Pwn2Own Results, Voatz (again), some web-exploits and a code-reuse mitigation

More discussion about election hacking with Voatz undergoing a more complete security assessment, we also discuss a few interesting web attacks and end with a good discussion about a new code-reuse mitigation: Hurdle.

• [00:00:20] Learn Exploit Development While Not Dying
  
• [00:02:10] Exploit Education
  
• [00:07:32] Pwn2Own Results
  
  • https://www.zerodayinitiative.com/blog/2020/3/19/pwn2own-2020-day-one-results
  
  
• [00:16:19] DEF CON CTF 2020 QUALS COVID-19 DELAY
  
• [00:22:30] Software Engineer - Jobs at Apple
  
• [00:30:56] Tesla Model 3 Denial of Service Vulnerability [CVE-2020-10558]
  
• [00:36:26] Trail of Bits - Voatz Security Review
  
• [01:01:49] XXE-scape through the front door: circumventing the firewall with HTTP request smuggling
  
• [01:08:12] Don't Clone That Repo: Visual Studio Code^2 Execution
  
  • https://github.com/doyensec/VSCode_PoC_Oct2019/
  
  
  • https://github.com/doyensec/VSCode_PoC_Oct2019/blob/master/.vscode/settings.json
  
  
  • https://github.com/doyensec/VSCode_PoC_Oct2019/commit/19b4687259bd5d1821525a3ebbe6aa76618359c3#diff-62b00de1d62bb867ef03dec7057712f1R50
  
  
• [01:14:22] [Hacker101] Race Condition leads to undeletable group member
  
• [01:19:58] JavaScript without parentheses using DOMMatrix
  
  • https://portswigger.net/web-security/cross-site-scripting/contexts/lab-javascript-url-some-characters-blocked
  
  
• [01:24:21] Hurdle: Securing Jump Instructions Against Code Reuse Attacks
  
  • https://www.youtube.com/watch?v=qFWTZ2zZ1XQ
  
  
  • http://se.ri0.us/2020-03-23-110829182-9e1b1.png
  
  

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])