![Day[0] podcast artwork](/static/images/256pixel.png){kind=tracking}
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Player FM - Internet Radio Done Right
42 subscribers
Checked 5d ago
Added five years ago
Content provided by dayzerosec. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by dayzerosec or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Day[0]
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
T
There’s a Better Way: Smart Talk on Healthcare and Technology
1
There’s a Better Way: Smart Talk on Healthcare and Technology
Surescripts
12k
30
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Big tech is transforming every aspect of our world. But how, and at what cost? This season of Land of the Giants – The Disney Dilemma – focuses on Disney’s ability to weather the ups and downs of the business cycle and changing tastes and explores what has kept it successful for over 100 years. The entertainment giant has leveraged nostalgia and its intellectual property to build a beloved brand, but after an acquisition spree that included Marvel, Lucasfilm, and 20th Century Fox, can it sus ...
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k341
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
[bounty] A PHP and Joomla Bug and some DOM Clobbering
Manage episode 403439715 series 2606557
Content provided by dayzerosec. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by dayzerosec or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
This week's episode features a cache deception issue, Joomla inherits a PHP bug, and a DOM clobbering exploit. Also covered is a race condition in Chrome's extension API published by project zero.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/245.html
[00:00:00] Introduction
[00:00:21] Cache Deception Without Path Confusion
[00:07:15] Hello Lucee! Let us hack Apple again?
[00:14:41] Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
[00:26:37] Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild
[00:38:23] chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to racy access check
[00:42:28] 🎮 Diving Back into Games-related Bugs!
[00:44:43] Exploiting Empire C2 Framework
[00:46:19] iMessage with PQ3: The new state of the art in quantum-secure messaging at scale
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
282 episodes
ShareManage episode 403439715 series 2606557
Content provided by dayzerosec. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by dayzerosec or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
This week's episode features a cache deception issue, Joomla inherits a PHP bug, and a DOM clobbering exploit. Also covered is a race condition in Chrome's extension API published by project zero.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/245.html
[00:00:00] Introduction
[00:00:21] Cache Deception Without Path Confusion
[00:07:15] Hello Lucee! Let us hack Apple again?
[00:14:41] Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
[00:26:37] Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild
[00:38:23] chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to racy access check
[00:42:28] 🎮 Diving Back into Games-related Bugs!
[00:44:43] Exploiting Empire C2 Framework
[00:46:19] iMessage with PQ3: The new state of the art in quantum-secure messaging at scale
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
282 episodes
All episodes
×
D
Day[0]
A quick episode this week, which includes attacking VS Code with ASCII control characters, as well as a referrer leak and SCIM hunting. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/282.html [00:00:00] Introduction [00:00:57] Attacking Hypervisors - Training Update [00:06:20] Drag and Pwnd: Leverage ASCII characters to exploit VS Code [00:12:12] Full Referer URL leak through img tag [00:17:52] SCIM Hunting - Beyond SSO [00:25:17] Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Mitigating Browser Hacking - Interview with John Carse (SquareX Field CISO) 1:46:57
1:46:57 
Play Later 
Play Later 
Lists 
Like 
Liked1:46:57
Play Later Play Later Lists Like LikedA special episode this week, featuring an interview with John Carse, Chief Information Security Officer (CISO) of SquareX. John speaks about his background in the security industry, grants insight into attacks on browsers, and talks about the work his team at SquareX is doing to detect and mitigate browser-based attacks.…
D
Day[0]
1 Pulling Gemini Secrets and Windows HVPT 1:33:22
1:33:22 Play Later Play Later Lists Like Liked1:33:22
Play Later Play Later Lists Like LikedA long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Windows new Hypervisor-enforced Paging Translation (HVPT). Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/280.html [00:00:00] Introduction [00:00:18] Doing the Due Diligence - Analyzing the Next.js Middleware Bypass [CVE-2025-29927] [00:29:20] We hacked Google’s A.I Gemini and leaked its source code (at least some part) [00:44:40] Improper Use of Private iOS APIs in some Vietnamese Banking Apps [00:55:03] Protecting linear address translations with Hypervisor-enforced Paging Translation (HVPT) [01:06:57] Code reuse in the age of kCET and HVCI [01:13:02] GhidraMCP: LLM Assisted RE [01:31:45] Emulating iOS 14 with qemu Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Session-ception and User Namespaces Strike Again 49:36
49:36 Play Later Play Later Lists Like Liked49:36
Play Later Play Later Lists Like LikedAPI hacking and bypassing Ubuntu's user namespace restrictions feature in this week's episode, as well as a bug in CimFS for Windows and revisiting the infamous NSO group WebP bug. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/279.html [00:00:00] Introduction [00:00:28] Next.js and the corrupt middleware: the authorizing artifact [00:06:15] Pwning Millions of Smart Weighing Machines with API and Hardware Hacking [00:20:37] oss-sec: Three bypasses of Ubuntu's unprivileged user namespace restrictions [00:32:10] CimFS: Crashing in memory, Finding SYSTEM (Kernel Edition) [00:43:18] Blasting Past Webp [00:47:50] We hacked Google’s A.I Gemini and leaked its source code (at least some part) Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Extracting YouTube Creator Emails and Spilling Azure Secrets 44:04
44:04 Play Later Play Later Lists Like Liked44:04
Play Later Play Later Lists Like LikedThis episode features some game exploitation in Neverwinter Nights, weaknesses in mobile implementation for PassKeys, and a bug that allows disclosure of the email addresses of YouTube creators. We also cover some research on weaknesses in Azure. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/278.html [00:00:00] Introduction [00:00:35] Exploiting Neverwinter Nights [00:08:48] PassKey Account Takeover in All Mobile Browsers [CVE-2024-9956] [00:22:51] Disclosing YouTube Creator Emails for a $20k Bounty [00:31:58] Azure’s Weakest Link? How API Connections Spill Secrets [00:39:02] SAML roulette: the hacker always wins [00:40:56] Compromise of Fuse Encryption Key for Intel Security Fuses Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 ESP32 Backdoor Drama and SAML Auth Bypasses 1:14:08
1:14:08 Play Later Play Later Lists Like Liked1:14:08
Play Later Play Later Lists Like LikedDiscussion this week starts with the ESP32 "backdoor" drama that circled the media, with some XML-based vulnerabilities in the mix. Finally, we cap off with a post on reviving modprobe_path for Linux exploitation, and some discussion around an attack chain against China that was attributed to the NSA. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/277.html [00:00:00] Introduction [00:00:25] The ESP32 "backdoor" that wasn't [00:14:26] Speedrunners are vulnerability researchers [00:27:58] Sign in as anyone: Bypassing SAML SSO authentication with parser differentials [00:38:47] Impossible XXE in PHP [00:52:41] Reviving the modprobe_path Technique: Overcoming search_binary_handler() Patch [01:04:15] Trigon: developing a deterministic kernel exploit for iOS [01:06:43] An inside look at NSA (Equation Group) TTPs from China’s lense Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Exploiting Xbox 360 Hypervisor and Microcode Hacking 1:19:05
1:19:05 Play Later Play Later Lists Like Liked1:19:05
Play Later Play Later Lists Like LikedA very technical episode this week, featuring some posts on hacking the xbox 360 hypervisor as well as AMD microcode hacking. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/276.html [00:00:00] Introduction [00:00:15] Reversing Samsung's H-Arx Hypervisor Framework - Part 1 [00:10:34] Hacking the Xbox 360 Hypervisor Part 1: System Overview [00:21:18] Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit [00:30:48] Zen and the Art of Microcode Hacking [00:41:51] A very fancy way to obtain RCE on a Solr server [01:03:49] Cellebrite zero-day exploit used to target phone of Serbian student activist [01:16:03] When NULL isn't null: mapping memory at 0x0 on Linux Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Path Confusion and Mixing Public/Private Keys 59:34
59:34 Play Later Play Later Lists Like Liked59:34
Play Later Play Later Lists Like LikedThis week's episode features a variety of vulnerabilities, including a warning on mixing up public and private keys in OpenID Connect deployments, as well as path confusion with an nginx+apache setup. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/275.html [00:00:00] Introduction [00:19:00] The OOB Read zi Introduced [00:16:55] Mixing up Public and Private Keys in OpenID Connect deployments [00:22:51] Nginx/Apache Path Confusion to Auth Bypass in PAN-OS [CVE-2025-0108] [00:31:50] Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain [00:44:14] Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 3 [00:48:48] GigaVulnerability: readout protection bypass on GigaDevice GD32 MCUs [00:56:57] Attempted Research in PHP Class Pollution Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 ZDI's Triaging Troubles and LibreOffice Exploits 57:02
57:02 Play Later Play Later Lists Like Liked57:02
Play Later Play Later Lists Like LikedWe discuss an 0day that was dropped on Parallels after 7 months of no fix from the vendor, as well as ZDI's troubles with responses to researchers and reproducing bugs. Also included are a bunch of filesystem issues, and an insanely technical linux kernel exploit chain. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/274.html [00:00:00] Introduction [00:00:12] Training: Attacking Hypervisors [00:01:03] Dropping a 0 day: Parallels Desktop Repack Root Privilege Escalation [00:24:48] From Convenience to Contagion: The Half-Day Threat and Libarchive Vulnerabilities Lurking in Windows 11 [00:30:19] Exploiting LibreOffice [CVE-2024-12425, CVE-2024-12426] [00:46:47] Patch-Gapping the Google Container-Optimized OS for $0 Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Recycling Exploits in MacOS and Pirating Audiobooks 1:17:06
1:17:06 Play Later Play Later Lists Like Liked1:17:06
Play Later Play Later Lists Like LikedWe cover a comical saga of vulnerabilities and variants from incomplete fixes in macOS, as well as a bypass of Chrome's miraclePtr mitigation against Use-After-Frees (UAFs). We also discuss an attack that abuses COM hijacking to elevate to SYSTEM through AVG Antivirus, and a permissions issue that allows unauthorized access to DRM'd audiobooks. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/273.html [00:00:00] Introduction [00:00:23] Attacking Hypervisors From KVM to Mobile Security Platforms [00:01:35] Endless Exploits: The Saga of a macOS Vulnerability Struck Nine Times [00:11:02] The Most "Golden" Bypass of 2024 [00:44:55] Leaking the email of any YouTube user for $10,000 [01:11:52] Unmasking Cryptographic Risks: A Deep Dive into the Nym Audit w/ Nadim Kobeissi Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Top 10 Web Hacking Techniques and Windows Shadow Stacks 1:12:42
1:12:42 Play Later Play Later Lists Like Liked1:12:42
Play Later Play Later Lists Like LikedIn this episode, we discuss the US government discloses how many 0ds were reported to vendors in a first-ever report. We also cover PortSwigger's top 10 web hacking techniques of 2024, as well as a deep dive on how kernel mode shadow stacks are implemented on Windows by Connor McGarr. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/272.html [00:00:00] Introduction [00:01:50] U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report [00:19:54] What Okta Bcrypt incident can teach us about designing better APIs [00:40:08] Top 10 web hacking techniques of 2024 [00:55:03] Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows [01:06:11] Accidentally uncovering a seven years old vulnerability in the Linux kernel Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Unicode Troubles, Bypassing CFG, and Racey Pointer Updates 41:29
41:29 Play Later Play Later Lists Like Liked41:29
Play Later Play Later Lists Like LikedOn the web side, we cover a portswigger post on ways of abusing unicode mishandling to bypass firewalls and a doyensec guide to OAuth vulnerabilities. We also get into a Windows exploit for a use-after-free in the telephony service that bypasses Control Flow Guard, and a data race due to non-atomic writes in the macOS kernel. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/271.html [00:00:00] Introduction [00:00:22] Bypassing character blocklists with unicode overflows [00:06:53] Common OAuth Vulnerabilities [00:18:37] Windows Telephony Service - It's Got Some Call-ing Issues [CVE-2024-26230] [00:32:05] TRAVERTINE (CVE-2025-24118) Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Deanonymization with CloudFlare and Subaru's Security Woes 1:07:35
1:07:35 Play Later Play Later Lists Like Liked1:07:35
Play Later Play Later Lists Like LikedZero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a technique leverages CloudFlare to deanonymize users on messaging apps. PortSwigger also publishes a post on the Cookie Sandwich technique, and Subaru's weak admin panel security allows tracking and controlling other people's vehicles. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/270.html [00:00:00] Introduction [00:00:11] ZDI Threat Hunting 2024 - Highlights, Trends, and Challenges [00:21:44] Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform [00:41:54] Stealing HttpOnly cookies with the cookie sandwich technique [00:49:06] Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excavating an exploit strategy from crash logs of an In-The-Wild campaign. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/269.html [00:00:00] Introduction [00:07:48] Attacking Hypervisors - From KVM to Mobile Security Platforms [00:12:18] Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal [00:19:41] How an obscure PHP footgun led to RCE in Craft CMS [00:34:44] oss-security - RSYNC: 6 vulnerabilities [00:42:13] The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit [00:59:59] security-research/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/docs/exploit.md [01:10:35] GLibc Heap Exploitation Training Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
Specter and zi discuss their winter break, cover some interesting CCC talks, and discuss the summary judgement in the WhatsApp vs. NSO Group case. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/268.html [00:00:00] Introduction [00:09:53] 38C3: Illegal Instructions [00:35:38] WhatsApp v. NSO Group [01:04:06] Vulnerability Research Highlights 2024 [01:08:45] Debugging memory corruption: Who wrote ‘2’ into my stack?! [01:16:46] HardBreak [01:20:14] Announcing CodeQL Community Packs Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Day[0]
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
T
There’s a Better Way: Smart Talk on Healthcare and Technology
1
There’s a Better Way: Smart Talk on Healthcare and Technology
Surescripts
12k30
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Big tech is transforming every aspect of our world. But how, and at what cost? This season of Land of the Giants – The Disney Dilemma – focuses on Disney’s ability to weather the ups and downs of the business cycle and changing tastes and explores what has kept it successful for over 100 years. The entertainment giant has leveraged nostalgia and its intellectual property to build a beloved brand, but after an acquisition spree that included Marvel, Lucasfilm, and 20th Century Fox, can it sus ...
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k341
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
