: Privilege Escalation Vulnerability in Azure Functions https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/ [01:01:38] QNAP Pre-Auth CGI_Find_Parameter RCE https://ssd-disclosure.com/ssd-advisory-qnap-pre-auth-cgi_find_parameter-rce/ [01:04:14] Domain Time II Upgrade Attack https://blog.grimm-co.com/2021/04/time-for-upgrade.html [01:07:12] Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html [01:15:57] BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.htmlhttps://a13xp0p0v.github.io/2020/02/15/CVE-2019-18683.html [01:28:05] BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html [01:29:07] Exploiting Windows RPC to bypass CFG mitigation https://iamelli0t.github.io/2021/04/10/RPC-Bypass-CFG.htmlhttps://medium.com/@mxatone/mitigation-bounty-from-read-write-anywhere-to-controllable-calls-ca1b9c7c0130#.9l7ejbkij [01:34:00] security things in Linux v5.9 https://outflux.net/blog/archives/2021/04/05/security-things-in-linux-v5-9/https://github.com/gcc-mirror/gcc/commit/d10f3e900b0377b4760a090b0f90371bcef01686https://twitter.com/kees_cook/status/1380271827281276928 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Episode metadata supplied by the publisher feed · Published Apr 13, 2021

MD5 is trending in 2021...a few kernel vulnerabilities, and some drama around pwn2own. [00:00:26] Update on git.php.net incident https://externals.io/message/113981 [00:06:38] Pwn2Own 2021 - Results https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results [00:18:53] CSGO exploit allows hackers to steal passwords, and Valve hasn't fixed it https://www.dexerto.com/csgo/csgo-exploit-allows-hackers-steal-passwords-valve-no-fix-1551056/?amp [00:26:20] I Built a TV That Plays All of Your Private YouTube Videos https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/ [00:33:27] Leak of all accounts mail login md5 pass https://hackerone.com/reports/514488 [00:37:11] What if you could deposit money into your Betting account for free? https://mikey96.medium.com/what-if-you-could-deposit-money-into-your-betting-account-for-free-24f6690aff46 [00:41:41] Zero click vulnerability in Apple’s macOS Mail https://mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c [00:44:54] Stored XSS on the DuckDuckGo search results page https://monke.ie/duckduckgoxss/ [00:49:13] Breaking GitHub Private Pages for $35k https://robertchen.cc/blog/2021/04/03/github-pages-xss [00:57:03] Royal Flush: Privilege Escalation Vulnerability in Azure Functions https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/ [01:01:38] QNAP Pre-Auth CGI_Find_Parameter RCE https://ssd-disclosure.com/ssd-advisory-qnap-pre-auth-cgi_find_parameter-rce/ [01:04:14] Domain Time II Upgrade Attack https://blog.grimm-co.com/2021/04/time-for-upgrade.html [01:07:12] Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html [01:15:57] BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.htmlhttps://a13xp0p0v.github.io/2020/02/15/CVE-2019-18683.html [01:28:05] BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html [01:29:07] Exploiting Windows RPC to bypass CFG mitigation https://iamelli0t.github.io/2021/04/10/RPC-Bypass-CFG.htmlhttps://medium.com/@mxatone/mitigation-bounty-from-read-write-anywhere-to-controllable-calls-ca1b9c7c0130#.9l7ejbkij [01:34:00] security things in Linux v5.9 https://outflux.net/blog/archives/2021/04/05/security-things-in-linux-v5-9/https://github.com/gcc-mirror/gcc/commit/d10f3e900b0377b4760a090b0f90371bcef01686https://twitter.com/kees_cook/status/1380271827281276928 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Pwn2own, Linux Kernel Exploits, and Malicious Mail

0:00 1:40:06

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 40 minutes long.

When was this Day[0] episode published?

This episode was published on April 13, 2021.

What is this episode about?

MD5 is trending in 2021...a few kernel vulnerabilities, and some drama around pwn2own. [00:00:26] Update on git.php.net incident https://externals.io/message/113981 [00:06:38] Pwn2Own 2021 -...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!