Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering episode artwork

EPISODE · Apr 20, 2021 · 1H 23M

Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering

from Day[0] · host dayzerosec

Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups. [00:00:26] Project Zero: Policy and Disclosure: 2021 Edition https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html [00:06:27] Remote exploitation of a man-in-the-disk vulnerability in WhatsApp [CVE-2021-24027] https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/ [00:14:06] Allow arbitrary URLs, expect arbitrary code execution https://positive.security/blog/url-open-rce [00:18:29] GHSL-2020-340: log injection in SAP/Infrabox https://securitylab.github.com/advisories/GHSL-2020-340/ [00:22:21] Duo Two-factor Authentication Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/ [00:31:22] [Grammarly] Ability to DOS any organization's SSO and open up the door to account takeovers https://hackerone.com/reports/976603 [00:35:50] From 0 to RCE: Cockpit CMS https://swarm.ptsecurity.com/rce-cockpit-cms/?d [00:41:41] Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape https://www.bugcrowd.com/blog/big-bugs-cve-2020-28914/ [00:48:52] xscreensaver: raw socket leaked https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 [00:51:31] Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086) https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html [00:59:49] Exploiting System Mechanic Driver https://voidsec.com/exploiting-system-mechanic-driver/ [01:03:27] Zero-day vulnerability in Desktop Window Manager used in the wild [CVE-2021-28310] https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/ [01:08:33] Windows Defender mpengine remote code execution [CVE-2021-1647] https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1647.html [01:13:55] ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 https://leethax0.rs/2021/04/ElectricChrome/http://www.phrack.org/papers/attacking_javascript_engines.html [01:20:36] QEMU and U: Whole-system tracing with QEMU customization https://www.atredis.com/blog/qemu-and-u-whole-system-tracing-with-qemu-customization [01:21:31] Learning Resource - Hexterisk Blog https://hexterisk.github.io/blog/posts/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Episode metadata supplied by the publisher feed · Published Apr 20, 2021

Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups. [00:00:26] Project Zero: Policy and Disclosure: 2021 Edition https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html [00:06:27] Remote exploitation of a man-in-the-disk vulnerability in WhatsApp [CVE-2021-24027] https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/ [00:14:06] Allow arbitrary URLs, expect arbitrary code execution https://positive.security/blog/url-open-rce [00:18:29] GHSL-2020-340: log injection in SAP/Infrabox https://securitylab.github.com/advisories/GHSL-2020-340/ [00:22:21] Duo Two-factor Authentication Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/ [00:31:22] [Grammarly] Ability to DOS any organization's SSO and open up the door to account takeovers https://hackerone.com/reports/976603 [00:35:50] From 0 to RCE: Cockpit CMS https://swarm.ptsecurity.com/rce-cockpit-cms/?d [00:41:41] Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape https://www.bugcrowd.com/blog/big-bugs-cve-2020-28914/ [00:48:52] xscreensaver: raw socket leaked https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 [00:51:31] Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086) https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html [00:59:49] Exploiting System Mechanic Driver https://voidsec.com/exploiting-system-mechanic-driver/ [01:03:27] Zero-day vulnerability in Desktop Window Manager used in the wild [CVE-2021-28310] https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/ [01:08:33] Windows Defender mpengine remote code execution [CVE-2021-1647] https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1647.html [01:13:55] ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 https://leethax0.rs/2021/04/ElectricChrome/http://www.phrack.org/papers/attacking_javascript_engines.html [01:20:36] QEMU and U: Whole-system tracing with QEMU customization https://www.atredis.com/blog/qemu-and-u-whole-system-tracing-with-qemu-customization [01:21:31] Learning Resource - Hexterisk Blog https://hexterisk.github.io/blog/posts/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering

0:00 1:23:50

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 23 minutes long.

When was this Day[0] episode published?

This episode was published on April 20, 2021.

What is this episode about?

Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups. [00:00:26] Project Zero: Policy and Disclosure: 2021...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!