A New PWK/OSCP, Election Hacking, Kernel Exploits, and Fuzzing

Is the new OSCP worth-it? Can election apps be made secure? We'll talk about those questions and several kernel exploits and a few cool fuzzing innovations.

• [00:00:23] PWK and the OSCP Certification | Offensive Security


• [00:16:24] Rescheduling Root KSK Ceremony 40


• [00:20:15] The Ballot is Busted Before the Blockchain:A Security Analysis of Voatz


• https://blog.voatz.com/?p=1209


• [00:49:26] Lateral movement via MSSQL: a tale of CLR and socket reuse


• [00:55:51] Fix for CVE-2018-12122 can be bypassed via keep-alive requests


• [01:00:28] A Trivial Privilege Escalation Bug in Windows Service Tracing (CVE-2020-0668)


• https://googleprojectzero.blogspot.com/2018/08/windows-exploitation-tricks-exploiting.html


• [01:05:01] Intel CSME Escalation of Privilege


• [01:07:41] Project Zero: A day^W^W Several months in the life of Project Zero


• [01:18:54] Project Zero: Mitigations are attack surface, too


• https://packetstormsecurity.com/files/156316/Samsung-Kernel-PROCA-Use-After-Free-Double-Free.html


• [01:33:42] Samsung SEND_FILE_WITH_HEADER Use-After-Free


• [01:35:52] Samsung /dev/tsmux Heap Out-Of-Bounds Write


• [01:39:55] Exploiting a Linux kernel vulnerability in the V4L2 subsystem (CVE-2019-18683)


• [01:45:10] KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities


• [01:54:06] HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing


• [01:58:14] HYPER-CUBE: High-Dimensional Hypervisor Fuzzing


• [02:02:21] FIDO2 Deep Dive: Attestations, Trust model and Security


• [02:03:04] Hypervisor Necromancy; Reanimating Kernel Protectors

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])