Some Discord, a Bad Neighbor and a BleedingTooth
Day[0] - A podcast by dayzerosec
Categorie:
It has been a while since we had an exploit extravaganza but here we are. Several binary-level issues from Bad Neighbor on Windows to BleedingTooth on Linux, and several vulns in Qualcomm SoCs, even a Discord RCE. [00:00:57] Introducing Edge Vulnerability Research [00:06:57] Cache Partitioning in Chrome [00:10:29] Magma: A Ground-Truth Fuzzing Benchmark [00:25:27] "Bits Please!" - CVE-2020-16938 [00:29:50] ContainerDrip [CVE-2020-15157] [00:40:01] Discord Desktop app RCE [00:52:34] Time Based SQLi via referrer header https://www.fedscoop.com/hack-the-army-2-results/ [00:57:35] PyYAML 0day [01:09:24] Phantom of the ADAS [01:15:03] Rollback Attack in Mozilla Maintenance Service [01:19:33] Glitching The MediaTek BootROM [01:25:05] AssaultCube RCE: Technical Analysis [01:32:27] CVE-2020-12928 - Privilege Escalation in AMD Ryzen Master [01:35:38] Major Vulnerabilities in Qualcomm QCMAP [01:42:58] Bad Neighbor - RCE in Windows ICMPv6 Router Advertisement [01:51:16] DOS2RCE: A New Technique to Exploit V8 NULL Pointer Dereference Bug (see: https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers) [01:56:34] BleedingTooth - Linux Bluetooth Zero-Click RCE https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649 [02:07:25] shmdt doesn't check the tag of pointers [02:12:29] Security Analysis of the CHERI ISA [02:13:18] Evading defences using VueJS script gadgets [02:14:32] Sega Master System Architecture - A Practical Analysis [02:14:52] IPC scripts for access to Intel CRBUS Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on