Go offline with the Player FM app!
Deanonymization with CloudFlare and Subaru's Security Woes
Manage episode 463386244 series 2606557
Zero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a technique leverages CloudFlare to deanonymize users on messaging apps. PortSwigger also publishes a post on the Cookie Sandwich technique, and Subaru's weak admin panel security allows tracking and controlling other people's vehicles.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/270.html
[00:00:00] Introduction
[00:00:11] ZDI Threat Hunting 2024 - Highlights, Trends, and Challenges
[00:21:44] Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
[00:41:54] Stealing HttpOnly cookies with the cookie sandwich technique
[00:49:06] Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
282 episodes
Manage episode 463386244 series 2606557
Zero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a technique leverages CloudFlare to deanonymize users on messaging apps. PortSwigger also publishes a post on the Cookie Sandwich technique, and Subaru's weak admin panel security allows tracking and controlling other people's vehicles.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/270.html
[00:00:00] Introduction
[00:00:11] ZDI Threat Hunting 2024 - Highlights, Trends, and Challenges
[00:21:44] Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
[00:41:54] Stealing HttpOnly cookies with the cookie sandwich technique
[00:49:06] Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
282 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.