Artwork

Content provided by dayzerosec. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by dayzerosec or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

A Windows Keyhole and Buggy OAuth

27:13
 
Share
 

Manage episode 453213813 series 2606557
Content provided by dayzerosec. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by dayzerosec or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypass.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/265.html

[00:00:00] Introduction

[00:00:16] Attacking Hypervisors From KVM to Mobile Security Platforms

[00:02:30] Keyhole

[00:10:12] Drilling the redirect_uri in OAuth

[00:18:00] Cross-Site POST Requests Without a Content-Type Header

[00:24:03] New AMSI Bypss Technique Modifying CLR.DLL in Memory

Podcast episodes are available on the usual podcast platforms:

-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

-- Other audio platforms can be found at https://anchor.fm/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9

  continue reading

281 episodes

Artwork

A Windows Keyhole and Buggy OAuth

Day[0]

42 subscribers

published

iconShare
 
Manage episode 453213813 series 2606557
Content provided by dayzerosec. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by dayzerosec or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypass.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/265.html

[00:00:00] Introduction

[00:00:16] Attacking Hypervisors From KVM to Mobile Security Platforms

[00:02:30] Keyhole

[00:10:12] Drilling the redirect_uri in OAuth

[00:18:00] Cross-Site POST Requests Without a Content-Type Header

[00:24:03] New AMSI Bypss Technique Modifying CLR.DLL in Memory

Podcast episodes are available on the usual podcast platforms:

-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

-- Other audio platforms can be found at https://anchor.fm/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9

  continue reading

281 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide

Listen to this show while you explore
Play