iOS 0days are worthless, PrintDemon, and a takeover of hackerone

Are iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0].

• [00:00:52] [UPDATE] Huawei HKSP Introduces Trivially Exploitable Vulnerability
  
  • https://github.com/cloudsec/aksp/blob/master/hksp.patch
  
  
• [00:11:59] iOS one-click chains prices likely to drop
  
  • https://www.hackasat.com/
  
  
• [00:33:30] Defcon Quals 2020
  
  • https://hxp.io/blog/72/DEFCON-CTF-Quals-2020-notbefoooled/
  
  
• [00:46:33] vBulletin 5.6.1 SQL Injection
  
• [00:52:52] Subdomain takeover of resources.hackerone.com
  
• [01:01:11] MyLittleAdmin PreAuth RCE
  
• [01:06:13] DOM-Based XSS at accounts.google.com by Google Voice Extension.
  
• [01:16:47] Playing with GZIP: RCE in GLPI [CVE-2020-11060]
  
• [01:36:24] Reverse RDP - The Path Not Taken
  
• [01:44:19] PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth [CVE-2020-1048]
  
  • https://twitter.com/VbScrub/status/1260598344650539009
  
  
• [01:53:34] Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently
  
• [02:00:29] Cloud WAF Comparison Using Real-World Attacks
  
  • https://medium.com/fraktal/cloud-waf-comparison-part-2-e6e2d25f558c
  
  
  • https://en.wikipedia.org/wiki/Server_Side_Includes
  
  
• [02:18:20] Fuzzing TLS certificates from their ASN.1 grammar
  
• [02:22:25] DHS CISA and FBI share list of top 10 most exploited vulnerabilities
  

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])