Industrial Control Fails and a Package disguised in your own supply

"Beg Bounty" hunters, dependency confusion, iOS kernel vuln, and how not to respond to security research. [00:00:59] Florida Water Treatment Facility Hacked https://twitter.com/Bing_Chris/status/1358873543623274499 [00:09:19] Have a domain name? "Beg bounty" hunters may be on their way https://news.sophos.com/en-us/2021/02/08/have-a-domain-name-beg-bounty-hunters-may-be-on-their-way/amp/ [00:20:14] FootFallCam and MetaTechnology Drama https://twitter.com/_MG_/status/1359582048260743169 [00:28:33] Telegram privacy fails [CVE-2021-27204] [CVE-2021-27205] https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html [00:36:43] Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 [00:44:33] Exploiting a Second-Order SQL Injection in LibreNMS [CVE-2020-35700] https://www.horizon3.ai/disclosures/librenms-second-order-sqli [00:50:46] Swarm of Palo Alto PAN-OS vulnerabilities https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/ [00:56:25] Advantech iView Missing Authentication RCE [CVE-2021-22652] https://blog.rapid7.com/2021/02/11/cve-2021-22652-advantech-iview-missing-authentication-rce-fixed/ [01:02:30] Windows kernel zero-day exploit [CVE-2021-1732] https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/ [01:08:50] Analysis and exploitation of the iOS kernel vulnerability [CVE-2021-1782] https://www.synacktiv.com/publications/analysis-and-exploitation-of-the-ios-kernel-vulnerability-cve-2021-1782 [01:20:10] Misusing Service Workers for Privacy Leakage https://www.ndss-symposium.org/ndss-paper/awakening-the-webs-sleeper-agents-misusing-service-workers-for-privacy-leakage/ [01:27:53] security things in Linux v5.8 https://outflux.net/blog/archives/2021/02/08/security-things-in-linux-v5-8/ [01:40:42] Linux Heap Exploitation - Part 2 https://www.udemy.com/course/linux-heap-exploitation-part-2/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Om Podcasten

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.