Fake Vulns, More Valve, and an AWS Cognito issue
Day[0] - A podcast by dayzerosec
Categorie:
Kicking off the week with some awesome vulns, an "almost" padding oracle in Azure Functions, a race-condition in AWS Cognito, some sound engine bugs, and a Foxit Reader Use-after-free. [00:00:52] Arbitrary Code Execution in the Universal Turing Machine [CVE-2021-32471] Our discussion of this topic was probably a bit premature and there does seem to be a bit more to it than the title implied. Still no real-world impact, but a bit more interesting of situation none-the-less. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471 https://arxiv.org/abs/2105.02124 [00:03:18] Detecting and annoying Burp users https://dustri.org/b/detecting-and-annoying-burp-users.html https://www.youtube.com/watch?v=I3pNLB3Cq24 [00:08:08] Enabling Hardware-enforced Stack Protection (cetcompat) in Chrome https://security.googleblog.com/2021/05/enabling-hardware-enforced-stack.html [00:13:00] Password reset code brute-force vulnerability in AWS Cognito https://www.pentagrid.ch/en/blog/password-reset-code-brute-force-vulnerability-in-AWS-Cognito/ [00:16:52] ASUS GT-AC2900 Authentication Bypass [CVE-2021-32030] https://www.atredis.com/blog/2021/4/30/asus-authentication-bypass [00:20:10] The False Oracle - Azure Functions Padding Oracle Issue https://polarply.medium.com/the-false-oracle-azure-functions-padding-oracle-issue-2025e0e6b8a [00:25:30] How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html [00:38:01] Workplace by Facebook | Unauthorized access to companies environment https://mvinni.medium.com/workplace-by-facebook-unauthorized-access-to-companies-environment-27-5k-a593a57092f1 [00:42:39] Exploiting the Source Engine (Part 2) - Full-Chain Client RCE in Source using Frida https://ctf.re//source-engine/exploitation/2021/05/01/source-engine-2/ https://phoenhex.re/2018-08-26/csgo-fuzzing-bsp [00:53:11] [Valve] OOB reads in network message handlers leads to RCE https://hackerone.com/reports/807772 [01:01:07] Security probe of Qualcomm MSM data services https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ [01:05:17] Foxit Reader FileAttachment annotation use-after-free vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2021-1287 [01:09:45] Attack llvmpipe Graphics Driver from Chromium https://insinuator.net/2021/05/attack-llvmpipe-graphics-driver-from-chromium/ [01:16:00] Privilege Escalation Via a Use After Free Vulnerability In win32k [CVE-2021-26900] https://www.zerodayinitiative.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k [01:26:25] 21Nails: Multiple vulnerabilities in Exim https://www.qualys.com/2021/05/04/21nails/21nails.txt [01:27:22] nRF52 Debug Resurrection (APPROTECT Bypass) https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/ [01:28:56] Capture The Flag - Discussion Video https://www.youtube.com/watch?v=4u5MDsIfQM8 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)