EPISODE · Apr 20, 2021 · 1H 23M
Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering
from Day[0] · host dayzerosec
Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups. [00:00:26] Project Zero: Policy and Disclosure: 2021 Edition https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html [00:06:27] Remote exploitation of a man-in-the-disk vulnerability in WhatsApp [CVE-2021-24027] https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/ [00:14:06] Allow arbitrary URLs, expect arbitrary code execution https://positive.security/blog/url-open-rce [00:18:29] GHSL-2020-340: log injection in SAP/Infrabox https://securitylab.github.com/advisories/GHSL-2020-340/ [00:22:21] Duo Two-factor Authentication Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/ [00:31:22] [Grammarly] Ability to DOS any organization's SSO and open up the door to account takeovers https://hackerone.com/reports/976603 [00:35:50] From 0 to RCE: Cockpit CMS https://swarm.ptsecurity.com/rce-cockpit-cms/?d [00:41:41] Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape https://www.bugcrowd.com/blog/big-bugs-cve-2020-28914/ [00:48:52] xscreensaver: raw socket leaked https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 [00:51:31] Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086) https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html [00:59:49] Exploiting System Mechanic Driver https://voidsec.com/exploiting-system-mechanic-driver/ [01:03:27] Zero-day vulnerability in Desktop Window Manager used in the wild [CVE-2021-28310] https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/ [01:08:33] Windows Defender mpengine remote code execution [CVE-2021-1647] https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1647.html [01:13:55] ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 https://leethax0.rs/2021/04/ElectricChrome/http://www.phrack.org/papers/attacking_javascript_engines.html [01:20:36] QEMU and U: Whole-system tracing with QEMU customization https://www.atredis.com/blog/qemu-and-u-whole-system-tracing-with-qemu-customization [01:21:31] Learning Resource - Hexterisk Blog https://hexterisk.github.io/blog/posts/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
What this episode covers
Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups. [00:00:26] Project Zero: Policy and Disclosure: 2021 Edition https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html [00:06:27] Remote exploitation of a man-in-the-disk vulnerability in WhatsApp [CVE-2021-24027] https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/ [00:14:06] Allow arbitrary URLs, expect arbitrary code execution https://positive.security/blog/url-open-rce [00:18:29] GHSL-2020-340: log injection in SAP/Infrabox https://securitylab.github.com/advisories/GHSL-2020-340/ [00:22:21] Duo Two-factor Authentication Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/ [00:31:22] [Grammarly] Ability to DOS any organization's SSO and open up the door to account takeovers https://hackerone.com/reports/976603 [00:35:50] From 0 to RCE: Cockpit CMS https://swarm.ptsecurity.com/rce-cockpit-cms/?d [00:41:41] Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape https://www.bugcrowd.com/blog/big-bugs-cve-2020-28914/ [00:48:52] xscreensaver: raw socket leaked https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 [00:51:31] Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086) https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html [00:59:49] Exploiting System Mechanic Driver https://voidsec.com/exploiting-system-mechanic-driver/ [01:03:27] Zero-day vulnerability in Desktop Window Manager used in the wild [CVE-2021-28310] https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/ [01:08:33] Windows Defender mpengine remote code execution [CVE-2021-1647] https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1647.html [01:13:55] ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 https://leethax0.rs/2021/04/ElectricChrome/http://www.phrack.org/papers/attacking_javascript_engines.html [01:20:36] QEMU and U: Whole-system tracing with QEMU customization https://www.atredis.com/blog/qemu-and-u-whole-system-tracing-with-qemu-customization [01:21:31] Learning Resource - Hexterisk Blog https://hexterisk.github.io/blog/posts/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
NOW PLAYING
Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m