A Dark White-Hat hacker? and various vulns ft. Cisco, Periscope, NordVPN and Tesla/EyeQ

Keeping up our streak, we talk about some vulnerabilities in Cisco, NordVPN and Tesla, and about SlickWraps being hacked by a very dark, white-hat.

• [00:02:32] Humble Book Bundle: Cybersecurity 2020 by Wiley


• [00:11:31] Google Summer of Code 2020


• https://radare.org/gsoc/2020/


• [00:23:01] Critical Issue In ThemeGrill Demo Importer


• [00:28:48] Cisco Security Advisory: Cisco Smart Software Manager On-Prem Static Default Credential Vulnerability


• [00:32:19] nordvpn Linux Desktop executable application does not use pie / no ASLR


• [00:40:57] Race condition (TOCTOU) in NordVPN can result in local privilege escalation


• [00:49:17] Periscope android app deeplink leads to CSRF in follow action


• [00:54:01] I hacked SlickWraps. This is how. - Lynx0x00 - Medium


• https://little-canada.org/pdf/web/viewer.html?file=fxn9r2.pdf


• [01:10:23] Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles


• [01:18:31] Edge CVE-2020-0767 RCE POC


• [01:22:02] GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath


• [01:28:37] CopyCat: Controlled Instruction-Level Attacks on Enclaves for Maximal Key Extraction


• [01:37:31] MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing


• [01:49:36] pwn.college BETA


• [01:53:17] Microcontroller Readback Protection: Bypasses and Defenses


• [01:54:00] Libxml2 Tutorial | AFLplusplus


• [01:56:06] Booting iOS on QEMU Research Slides


• https://github.com/alephsecurity/confs/blob/master/OFFENSIVE20/offensive-20-ios-qemu.pdf


• https://github.com/alephsecurity/xnu-qemu-arm64

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])