Session-ception and User Namespaces Strike Again episode artwork

EPISODE · Apr 1, 2025 · 49 MIN

Session-ception and User Namespaces Strike Again

from Day[0] · host dayzerosec

API hacking and bypassing Ubuntu's user namespace restrictions feature in this week's episode, as well as a bug in CimFS for Windows and revisiting the infamous NSO group WebP bug.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/279.html[00:00:00] Introduction[00:00:28] Next.js and the corrupt middleware: the authorizing artifact[00:06:15] Pwning Millions of Smart Weighing Machines with API and Hardware Hacking[00:20:37] oss-sec: Three bypasses of Ubuntu's unprivileged user namespace restrictions[00:32:10] CimFS: Crashing in memory, Finding SYSTEM (Kernel Edition)[00:43:18] Blasting Past Webp[00:47:50] We hacked Google’s A.I Gemini and leaked its source code (at least some part)Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9

Episode metadata supplied by the publisher feed · Published Apr 1, 2025

API hacking and bypassing Ubuntu's user namespace restrictions feature in this week's episode, as well as a bug in CimFS for Windows and revisiting the infamous NSO group WebP bug.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/279.html[00:00:00] Introduction[00:00:28] Next.js and the corrupt middleware: the authorizing artifact[00:06:15] Pwning Millions of Smart Weighing Machines with API and Hardware Hacking[00:20:37] oss-sec: Three bypasses of Ubuntu's unprivileged user namespace restrictions[00:32:10] CimFS: Crashing in memory, Finding SYSTEM (Kernel Edition)[00:43:18] Blasting Past Webp[00:47:50] We hacked Google’s A.I Gemini and leaked its source code (at least some part)Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Session-ception and User Namespaces Strike Again

0:00 49:36

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 49 minutes long.

When was this Day[0] episode published?

This episode was published on April 1, 2025.

What is this episode about?

API hacking and bypassing Ubuntu's user namespace restrictions feature in this week's episode, as well as a bug in CimFS for Windows and revisiting the infamous NSO group WebP bug.Links and vulnerability summaries for this episode are available at:...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!