Day[0] cover art

All Episodes

Day[0] — 283 episodes

#
Title
1

The Future

2

Exploiting VS Code with Control Characters

3

Mitigating Browser Hacking - Interview with John Carse (SquareX Field CISO)

4

Pulling Gemini Secrets and Windows HVPT

5

Session-ception and User Namespaces Strike Again

6

Extracting YouTube Creator Emails and Spilling Azure Secrets

7

ESP32 Backdoor Drama and SAML Auth Bypasses

8

Exploiting Xbox 360 Hypervisor and Microcode Hacking

9

Path Confusion and Mixing Public/Private Keys

10

ZDI's Triaging Troubles and LibreOffice Exploits

11

Recycling Exploits in MacOS and Pirating Audiobooks

12

Top 10 Web Hacking Techniques and Windows Shadow Stacks

13

Unicode Troubles, Bypassing CFG, and Racey Pointer Updates

14

Deanonymization with CloudFlare and Subaru's Security Woes

15

Excavating Exploits and PHP Footguns

16

WhatsApp vs. NSO and CCC Talks

17

Buggy Operating Systems Are Coming to Town

18

Machine Learning Attacks and Tricky Null Bytes

19

A Windows Keyhole and Buggy OAuth

20

Linux Is Still a Mess and Vaultwarden Auth Issues

21

FortiJump Higher, Pishi, and Breaking Control Flow Flattening

22

Static Analysis, LLMs, and In-The-Wild Exploit Chains

23

Attacking Browser Extensions and CyberPanel

24

Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation

25

Zendesk's Email Fiasco and Rooting Linux with a Lighter

26

Summer Recap: Phrack, Off-by-One, and RCEs

27

Attack of the CUPS and Exploiting Web Views via HSTS

28

Future of the Windows Kernel and Encryption Nonce Reuse

29

Iterating Exploits & Extracting SGX Keys

30

Memory Corruption: Best Tackled with Mitigations or Safe-Languages

31

[discussion] A Retrospective and Future Look Into DAY[0]

32

[binary] Bypassing KASLR and a FortiGate RCE

33

[bounty] RCE'ing Mailspring and a .NET CRLF Injection

34

[binary] Future of Exploit Development Followup

35

[bounty] libXPC to Root and Digital Lockpicking

36

[binary] Binary Ninja Free and K-LEAK

37

[bounty] Hacking Google AI and SAML

38

[binary] Rust Memory Corruption???

39

[bounty] A PHP and Joomla Bug and some DOM Clobbering

40

[binary] Linux Burns Down CVEs

41

[bounty] GhostCMS, ClamAV, and the Top Web Hacking Techniques of 2023

42

[binary] kCTF Changes, LogMeIn, and wlan VFS Bugs

43

[bounty] The End of a DEFCON Era and Flipper Zero Woes

44

[binary] The Syslog Special

45

[bounty] Public Private Android Keys and Docker Escapes

46

[binary] Busted ASLR, PixieFail, and Bypassing HVCI

47

[bounty] Reborn Homograph Attacks and Ransacking Passwords

48

[binary] Bypassing Chromecast Secure-Boot and Exploiting Factorio

49

[bounty] A GitLab Account Takeover and a Coldfusion RCE

50

[binary] Allocator MTE, libwebp, and Operation Triangulation

51

[bounty] Spoofing Emails, PandoraFMS, and Keycloak

52

[binary] RetSpill, A Safari Vuln, and Steam RCE

53

[bounty] IOT Issues and DNS Rebinding

54

[binary] Samsung Baseband and GPU Vulns

55

[bounty] Buggy Cookies and a macOS TCC Bypass

56

[binary] Hypervisor Bugs and a FAR-out iOS bug

57

[bounty] Kubernetes Code Exec and There Is No Spoon

58

[binary] A Heap of Linux Bugs

59

[bounty] Prompting for Secrets and Malicious Extensions

60

[binary] A Bundle of Windows Bugs

61

[bounty] Usurping Mastodon and Broken Signature Schemes

62

[binary] MTE Debuts, DNS Client Exploits, and iTLB Multihit

63

[bounty] Attacking OAuth, Citrix, and some P2O Drama

64

[binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY

65

[bounty] Rapid Reset, Attacking AWS Cognito, and Confluence Bugs

66

[binary] A Chrome RCE, WebP 0day, and glibc LPE

67

[bounty] Insecure Firewalls, MyBB, and Winning with WinRAR

68

[binary] Busted Stack Protectors, MTE, and AI Powered Fuzzing

69

[bounty] DEF CON, HardwearIO, Broken Caching, and Dropping Headers

70

[binary] Exploiting VMware Workstation and the Return of CSG0-Days

71

[bounty] Jellyfin Exploits and TOCTOU Spellcasting

72

[binary] Attacking VirtualBox and Malicious Chess

73

[bounty] OverlayFS to Root and Parallels Desktop Escapes

74

[binary] TPMs and Baseband Bugs

75

[bounty] Bad Ordering, Free OpenAI Credits, and Goodbye Passwords?

76

[binary] A Timing Side-Channel for Kernel Exploitation and VR in the wake of Rust

77

[bounty] Git Config Injection and a Sophos Pre-Auth RCE

78

[binary] A Ghostscript RCE and a Windows Registry Bug

79

[bounty] SecurePoint UTM, Chfn, and Docker Named Pipe Vulns

80

[binary] Glitching the Wii-U and Integer Overflows

81

[bounty] Pentaho Pre-Auth RCE and Theft by CAN Injection

82

[binary] A SNIProxy Bug and a Samsung NPU Double Free

83

[bounty] Bamboozling Bing and a Curl Gotcha

84

[binary] 200th Episode! Integer Bugs & Synthetic Memory Protections

85

[bounty] Bypassing CloudTrail and Tricking GPTs

86

[binary] TOCTOUs in Intel SMM and Shannon Baseband Bugs

87

[bounty] Popping Azure Web Services and Apollo Config Bugs

88

[binary] An OpenBSD overflow and TPM bugs

89

[bounty] Stealing Secrets with Security Advisories and CorePlague

90

[binary] Hacking the DSi and some Fuzzing Tips

91

[bounty] ImageMagick, Cracking SmartLocks, and Broken OAuth

92

[binary] A GPU Bug and the World's Worst Fuzzer Findings

93

[bounty] Param Pollution in Golang, OpenEMR, and CRLF Injection

94

[binary] Fuzzing cURL, Netatalk, and an Emulator Escape

95

[bounty] Compromising Azure, Password Verification Fails, and Readline Crime

96

[binary] Rusty Kernel Bugs, mast1c0re, and OpenSSH

97

[bounty] Top 2022 Web Hacking Techniques and a Binance Bug

98

[binary] An XNU Exploit and a Chrome Heap Overflow

99

[bounty] Facebook Account Takeovers and a vBulletin RCE

100

[binary] KASAN comes to Windows and Shuffling ROP Gadgets

101

[bounty] CSS Injection and a Google Cloud Project Takeover Bug

102

[binary] Exploiting Null Derefs and Windows Type COM-fusion

103

[bounty] Cloud Bugs and More Vulns in Galaxy App Store

104

[binary] An iPod Nano Bug, XNU Vuln, and a WebKit UAF

105

[bounty] Client-Side Path Traversal and Hiding Your Entitlement(s)

106

[binary] Attacking Bhyves and a Kernel UAF

107

[bounty] Web Hackers vs. Cars and a Facebook Account Takeover

108

[binary] JS Type Confusions and Bringing Back Stack Attacks

109

[bounty] Pwn2Own Bugs and WAF Bypasses

110

[binary] A Huawei Hypervisor Vuln and More Memory Safety

111

[bounty] Remotely Controlling Hyundai and a League of Legends XSS

112

[binary] Patch Gaps and Apple Neural Engine Vulns

113

[bounty] Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage

114

[binary] Hacking Pixel Bootloaders and Injecting Bugs

115

[bounty] Racing Grafana, Stealing Mastadon Passwords, and Cross-Site Tracing

116

[binary] Exploiting Undefined Behavior and a Chrome UAF

117

[bounty] Bypassing Pixel Lock Screens and Checkmk RCE

118

[binary] OpenSSL Off-by-One, Java XML Bugs, and an In-the-Wild Samsung Chain

119

[bounty] Apache Batik, Static Site Generators, and an Android App Vuln

120

[binary] XNU's kalloc_type, Stranger Strings, and a NetBSD Bug

121

[bounty] A Galaxy Store Bug, Facebook CSRF, and Google IDOR

122

[binary] Edge Vulns, a SHA-3 Overflow, and an io_uring Exploit

123

[bounty] XMPP Stanza Smuggling in Jabber and a Cobalt Strike RCE

124

[binary] Some Browser Exploitation and a Format String Bug?

125

[bounty] GitHub to GitLab RCE and a new PHP Supply Chain Attack

126

[binary] i.MX Secure Boot Bypass and a Hancom Office Underflow

127

[bounty] Got UNIX Sockets and Some Filter Bypasses?

128

[binary] Pwning Scoreboards, uClibC, and PS5 Exploitation

129

[bounty] Akamai Cache Poisoning and a Chrome Universal XSS

130

[binary] SoCs with Holes, Crow HTTP Bugs, and Bypassing Intel CET

131

[bounty] Web3 Universal XSS, Breaking BitBucket, and WAF Bypasses

132

[binary] An iOS Bug, Attacking Titan-M, and MTE Arrives

133

[bounty] Reading GitLab Hidden HackerOne Reports and Golang Parameter Smuggling

134

[binary] Fuchsia OS, Printer Bugs, and Hacking Radare2

135

[bounty] A Zoom RCE, VMware Auth Bypass, and GitLab Stored XSS

136

[binary] Pwn2Own, Parallels Desktop, and an AppleAVD Bug

137

[bounty] Stealing DropBox Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability

138

[binary] Python 3 UAF and PS4/PS5 PPPoE Kernel Bug

139

[bounty] Deleting Rubygems, BIG-IP Auth Bypass, and a Priceline Account Takeover

140

[binary] Pwn2Owning Routers and Anker Eufy Bugs

141

[bounty] Cloudflare Pages, Hacking a Bank, and Attacking Price Oracles

142

[binary] NimbusPwn, a CLFS Vulnerability, and DatAFLow (Fuzzing)

143

[bounty] XSS for NFTs, a VMWare Workspace ONE UEM SSRF, and GitLab CI Container Escape

144

[binary] Getting into Vulnerability Research and a FUSE use-after-free

145

[bounty] A Struts RCE, Broken Java ECDSA (Psychic Signatures) and a Bad Log4Shell Fix

146

[binary] Another iOS Bug and Edge Chakra Exploitation

147

[bounty] Taking Over an Internal AWS Service and an Interesting XSS Vector

148

[binary] A subtle iOS parsing bug and a PHP use-after-free

149

[bounty] A Double-Edged SSRF, Pritunl VPN LPE, and a NodeBB Vuln

150

[binary] FORCEDENTRY Sandbox Escape and NetFilter Bugs

151

[bounty] Spring4Shell, PEAR Bugs, and GitLab Hardcoded Passwords

152

[binary] Pwning WD NAS, NetGear Routers, and Overflowing Kernel Pages

153

[bounty] GitLab Arbitrary File Read and Bypassing PHP's filter_var

154

[binary] Chrome Heap OOB Access and TLStorm

155

[bounty] DOMPDF XSS to RCE, Chrome Leaking Envrionment Vars, and cr8escape

156

[binary] A Windows UAF, Branch Prediction Bugs, and an io_uring Exploit

157

[bounty] Pascom RCE, AutoWarp, and a GKE Container Escape

158

[binary] Dirty Pipe and Analyzing Memory Tagging

159

[bounty] Facebook Exploits, pfSense RCE, and MySQLjs SQLi

160

[binary] ImageGear JPEG Vulns, NetFilter, and a LibCurl Memory Disclosure

161

[bounty] DynamicWeb RCE, VMWare Bugs, and Exploiting GitHub Actions

162

[binary] Zynq-7000 Secure Boot Bypass and Compiler-Created Bugs

163

[bounty] CoinDesk, Zabbix, and Leaking Secrets Through Mirrored Repos

164

[binary] Another Kernel TIPC Bug, MySQL, and Buggy Go

165

[bounty] Baby Monitor Bugs, Grafana, and Twitter De-anonymization

166

[binary] Fastly Infoleak, Samba OOB Access, and Pwning MacOS

167

[bounty] Hacking Google Drive Integrations and XSS Puzzles

168

[binary] PwnKit, a Win32k Type Confusion, and Binary Ninja 3.0

169

[bounty] Zoho Auth Bypass, a Bogus Bug, and Leaking Microsoft Bug Reports

170

[binary] NetUSB RCE, a Linux Kernel Heap Overflow, and an XNU Use-After-Free

171

[bounty] Bypassing Box MFA and Bad AES Key Generation

172

[binary] Pwning Camera and Overflowing your Integers

173

[bounty] Bad Code and Bad URLs

174

[Binary] Rooting Ubuntu By Accident and Samsung Kernel Bugs

175

[Bounty] RocketChat RCE, Flickr, and a Critical Smart Contract Bug

176

An Android Kernel Bug and a Chrome+Edge Bug [Binary Exploitation]

177

Log4j RCE coming to a service near you and uBlock CSS Injection [Bounty]

178

MediaTek, Yet Another Chrome Bug, and BigSig [Binary Exploitation]

179

Bypassing MFA, WebCache Poisoning, and AWS SageMaker [Bounty Hunting]

180

KVM Bugs and an iOS IOMFB Kernel Exploit [Binary Exploitation]

181

GitLab Prototype Pollution and Some Authentication Bypasses [Bounty Hunting]

182

Hacking Neural Nets, a Chrome WebRTC UAF and Pwning Windows [Binary Exploitation]

183

Big Bounties by Exploiting WebKit's CSP & Concrete CMS Bugs [Bounty Hunting]

184

DDR4 Rowhammer, Azure Bugs, "Essential 0days", and Backdoored IDA [Binary Exploitation]

185

Rust in the Web? A Special Guest and some Bad Crypto [Bounty Hunting]

186

A too trusty TrustZone and a few Linux Kernel bugs [Binary Exploitation]

187

A MacOS SIP Bypass & an XSS Fiesta [Bounty Hunting]

188

Type Confusion in Android NFC, PHP-FPM Local Privilege Escalation, and CallbackHell [Binary Exploitation]

189

Discourse SNS RCE, a Stored XSS in GitLab, and a Reddit Race Condition [Bug Hunting]

190

A Kernel Race, SuDump, and a Chrome Garbage Collector Bug [Exploit Dev/VR]

191

A Slack Attack and a MySQL Scientific Notation Bug [Bug Hunting]

192

WebKit Bugs, a Windows Race, and House of IO Improved [Exploit Dev/VR]

193

WebSocket Hijacking, GitHub review bypass and SQLi to RCE [Bug Hunting]

194

HyperKit Bugs & an Open5GS Stack Overflow [Binary Exploitation]

195

SharePoint RCE & an Apache Path Traversal [Bug Hunting]

196

Chrome Exploits and a Firefox Update Bug [Binary Exploitation]

197

Gatekeeper Bypass, Opera RCE, and Prototype Pollution [Bounty Hunting]

198

Kernel UAFs and a Parallels VM Escape [Binary Exploitation]

199

iOS 0days, Apache Dubbo RCEs, and NPM bugs [Bounty Hunting]

200

A Curl UAF, iPhone FORCEDENTRY, and a Crazy HP OMEN Driver [Binary Exploitation]

201

A Flickr CSRF, GitLab, & OMIGOD, Azure again? [Bounty Hunting]

202

NETGEAR smart switches, SpookJS, & Parallels Desktop [Binary Exploitation]

203

Reused VMWare exploits & Escaping Azure Container Instances [Bounty Hunting]

204

Escaping the Bhyve, WhatsApp, & BrakTooth [Binary Exploitation]

205

Takeover A Facebook, SnapChat or JetBrains Account [Bounty Hunting]

206

NoSQL Injection, Mobile Misconfigurations and a Wormable Windows Bug

207

Cross-Browser Tracking, Frag Attacks, and Malicious Rust Macros

208

Fake Vulns, More Valve, and an AWS Cognito issue

209

Defcon Quals, Dead μops, BadAllocs, Wordpress XXE

210

Bad Patches, Fuzzing Sockets, & 3DS Hacked by Super Mario

211

Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering

212

Pwn2own, Linux Kernel Exploits, and Malicious Mail

213

Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat

214

Google exposes an APT campaign, PHP owned, and Several Auth Issues

215

Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!

216

Hacking Cameras, Stealing Logins, and Breaking Git

217

Buggy Browsers, Heap Grooming, and Broken RSA?

218

BlackHat USA, Pre-Auth RCEs, and JSON Smuggling

219

PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking

220

Industrial Control Fails and a Package disguised in your own supply

221

MediaTek BootROM Broken, Free Coffee, and an iOS Kernel Exploit

222

OSED, North Korean hackers, NAT Slipstream 2.0, and PGP (in)security

223

Snooping YouTube History and Breaking State Machines

224

Breaking Lock Screens & The Great Vbox Escape

225

Universal Deserialization, Stealing Youtube Videos, and CTFs

226

Hacking Nintendo 3DS, Apple vs Corellium, and Android Bugs

227

Fireeye, PS4 exploit, and MacOS LPE

228

Rooting iOS, Hacking with cURL, and the end of Use-After-Free

229

Bad Blocklists, Legal News, and Windows Vulns

230

Jailbreaks, Stealing Playstation Accounts, and Automatic Exploit Generation

231

Hacking Voatz and Rooting Ubuntu

232

Pwn2Own, Tianfu Cup, and Other Hacks

233

A Look At OSEP, Hacking Metasploit and the Legal Risks of Research

234

Low-cost Penetration Testing, High Performance Fuzzing and Github RCEs

235

Some Discord, a Bad Neighbor and a BleedingTooth

236

Breaking into HashiCorp Vault, Apple and Google

237

Fingerprinting Exploit Devs, BLURtooth and Punking Punkbuster

238

Instagram Hacks, Half-life 1 Exploits, and Gaslighting Android

239

Bhyves and Evil LEDs (+Roulette)

240

Raccoons, Incomplete fixes and Kernel Exploits

241

Zoom E2E, 15 year old bugs, and killing 20 year old attacks

242

iOS 0days are worthless, PrintDemon, and a takeover of hackerone

243

Defcon is canceled, Microsoft was hacked, Rust has vulns

244

Auth Bypass, XSS, RCE and more

245

Relyze Decompiler, jQuery XSS, Sandbox Escaping and 0-Click Mail RCE

246

Binary Ninja's Decompiler, git credential leak, cross-platform LPEs

247

IDA...Go home, Sandboxie source, and some RCEs (TP-Link, Starcraft 1, OhMyZsh)

248

Zoom-ers, VM Escapes, and Pegasus Resurfaces

249

A shortcut (.lnk) to RCE, Pi-Hole, Shadow Stacks, and fine-grained kASLR

250

Pwn2Own Results, Voatz (again), some web-exploits and a code-reuse mitigation

251

How to Hack a CTF and more (LVI, TRRespass and some web-exploits)

252

FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

253

kr00k, GhostCat, and more issues from NordVPN, Samsung, OpenSMTPd

254

A Dark White-Hat hacker? and various vulns ft. Cisco, Periscope, NordVPN and Tesla/EyeQ

255

A New PWK/OSCP, Election Hacking, Kernel Exploits, and Fuzzing

256

Hack Twitter, WhatsApp and all your Cisco phones (CDPwn) ft. GhostKnight

257

OK Google, sudo ./hacktheplanet

258

Return of the Zombieload, Bezos Hacked, and other exploits

259

Project Verona, CurveBall, CableHaunt, and RCEs-a-plenty

260

SHA-mbles, Shitrix, Responsible Disclosure, and wtf is TikTok doing?

261

First Edge bounty, Hacking Tesla via Wi-Fi, Cisco advisories, and Shadow Clones

262

PlunderVolt, Real-World Bug Hunting, Presidents Cup CTF, SockPuppet and more

263

Permanent DoS, HackerOne Hacked, and Wide-OpenBSD

264

CWE Top 25, Hacking Anti-Viruses and Adversarial Machine Learning Attacks

265

What does the NSA say?

266

Election hacking, Kernel Security, MDS Attacks and Github's Security Lab

267

Rogue Employees, Lasers, Fuzzing, and an iOS Exploit (checkra1n)

268

A Bit of everything: 0days, Breaches, Lawsuits, Attacking AI, and some insecure

269

NordVPN Again, Snowden, CPDoS, a PHP-RCE, and some console hacking

270

Linux Exploits, Secure Credentials, Side-Channels and Election(SDK) hacking

271

When your errors have errors...

272

Exploits-galore iOS (checkm8), Android, Signal, Whatsapp, PHP and more

273

Offensive Security's OSWE/AWAE, Massive Security failures, and a handful of cool attacks

274

Intel has done it again, ft. Zombies, Cats, and Windows exploits

275

The Unhackable Morpheus chip and other exploit mitigations

276

Another CSG0-day, Ransomware? and a 36 year old vuln

277

Docker, Government Attacks, and Best Practices

278

Fun Malware, Fun AI Tricks, and General Fun

279

Compromises, Challenge Design, and 0days

280

CTFs, Backdoors, and Control Flow Integrity

281

RE Tools, Ethereum, and Plaintext Passwords

282

CSG0-Days, Exploit Mitigations, and Voting Systems

283

Zero-Days, Ghidra, and Questionable CVE's