IDA...Go home, Sandboxie source, and some RCEs (TP-Link, Starcraft 1, OhMyZsh)
Day[0] - A podcast by dayzerosec
Categorie:
Starting off the week with a discussion about the disappointing IDA Home, before moving into a few easy command injections, code-reuse attacks applied to XSS, detecting trojaned hardware and ending with a subtle crypto-bug.
- [00:00:45] DAY[0] Episode Transcripts now Available
- [00:02:53] Microsoft Buys Corp.com to Keep It Safe from Hackers (Over $1.7 Million Deal)
- [00:05:42] Hack for Good: Easily Donate Bounties to WHO’s COVID-19 Response Fund
- [00:10:55] RetDec v4.0 is out
- [00:17:33] IDA Home is coming
- [00:33:44] Sandboxie Open Source Code is available
- [00:38:01] Exploiting the TP-Link Archer A7
- [00:46:50] Exploiting the Starcraft 1 EUD Bug
- [00:51:23] OhMyZsh dotenv Remote Code Execution
- [00:56:19] Symantec Web Gateway 5.0.2.8 Remote Code Execution
- [00:59:15] VMware vCenter Server Sensitive Information Disclosure [CVE-2020-3952]
- [01:01:39] Bypassing modern XSS mitigations with code-reuse attacks
- [01:07:49] Practical Data Poisoning Attack against Next-Item Recommendation
- [01:11:40] Hardware Trojan Detection Using Controlled Circuit Aging
- [01:16:18] A "Final" Security Bug
- [01:27:05] RCEed version of computer malware / rootkit MyRTUs / Stuxnet.
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@DAY[0])