Breaking Lock Screens & The Great Vbox Escape
Day[0] - En podcast af dayzerosec
Kategorier:
Several lockscreen-related vulnerabilities this week, a cross-site leak, and the hijacking of all .cd domains. One important thing to mention about this weeks episode that was neglected during the discussion is that the BitLocker Lockscreen Bypass is a lockscreen bypass. It does not necessarily provide access to data Bitlocker protects. If Bitlocker is being run in "transparent operation mode" where the ability to login is all that is necessary to decrypt data, then this vulnerability can grant access to encrypted data. [00:00:00] Introduction https://dayzerosec.com/ [00:00:59] Slayer Labs https://slayerlabs.com/ [00:12:03] BugTraq Shutdown https://seclists.org/bugtraq/2021/Jan/0 [00:17:22] Data Security on Mobile Devices https://securephones.io/ [00:27:08] Running a fake power plant on the internet for a month https://grimminck.medium.com/running-a-fake-power-plant-on-the-internet-for-a-month-4a624f685aaa [00:33:43] BitLocker Lockscreen bypass https://secret.club/2021/01/15/bitlocker-bypass.html [00:39:30] [Linux Mint] Screensaver lock by-pass via the virtual keyboard https://github.com/linuxmint/cinnamon-screensaver/issues/354 [00:43:02] [NextCloud] Bypassing Passcode/Device credentials https://hackerone.com/reports/747726 [00:51:02] How I hijacked the top-level domain of a sovereign state https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/ [01:00:28] Laravel <= v8.4.2 debug mode: Remote code execution https://www.ambionics.io/blog/laravel-debug-rce [01:05:47] Leaking silhouettes of cross-origin images https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/ [01:10:36] Escaping VirtualBox 6.1: Part 1 https://secret.club/2021/01/14/vbox-escape.html [01:17:15] Hunting for Bugs in Windows Mini-Filter Drivers https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html [01:18:33] Project Zero: Introducing the In-the-Wild Series https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)