All Episodes
Day[0] — 283 episodes
The Future
Exploiting VS Code with Control Characters
Mitigating Browser Hacking - Interview with John Carse (SquareX Field CISO)
Pulling Gemini Secrets and Windows HVPT
Session-ception and User Namespaces Strike Again
Extracting YouTube Creator Emails and Spilling Azure Secrets
ESP32 Backdoor Drama and SAML Auth Bypasses
Exploiting Xbox 360 Hypervisor and Microcode Hacking
Path Confusion and Mixing Public/Private Keys
ZDI's Triaging Troubles and LibreOffice Exploits
Recycling Exploits in MacOS and Pirating Audiobooks
Top 10 Web Hacking Techniques and Windows Shadow Stacks
Unicode Troubles, Bypassing CFG, and Racey Pointer Updates
Deanonymization with CloudFlare and Subaru's Security Woes
Excavating Exploits and PHP Footguns
WhatsApp vs. NSO and CCC Talks
Buggy Operating Systems Are Coming to Town
Machine Learning Attacks and Tricky Null Bytes
A Windows Keyhole and Buggy OAuth
Linux Is Still a Mess and Vaultwarden Auth Issues
FortiJump Higher, Pishi, and Breaking Control Flow Flattening
Static Analysis, LLMs, and In-The-Wild Exploit Chains
Attacking Browser Extensions and CyberPanel
Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation
Zendesk's Email Fiasco and Rooting Linux with a Lighter
Summer Recap: Phrack, Off-by-One, and RCEs
Attack of the CUPS and Exploiting Web Views via HSTS
Future of the Windows Kernel and Encryption Nonce Reuse
Iterating Exploits & Extracting SGX Keys
Memory Corruption: Best Tackled with Mitigations or Safe-Languages
[discussion] A Retrospective and Future Look Into DAY[0]
[binary] Bypassing KASLR and a FortiGate RCE
[bounty] RCE'ing Mailspring and a .NET CRLF Injection
[binary] Future of Exploit Development Followup
[bounty] libXPC to Root and Digital Lockpicking
[binary] Binary Ninja Free and K-LEAK
[bounty] Hacking Google AI and SAML
[binary] Rust Memory Corruption???
[bounty] A PHP and Joomla Bug and some DOM Clobbering
[binary] Linux Burns Down CVEs
[bounty] GhostCMS, ClamAV, and the Top Web Hacking Techniques of 2023
[binary] kCTF Changes, LogMeIn, and wlan VFS Bugs
[bounty] The End of a DEFCON Era and Flipper Zero Woes
[binary] The Syslog Special
[bounty] Public Private Android Keys and Docker Escapes
[binary] Busted ASLR, PixieFail, and Bypassing HVCI
[bounty] Reborn Homograph Attacks and Ransacking Passwords
[binary] Bypassing Chromecast Secure-Boot and Exploiting Factorio
[bounty] A GitLab Account Takeover and a Coldfusion RCE
[binary] Allocator MTE, libwebp, and Operation Triangulation
[bounty] Spoofing Emails, PandoraFMS, and Keycloak
[binary] RetSpill, A Safari Vuln, and Steam RCE
[bounty] IOT Issues and DNS Rebinding
[binary] Samsung Baseband and GPU Vulns
[bounty] Buggy Cookies and a macOS TCC Bypass
[binary] Hypervisor Bugs and a FAR-out iOS bug
[bounty] Kubernetes Code Exec and There Is No Spoon
[binary] A Heap of Linux Bugs
[bounty] Prompting for Secrets and Malicious Extensions
[binary] A Bundle of Windows Bugs
[bounty] Usurping Mastodon and Broken Signature Schemes
[binary] MTE Debuts, DNS Client Exploits, and iTLB Multihit
[bounty] Attacking OAuth, Citrix, and some P2O Drama
[binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY
[bounty] Rapid Reset, Attacking AWS Cognito, and Confluence Bugs
[binary] A Chrome RCE, WebP 0day, and glibc LPE
[bounty] Insecure Firewalls, MyBB, and Winning with WinRAR
[binary] Busted Stack Protectors, MTE, and AI Powered Fuzzing
[bounty] DEF CON, HardwearIO, Broken Caching, and Dropping Headers
[binary] Exploiting VMware Workstation and the Return of CSG0-Days
[bounty] Jellyfin Exploits and TOCTOU Spellcasting
[binary] Attacking VirtualBox and Malicious Chess
[bounty] OverlayFS to Root and Parallels Desktop Escapes
[binary] TPMs and Baseband Bugs
[bounty] Bad Ordering, Free OpenAI Credits, and Goodbye Passwords?
[binary] A Timing Side-Channel for Kernel Exploitation and VR in the wake of Rust
[bounty] Git Config Injection and a Sophos Pre-Auth RCE
[binary] A Ghostscript RCE and a Windows Registry Bug
[bounty] SecurePoint UTM, Chfn, and Docker Named Pipe Vulns
[binary] Glitching the Wii-U and Integer Overflows
[bounty] Pentaho Pre-Auth RCE and Theft by CAN Injection
[binary] A SNIProxy Bug and a Samsung NPU Double Free
[bounty] Bamboozling Bing and a Curl Gotcha
[binary] 200th Episode! Integer Bugs & Synthetic Memory Protections
[bounty] Bypassing CloudTrail and Tricking GPTs
[binary] TOCTOUs in Intel SMM and Shannon Baseband Bugs
[bounty] Popping Azure Web Services and Apollo Config Bugs
[binary] An OpenBSD overflow and TPM bugs
[bounty] Stealing Secrets with Security Advisories and CorePlague
[binary] Hacking the DSi and some Fuzzing Tips
[bounty] ImageMagick, Cracking SmartLocks, and Broken OAuth
[binary] A GPU Bug and the World's Worst Fuzzer Findings
[bounty] Param Pollution in Golang, OpenEMR, and CRLF Injection
[binary] Fuzzing cURL, Netatalk, and an Emulator Escape
[bounty] Compromising Azure, Password Verification Fails, and Readline Crime
[binary] Rusty Kernel Bugs, mast1c0re, and OpenSSH
[bounty] Top 2022 Web Hacking Techniques and a Binance Bug
[binary] An XNU Exploit and a Chrome Heap Overflow
[bounty] Facebook Account Takeovers and a vBulletin RCE
[binary] KASAN comes to Windows and Shuffling ROP Gadgets
[bounty] CSS Injection and a Google Cloud Project Takeover Bug
[binary] Exploiting Null Derefs and Windows Type COM-fusion
[bounty] Cloud Bugs and More Vulns in Galaxy App Store
[binary] An iPod Nano Bug, XNU Vuln, and a WebKit UAF
[bounty] Client-Side Path Traversal and Hiding Your Entitlement(s)
[binary] Attacking Bhyves and a Kernel UAF
[bounty] Web Hackers vs. Cars and a Facebook Account Takeover
[binary] JS Type Confusions and Bringing Back Stack Attacks
[bounty] Pwn2Own Bugs and WAF Bypasses
[binary] A Huawei Hypervisor Vuln and More Memory Safety
[bounty] Remotely Controlling Hyundai and a League of Legends XSS
[binary] Patch Gaps and Apple Neural Engine Vulns
[bounty] Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage
[binary] Hacking Pixel Bootloaders and Injecting Bugs
[bounty] Racing Grafana, Stealing Mastadon Passwords, and Cross-Site Tracing
[binary] Exploiting Undefined Behavior and a Chrome UAF
[bounty] Bypassing Pixel Lock Screens and Checkmk RCE
[binary] OpenSSL Off-by-One, Java XML Bugs, and an In-the-Wild Samsung Chain
[bounty] Apache Batik, Static Site Generators, and an Android App Vuln
[binary] XNU's kalloc_type, Stranger Strings, and a NetBSD Bug
[bounty] A Galaxy Store Bug, Facebook CSRF, and Google IDOR
[binary] Edge Vulns, a SHA-3 Overflow, and an io_uring Exploit
[bounty] XMPP Stanza Smuggling in Jabber and a Cobalt Strike RCE
[binary] Some Browser Exploitation and a Format String Bug?
[bounty] GitHub to GitLab RCE and a new PHP Supply Chain Attack
[binary] i.MX Secure Boot Bypass and a Hancom Office Underflow
[bounty] Got UNIX Sockets and Some Filter Bypasses?
[binary] Pwning Scoreboards, uClibC, and PS5 Exploitation
[bounty] Akamai Cache Poisoning and a Chrome Universal XSS
[binary] SoCs with Holes, Crow HTTP Bugs, and Bypassing Intel CET
[bounty] Web3 Universal XSS, Breaking BitBucket, and WAF Bypasses
[binary] An iOS Bug, Attacking Titan-M, and MTE Arrives
[bounty] Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling
[binary] Fuchsia OS, Printer Bugs, and Hacking Radare2
[bounty] A Zoom RCE, VMware Auth Bypass, and GitLab Stored XSS
[binary] Pwn2Own, Parallels Desktop, and an AppleAVD Bug
[bounty] Stealing DropBox Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability
[binary] Python 3 UAF and PS4/PS5 PPPoE Kernel Bug
[bounty] Deleting Rubygems, BIG-IP Auth Bypass, and a Priceline Account Takeover
[binary] Pwn2Owning Routers and Anker Eufy Bugs
[bounty] Cloudflare Pages, Hacking a Bank, and Attacking Price Oracles
[binary] NimbusPwn, a CLFS Vulnerability, and DatAFLow (Fuzzing)
[bounty] XSS for NFTs, a VMWare Workspace ONE UEM SSRF, and GitLab CI Container Escape
[binary] Getting into Vulnerability Research and a FUSE use-after-free
[bounty] A Struts RCE, Broken Java ECDSA (Psychic Signatures) and a Bad Log4Shell Fix
[binary] Another iOS Bug and Edge Chakra Exploitation
[bounty] Taking Over an Internal AWS Service and an Interesting XSS Vector
[binary] A subtle iOS parsing bug and a PHP use-after-free
[bounty] A Double-Edged SSRF, Pritunl VPN LPE, and a NodeBB Vuln
[binary] FORCEDENTRY Sandbox Escape and NetFilter Bugs
[bounty] Spring4Shell, PEAR Bugs, and GitLab Hardcoded Passwords
[binary] Pwning WD NAS, NetGear Routers, and Overflowing Kernel Pages
[bounty] GitLab Arbitrary File Read and Bypassing PHP's filter_var
[binary] Chrome Heap OOB Access and TLStorm
[bounty] DOMPDF XSS to RCE, Chrome Leaking Envrionment Vars, and cr8escape
[binary] A Windows UAF, Branch Prediction Bugs, and an io_uring Exploit
[bounty] Pascom RCE, AutoWarp, and a GKE Container Escape
[binary] Dirty Pipe and Analyzing Memory Tagging
[bounty] Facebook Exploits, pfSense RCE, and MySQLjs SQLi
[binary] ImageGear JPEG Vulns, NetFilter, and a LibCurl Memory Disclosure
[bounty] DynamicWeb RCE, VMWare Bugs, and Exploiting GitHub Actions
[binary] Zynq-7000 Secure Boot Bypass and Compiler-Created Bugs
[bounty] CoinDesk, Zabbix, and Leaking Secrets Through Mirrored Repos
[binary] Another Kernel TIPC Bug, MySQL, and Buggy Go
[bounty] Baby Monitor Bugs, Grafana, and Twitter De-anonymization
[binary] Fastly Infoleak, Samba OOB Access, and Pwning MacOS
[bounty] Hacking Google Drive Integrations and XSS Puzzles
[binary] PwnKit, a Win32k Type Confusion, and Binary Ninja 3.0
[bounty] Zoho Auth Bypass, a Bogus Bug, and Leaking Microsoft Bug Reports
[binary] NetUSB RCE, a Linux Kernel Heap Overflow, and an XNU Use-After-Free
[bounty] Bypassing Box MFA and Bad AES Key Generation
[binary] Pwning Camera and Overflowing your Integers
[bounty] Bad Code and Bad URLs
[Binary] Rooting Ubuntu By Accident and Samsung Kernel Bugs
[Bounty] RocketChat RCE, Flickr, and a Critical Smart Contract Bug
An Android Kernel Bug and a Chrome+Edge Bug [Binary Exploitation]
Log4j RCE coming to a service near you and uBlock CSS Injection [Bounty]
MediaTek, Yet Another Chrome Bug, and BigSig [Binary Exploitation]
Bypassing MFA, WebCache Poisoning, and AWS SageMaker [Bounty Hunting]
KVM Bugs and an iOS IOMFB Kernel Exploit [Binary Exploitation]
GitLab Prototype Pollution and Some Authentication Bypasses [Bounty Hunting]
Hacking Neural Nets, a Chrome WebRTC UAF and Pwning Windows [Binary Exploitation]
Big Bounties by Exploiting WebKit's CSP & Concrete CMS Bugs [Bounty Hunting]
DDR4 Rowhammer, Azure Bugs, "Essential 0days", and Backdoored IDA [Binary Exploitation]
Rust in the Web? A Special Guest and some Bad Crypto [Bounty Hunting]
A too trusty TrustZone and a few Linux Kernel bugs [Binary Exploitation]
A MacOS SIP Bypass & an XSS Fiesta [Bounty Hunting]
Type Confusion in Android NFC, PHP-FPM Local Privilege Escalation, and CallbackHell [Binary Exploitation]
Discourse SNS RCE, a Stored XSS in GitLab, and a Reddit Race Condition [Bug Hunting]
A Kernel Race, SuDump, and a Chrome Garbage Collector Bug [Exploit Dev/VR]
A Slack Attack and a MySQL Scientific Notation Bug [Bug Hunting]
WebKit Bugs, a Windows Race, and House of IO Improved [Exploit Dev/VR]
WebSocket Hijacking, GitHub review bypass and SQLi to RCE [Bug Hunting]
HyperKit Bugs & an Open5GS Stack Overflow [Binary Exploitation]
SharePoint RCE & an Apache Path Traversal [Bug Hunting]
Chrome Exploits and a Firefox Update Bug [Binary Exploitation]
Gatekeeper Bypass, Opera RCE, and Prototype Pollution [Bounty Hunting]
Kernel UAFs and a Parallels VM Escape [Binary Exploitation]
iOS 0days, Apache Dubbo RCEs, and NPM bugs [Bounty Hunting]
A Curl UAF, iPhone FORCEDENTRY, and a Crazy HP OMEN Driver [Binary Exploitation]
A Flickr CSRF, GitLab, & OMIGOD, Azure again? [Bounty Hunting]
NETGEAR smart switches, SpookJS, & Parallels Desktop [Binary Exploitation]
Reused VMWare exploits & Escaping Azure Container Instances [Bounty Hunting]
Escaping the Bhyve, WhatsApp, & BrakTooth [Binary Exploitation]
Takeover A Facebook, SnapChat or JetBrains Account [Bounty Hunting]
NoSQL Injection, Mobile Misconfigurations and a Wormable Windows Bug
Cross-Browser Tracking, Frag Attacks, and Malicious Rust Macros
Fake Vulns, More Valve, and an AWS Cognito issue
Defcon Quals, Dead μops, BadAllocs, Wordpress XXE
Bad Patches, Fuzzing Sockets, & 3DS Hacked by Super Mario
Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering
Pwn2own, Linux Kernel Exploits, and Malicious Mail
Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat
Google exposes an APT campaign, PHP owned, and Several Auth Issues
Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!
Hacking Cameras, Stealing Logins, and Breaking Git
Buggy Browsers, Heap Grooming, and Broken RSA?
BlackHat USA, Pre-Auth RCEs, and JSON Smuggling
PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking
Industrial Control Fails and a Package disguised in your own supply
MediaTek BootROM Broken, Free Coffee, and an iOS Kernel Exploit
OSED, North Korean hackers, NAT Slipstream 2.0, and PGP (in)security
Snooping YouTube History and Breaking State Machines
Breaking Lock Screens & The Great Vbox Escape
Universal Deserialization, Stealing Youtube Videos, and CTFs
Hacking Nintendo 3DS, Apple vs Corellium, and Android Bugs
Fireeye, PS4 exploit, and MacOS LPE
Rooting iOS, Hacking with cURL, and the end of Use-After-Free
Bad Blocklists, Legal News, and Windows Vulns
Jailbreaks, Stealing Playstation Accounts, and Automatic Exploit Generation
Hacking Voatz and Rooting Ubuntu
Pwn2Own, Tianfu Cup, and Other Hacks
A Look At OSEP, Hacking Metasploit and the Legal Risks of Research
Low-cost Penetration Testing, High Performance Fuzzing and Github RCEs
Some Discord, a Bad Neighbor and a BleedingTooth
Breaking into HashiCorp Vault, Apple and Google
Fingerprinting Exploit Devs, BLURtooth and Punking Punkbuster
Instagram Hacks, Half-life 1 Exploits, and Gaslighting Android
Bhyves and Evil LEDs (+Roulette)
Raccoons, Incomplete fixes and Kernel Exploits
Zoom E2E, 15 year old bugs, and killing 20 year old attacks
iOS 0days are worthless, PrintDemon, and a takeover of hackerone
Defcon is canceled, Microsoft was hacked, Rust has vulns
Auth Bypass, XSS, RCE and more
Relyze Decompiler, jQuery XSS, Sandbox Escaping and 0-Click Mail RCE
Binary Ninja's Decompiler, git credential leak, cross-platform LPEs
IDA...Go home, Sandboxie source, and some RCEs (TP-Link, Starcraft 1, OhMyZsh)
Zoom-ers, VM Escapes, and Pegasus Resurfaces
A shortcut (.lnk) to RCE, Pi-Hole, Shadow Stacks, and fine-grained kASLR
Pwn2Own Results, Voatz (again), some web-exploits and a code-reuse mitigation
How to Hack a CTF and more (LVI, TRRespass and some web-exploits)
FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging
kr00k, GhostCat, and more issues from NordVPN, Samsung, OpenSMTPd
A Dark White-Hat hacker? and various vulns ft. Cisco, Periscope, NordVPN and Tesla/EyeQ
A New PWK/OSCP, Election Hacking, Kernel Exploits, and Fuzzing
Hack Twitter, WhatsApp and all your Cisco phones (CDPwn) ft. GhostKnight
OK Google, sudo ./hacktheplanet
Return of the Zombieload, Bezos Hacked, and other exploits
Project Verona, CurveBall, CableHaunt, and RCEs-a-plenty
SHA-mbles, Shitrix, Responsible Disclosure, and wtf is TikTok doing?
First Edge bounty, Hacking Tesla via Wi-Fi, Cisco advisories, and Shadow Clones
PlunderVolt, Real-World Bug Hunting, Presidents Cup CTF, SockPuppet and more
Permanent DoS, HackerOne Hacked, and Wide-OpenBSD
CWE Top 25, Hacking Anti-Viruses and Adversarial Machine Learning Attacks
What does the NSA say?
Election hacking, Kernel Security, MDS Attacks and Github's Security Lab
Rogue Employees, Lasers, Fuzzing, and an iOS Exploit (checkra1n)
A Bit of everything: 0days, Breaches, Lawsuits, Attacking AI, and some insecure
NordVPN Again, Snowden, CPDoS, a PHP-RCE, and some console hacking
Linux Exploits, Secure Credentials, Side-Channels and Election(SDK) hacking
When your errors have errors...
Exploits-galore iOS (checkm8), Android, Signal, Whatsapp, PHP and more
Offensive Security's OSWE/AWAE, Massive Security failures, and a handful of cool attacks
Intel has done it again, ft. Zombies, Cats, and Windows exploits
The Unhackable Morpheus chip and other exploit mitigations
Another CSG0-day, Ransomware? and a 36 year old vuln
Docker, Government Attacks, and Best Practices
Fun Malware, Fun AI Tricks, and General Fun
Compromises, Challenge Design, and 0days
CTFs, Backdoors, and Control Flow Integrity
RE Tools, Ethereum, and Plaintext Passwords
CSG0-Days, Exploit Mitigations, and Voting Systems
Zero-Days, Ghidra, and Questionable CVE's