42 subscribers
Go offline with the Player FM app!
Podcasts Worth a Listen
SPONSORED


1 The Secret To Getting Inspired: Millie Bobby Brown & Chris Pratt Go Behind The Scenes 21:04
A Windows Keyhole and Buggy OAuth
Manage episode 453213813 series 2606557
A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypass.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/265.html
[00:00:00] Introduction
[00:00:16] Attacking Hypervisors From KVM to Mobile Security Platforms
[00:02:30] Keyhole
[00:10:12] Drilling the redirect_uri in OAuth
[00:18:00] Cross-Site POST Requests Without a Content-Type Header
[00:24:03] New AMSI Bypss Technique Modifying CLR.DLL in Memory
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
281 episodes
Manage episode 453213813 series 2606557
A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypass.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/265.html
[00:00:00] Introduction
[00:00:16] Attacking Hypervisors From KVM to Mobile Security Platforms
[00:02:30] Keyhole
[00:10:12] Drilling the redirect_uri in OAuth
[00:18:00] Cross-Site POST Requests Without a Content-Type Header
[00:24:03] New AMSI Bypss Technique Modifying CLR.DLL in Memory
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
281 episodes
All episodes
×![Day[0] podcast artwork](/static/images/64pixel.png)
1 Mitigating Browser Hacking - Interview with John Carse (SquareX Field CISO) 1:46:57
![Day[0] podcast artwork](/static/images/64pixel.png)
1 Pulling Gemini Secrets and Windows HVPT 1:33:22
![Day[0] podcast artwork](/static/images/64pixel.png)
1 Session-ception and User Namespaces Strike Again 49:36
![Day[0] podcast artwork](/static/images/64pixel.png)
1 Extracting YouTube Creator Emails and Spilling Azure Secrets 44:04
![Day[0] podcast artwork](/static/images/64pixel.png)
1 ESP32 Backdoor Drama and SAML Auth Bypasses 1:14:08
![Day[0] podcast artwork](/static/images/64pixel.png)
1 Exploiting Xbox 360 Hypervisor and Microcode Hacking 1:19:05
![Day[0] podcast artwork](/static/images/64pixel.png)
1 Path Confusion and Mixing Public/Private Keys 59:34
![Day[0] podcast artwork](/static/images/64pixel.png)
1 ZDI's Triaging Troubles and LibreOffice Exploits 57:02
![Day[0] podcast artwork](/static/images/64pixel.png)
1 Recycling Exploits in MacOS and Pirating Audiobooks 1:17:06
![Day[0] podcast artwork](/static/images/64pixel.png)
1 Top 10 Web Hacking Techniques and Windows Shadow Stacks 1:12:42
![Day[0] podcast artwork](/static/images/64pixel.png)
1 Unicode Troubles, Bypassing CFG, and Racey Pointer Updates 41:29
![Day[0] podcast artwork](/static/images/64pixel.png)
1 Deanonymization with CloudFlare and Subaru's Security Woes 1:07:35
![Day[0] podcast artwork](/static/images/64pixel.png)
![Day[0] podcast artwork](/static/images/64pixel.png)
![Day[0] podcast artwork](/static/images/64pixel.png)
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.