OSED, North Korean hackers, NAT Slipstream 2.0, and PGP (in)security

Starting with a long discussion about the North Korean hackers targeting security reseachers, and some thoughts (rants) about the newly released Windows exploit dev course from Offensive Security before getting into some real exploits including NAT Slipstreaming 2.0 and a new Sudo vuln. [00:00:52] About the security content of iOS 14.4 and iPadOS 14.4 https://support.apple.com/en-us/HT212146 [00:02:42] New campaign targeting security researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/https://twitter.com/pwn_expoit/status/1354024291398950913https://twitter.com/chris_salls/status/1353989045617975297 [00:44:45] New Exploit Dev Course: EXP-301 https://www.offensive-security.com/offsec/new-course-exp301/https://wargames.ret2.systems/ [01:04:53] Linksys WRT160NL – Authenticated Command Injection [CVE-2021-25310] https://research.nccgroup.com/2021/01/28/technical-advisory-linksys-wrt160nl-authenticated-command-injection-cve-2021-25310/ [01:07:13] Vulnerabilities within TikTok Friend-Finder https://research.checkpoint.com/2021/tiktok-fixes-privacy-issue-discovered-by-check-point-research/ [01:14:07] BitLocker touch-device lockscreen bypass https://secret.club/2021/01/29/touch-lockscreen-bypass.html [01:20:53] NAT Slipstreaming v2.0 https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/https://samy.pl/slipstream/ [01:26:35] [Security fix] Libgcrypt 1.9.1 released https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.htmlhttps://dev.gnupg.org/rC512c0c75276949f13b6373b5c04f7065af750b08 [01:30:44] Baron Samedit: Heap-based buffer overflow in Sudo [CVE-2021-3156] https://www.openwall.com/lists/oss-security/2021/01/26/3https://github.com/sudo-project/sudo/commit/1f8638577d0c80a4ff864a2aad80a0d95488e9a8https://github.com/lockedbyte/CVE-Exploits/tree/master/CVE-2021-3156 [01:44:49] Exploiting a “Simple” Vulnerability – Part 1.5 – The Info Leak https://windows-internals.com/exploiting-a-simple-vulnerability-part-1-5-the-info-leak/ [01:50:53] Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref https://www.thezdi.com/blog/2021/1/27/zdi-can-12671-windows-kernel-dosprivilege-escalation-via-a-null-pointer-deref [01:56:31] XS-Leaks in redirect flows https://docs.google.com/presentation/d/1rlnxXUYHY9CHgCMckZsCGH4VopLo4DYMvAcOltma0og/edit#slide=id.g63e29d5a06_0_0 [02:02:13] Keeping your GitHub Actions and workflows secure: Untrusted input https://securitylab.github.com/research/github-actions-untrusted-input [02:08:04] iOS Security Tutorial - Patching ASLR in the Kernel https://www.youtube.com/watch?v=Gszvbi8AU68 [02:08:58] Project Zero: A Look at iMessage in iOS 14 https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html [02:09:37] Effectively Fuzzing the IPC Layer in Firefox https://blog.mozilla.org/attack-and-defense/2021/01/27/effectively-fuzzing-the-ipc-layer-in-firefox/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on

Om Podcasten

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.