BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Player FM - Internet Radio Done Right
42 subscribers
Checked 11d ago
Added five years ago
Content provided by dayzerosec. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by dayzerosec or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Day[0]
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
D
Different, not broken
1 You're not supposed to be here and other Dad wisdom 29:22
29:22 
Play Later 
Play Later 
Lists 
Like 
Liked29:22
Play Later
Play Later
Lists
Like
LikedThe world often feels rigged. And this episode is a wake-up call to recognize the barriers that exist for those who don’t fit the traditional mold. In this episode, which is a kind of tribute to my dear departed Dad, I recount some powerful lessons from the man who was a brilliant psychiatrist and my biggest champion. He taught me that if something feels off about the environment you’re in, it probably is—and it’s absolutely hella-not your fault. We dare to break into the uncomfortable truth that many workplaces are designed for a very specific demographic, leaving neurodivergent individuals, particularly those on the autism spectrum, feeling excluded. I share three stories in which my Dad imparted to me more than my fair share of his wisdom, and I'm hoping you to can feel empowered. You'll learn that we can advocate for ourselves and others to create a more inclusive work culture. Newsletter Paste this into your browser if the newsletter link is broken - https://www.lbeehealth.com/ Join our Patreon - https://differentnotbrokenpodcast.com/patreon Mentioned in this episode: Sign Up For Our Newsletter Stay updated on all the things! Get added to our newsletter mailing list. Newsletter…
Linux Is Still a Mess and Vaultwarden Auth Issues
Manage episode 452052220 series 2606557
Content provided by dayzerosec. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by dayzerosec or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Linux userspace is still a mess and has some bad bugs in root utilities, and Vaultwarden has an interesting auth bypass attack.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/264.html
[00:00:00] Introduction
[00:00:29] LPEs in needrestart [Ubuntu]
[00:18:41] Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5
[00:31:50] From an Android Hook to RCE
[00:43:34] Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
281 episodes
ShareManage episode 452052220 series 2606557
Content provided by dayzerosec. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by dayzerosec or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Linux userspace is still a mess and has some bad bugs in root utilities, and Vaultwarden has an interesting auth bypass attack.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/264.html
[00:00:00] Introduction
[00:00:29] LPEs in needrestart [Ubuntu]
[00:18:41] Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5
[00:31:50] From an Android Hook to RCE
[00:43:34] Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
281 episodes
All episodes
×
D
Day[0]
1 Mitigating Browser Hacking - Interview with John Carse (SquareX Field CISO) 1:46:57
1:46:57 Play Later Play Later Lists Like Liked1:46:57
Play Later Play Later Lists Like LikedA special episode this week, featuring an interview with John Carse, Chief Information Security Officer (CISO) of SquareX. John speaks about his background in the security industry, grants insight into attacks on browsers, and talks about the work his team at SquareX is doing to detect and mitigate browser-based attacks.…
D
Day[0]
1 Pulling Gemini Secrets and Windows HVPT 1:33:22
1:33:22 Play Later Play Later Lists Like Liked1:33:22
Play Later Play Later Lists Like LikedA long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Windows new Hypervisor-enforced Paging Translation (HVPT). Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/280.html [00:00:00] Introduction [00:00:18] Doing the Due Diligence - Analyzing the Next.js Middleware Bypass [CVE-2025-29927] [00:29:20] We hacked Google’s A.I Gemini and leaked its source code (at least some part) [00:44:40] Improper Use of Private iOS APIs in some Vietnamese Banking Apps [00:55:03] Protecting linear address translations with Hypervisor-enforced Paging Translation (HVPT) [01:06:57] Code reuse in the age of kCET and HVCI [01:13:02] GhidraMCP: LLM Assisted RE [01:31:45] Emulating iOS 14 with qemu Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Session-ception and User Namespaces Strike Again 49:36
49:36 Play Later Play Later Lists Like Liked49:36
Play Later Play Later Lists Like LikedAPI hacking and bypassing Ubuntu's user namespace restrictions feature in this week's episode, as well as a bug in CimFS for Windows and revisiting the infamous NSO group WebP bug. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/279.html [00:00:00] Introduction [00:00:28] Next.js and the corrupt middleware: the authorizing artifact [00:06:15] Pwning Millions of Smart Weighing Machines with API and Hardware Hacking [00:20:37] oss-sec: Three bypasses of Ubuntu's unprivileged user namespace restrictions [00:32:10] CimFS: Crashing in memory, Finding SYSTEM (Kernel Edition) [00:43:18] Blasting Past Webp [00:47:50] We hacked Google’s A.I Gemini and leaked its source code (at least some part) Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Extracting YouTube Creator Emails and Spilling Azure Secrets 44:04
44:04 Play Later Play Later Lists Like Liked44:04
Play Later Play Later Lists Like LikedThis episode features some game exploitation in Neverwinter Nights, weaknesses in mobile implementation for PassKeys, and a bug that allows disclosure of the email addresses of YouTube creators. We also cover some research on weaknesses in Azure. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/278.html [00:00:00] Introduction [00:00:35] Exploiting Neverwinter Nights [00:08:48] PassKey Account Takeover in All Mobile Browsers [CVE-2024-9956] [00:22:51] Disclosing YouTube Creator Emails for a $20k Bounty [00:31:58] Azure’s Weakest Link? How API Connections Spill Secrets [00:39:02] SAML roulette: the hacker always wins [00:40:56] Compromise of Fuse Encryption Key for Intel Security Fuses Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 ESP32 Backdoor Drama and SAML Auth Bypasses 1:14:08
1:14:08 Play Later Play Later Lists Like Liked1:14:08
Play Later Play Later Lists Like LikedDiscussion this week starts with the ESP32 "backdoor" drama that circled the media, with some XML-based vulnerabilities in the mix. Finally, we cap off with a post on reviving modprobe_path for Linux exploitation, and some discussion around an attack chain against China that was attributed to the NSA. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/277.html [00:00:00] Introduction [00:00:25] The ESP32 "backdoor" that wasn't [00:14:26] Speedrunners are vulnerability researchers [00:27:58] Sign in as anyone: Bypassing SAML SSO authentication with parser differentials [00:38:47] Impossible XXE in PHP [00:52:41] Reviving the modprobe_path Technique: Overcoming search_binary_handler() Patch [01:04:15] Trigon: developing a deterministic kernel exploit for iOS [01:06:43] An inside look at NSA (Equation Group) TTPs from China’s lense Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Exploiting Xbox 360 Hypervisor and Microcode Hacking 1:19:05
1:19:05 Play Later Play Later Lists Like Liked1:19:05
Play Later Play Later Lists Like LikedA very technical episode this week, featuring some posts on hacking the xbox 360 hypervisor as well as AMD microcode hacking. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/276.html [00:00:00] Introduction [00:00:15] Reversing Samsung's H-Arx Hypervisor Framework - Part 1 [00:10:34] Hacking the Xbox 360 Hypervisor Part 1: System Overview [00:21:18] Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit [00:30:48] Zen and the Art of Microcode Hacking [00:41:51] A very fancy way to obtain RCE on a Solr server [01:03:49] Cellebrite zero-day exploit used to target phone of Serbian student activist [01:16:03] When NULL isn't null: mapping memory at 0x0 on Linux Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Path Confusion and Mixing Public/Private Keys 59:34
59:34 Play Later Play Later Lists Like Liked59:34
Play Later Play Later Lists Like LikedThis week's episode features a variety of vulnerabilities, including a warning on mixing up public and private keys in OpenID Connect deployments, as well as path confusion with an nginx+apache setup. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/275.html [00:00:00] Introduction [00:19:00] The OOB Read zi Introduced [00:16:55] Mixing up Public and Private Keys in OpenID Connect deployments [00:22:51] Nginx/Apache Path Confusion to Auth Bypass in PAN-OS [CVE-2025-0108] [00:31:50] Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain [00:44:14] Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 3 [00:48:48] GigaVulnerability: readout protection bypass on GigaDevice GD32 MCUs [00:56:57] Attempted Research in PHP Class Pollution Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 ZDI's Triaging Troubles and LibreOffice Exploits 57:02
57:02 Play Later Play Later Lists Like Liked57:02
Play Later Play Later Lists Like LikedWe discuss an 0day that was dropped on Parallels after 7 months of no fix from the vendor, as well as ZDI's troubles with responses to researchers and reproducing bugs. Also included are a bunch of filesystem issues, and an insanely technical linux kernel exploit chain. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/274.html [00:00:00] Introduction [00:00:12] Training: Attacking Hypervisors [00:01:03] Dropping a 0 day: Parallels Desktop Repack Root Privilege Escalation [00:24:48] From Convenience to Contagion: The Half-Day Threat and Libarchive Vulnerabilities Lurking in Windows 11 [00:30:19] Exploiting LibreOffice [CVE-2024-12425, CVE-2024-12426] [00:46:47] Patch-Gapping the Google Container-Optimized OS for $0 Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Recycling Exploits in MacOS and Pirating Audiobooks 1:17:06
1:17:06 Play Later Play Later Lists Like Liked1:17:06
Play Later Play Later Lists Like LikedWe cover a comical saga of vulnerabilities and variants from incomplete fixes in macOS, as well as a bypass of Chrome's miraclePtr mitigation against Use-After-Frees (UAFs). We also discuss an attack that abuses COM hijacking to elevate to SYSTEM through AVG Antivirus, and a permissions issue that allows unauthorized access to DRM'd audiobooks. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/273.html [00:00:00] Introduction [00:00:23] Attacking Hypervisors From KVM to Mobile Security Platforms [00:01:35] Endless Exploits: The Saga of a macOS Vulnerability Struck Nine Times [00:11:02] The Most "Golden" Bypass of 2024 [00:44:55] Leaking the email of any YouTube user for $10,000 [01:11:52] Unmasking Cryptographic Risks: A Deep Dive into the Nym Audit w/ Nadim Kobeissi Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Top 10 Web Hacking Techniques and Windows Shadow Stacks 1:12:42
1:12:42 Play Later Play Later Lists Like Liked1:12:42
Play Later Play Later Lists Like LikedIn this episode, we discuss the US government discloses how many 0ds were reported to vendors in a first-ever report. We also cover PortSwigger's top 10 web hacking techniques of 2024, as well as a deep dive on how kernel mode shadow stacks are implemented on Windows by Connor McGarr. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/272.html [00:00:00] Introduction [00:01:50] U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report [00:19:54] What Okta Bcrypt incident can teach us about designing better APIs [00:40:08] Top 10 web hacking techniques of 2024 [00:55:03] Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows [01:06:11] Accidentally uncovering a seven years old vulnerability in the Linux kernel Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Unicode Troubles, Bypassing CFG, and Racey Pointer Updates 41:29
41:29 Play Later Play Later Lists Like Liked41:29
Play Later Play Later Lists Like LikedOn the web side, we cover a portswigger post on ways of abusing unicode mishandling to bypass firewalls and a doyensec guide to OAuth vulnerabilities. We also get into a Windows exploit for a use-after-free in the telephony service that bypasses Control Flow Guard, and a data race due to non-atomic writes in the macOS kernel. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/271.html [00:00:00] Introduction [00:00:22] Bypassing character blocklists with unicode overflows [00:06:53] Common OAuth Vulnerabilities [00:18:37] Windows Telephony Service - It's Got Some Call-ing Issues [CVE-2024-26230] [00:32:05] TRAVERTINE (CVE-2025-24118) Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Deanonymization with CloudFlare and Subaru's Security Woes 1:07:35
1:07:35 Play Later Play Later Lists Like Liked1:07:35
Play Later Play Later Lists Like LikedZero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a technique leverages CloudFlare to deanonymize users on messaging apps. PortSwigger also publishes a post on the Cookie Sandwich technique, and Subaru's weak admin panel security allows tracking and controlling other people's vehicles. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/270.html [00:00:00] Introduction [00:00:11] ZDI Threat Hunting 2024 - Highlights, Trends, and Challenges [00:21:44] Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform [00:41:54] Stealing HttpOnly cookies with the cookie sandwich technique [00:49:06] Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excavating an exploit strategy from crash logs of an In-The-Wild campaign. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/269.html [00:00:00] Introduction [00:07:48] Attacking Hypervisors - From KVM to Mobile Security Platforms [00:12:18] Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal [00:19:41] How an obscure PHP footgun led to RCE in Craft CMS [00:34:44] oss-security - RSYNC: 6 vulnerabilities [00:42:13] The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit [00:59:59] security-research/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/docs/exploit.md [01:10:35] GLibc Heap Exploitation Training Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
Specter and zi discuss their winter break, cover some interesting CCC talks, and discuss the summary judgement in the WhatsApp vs. NSO Group case. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/268.html [00:00:00] Introduction [00:09:53] 38C3: Illegal Instructions [00:35:38] WhatsApp v. NSO Group [01:04:06] Vulnerability Research Highlights 2024 [01:08:45] Debugging memory corruption: Who wrote ‘2’ into my stack?! [01:16:46] HardBreak [01:20:14] Announcing CodeQL Community Packs Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
In our last episode of 2024, we delve into some operating system bugs in both Windows and Linux, as well as some bugs that are not bugs but rather AI slop. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/267.html [00:00:00] Introduction [00:06:48] Buffer Overflow Risk in Curl_inet_ntop and inet_ntop4 [00:19:20] Bypassing WAFs with the phantom $Version cookie [00:27:51] Windows Sockets: From Registered I/O to SYSTEM Privileges [00:34:02] ksthunk.sys Integer Overflow (PE) [00:38:20] Linux Kernel: TOCTOU in Exec System Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Machine Learning Attacks and Tricky Null Bytes 45:07
45:07 Play Later Play Later Lists Like Liked45:07
Play Later Play Later Lists Like LikedThis week's episode contains some LLM hacking and attacks on classifiers, as well as the renewal of DMA attacks with SD Express and the everlasting problems of null bytes. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/266.html [00:00:00] Introduction [00:00:31] Hacking 2024 by No Starch [00:09:18] Announcing the Adaptive Prompt Injection Challenge (LLMail-Inject) [00:14:37] Breaking Down Adversarial Machine Learning Attacks Through Red Team Challenges [00:25:49] Null problem! Or: the dangers of an invisible byte [00:36:32] New dog, old tricks: DaMAgeCard attack targets memory directly thru SD card reader Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypass. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/265.html [00:00:00] Introduction [00:00:16] Attacking Hypervisors From KVM to Mobile Security Platforms [00:02:30] Keyhole [00:10:12] Drilling the redirect_uri in OAuth [00:18:00] Cross-Site POST Requests Without a Content-Type Header [00:24:03] New AMSI Bypss Technique Modifying CLR.DLL in Memory Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Linux Is Still a Mess and Vaultwarden Auth Issues 52:18
52:18 Play Later Play Later Lists Like Liked52:18
Play Later Play Later Lists Like LikedLinux userspace is still a mess and has some bad bugs in root utilities, and Vaultwarden has an interesting auth bypass attack. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/264.html [00:00:00] Introduction [00:00:29] LPEs in needrestart [Ubuntu] [00:18:41] Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5 [00:31:50] From an Android Hook to RCE [00:43:34] Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 FortiJump Higher, Pishi, and Breaking Control Flow Flattening 1:00:38
1:00:38 Play Later Play Later Lists Like Liked1:00:38
Play Later Play Later Lists Like LikedThis week, we dive into some changes to V8CTF, the FortiJump Higher bug in Fortinet's FortiManager, as well as some coverage instrumentation on blackbox macOS binaries via Pishi. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/263.html [00:00:00] Introduction [00:00:25] V8 Sandbox Bypass Rewards [00:25:39] Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager [CVE-2024-47575] [00:38:07] Pishi: Coverage guided macOS KEXT fuzzing. [00:44:20] Breaking Control Flow Flattening: A Deep Technical Analysis [00:55:10] Firefox Animation CVE-2024-9680 - Dimitri Fourny [00:57:13] Internship Offers for the 2024-2025 Season Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Static Analysis, LLMs, and In-The-Wild Exploit Chains 1:22:02
1:22:02 Play Later Play Later Lists Like Liked1:22:02
Play Later Play Later Lists Like LikedMethodology is the theme of this week's episode. We cover posts about static analysis via CodeQL, as well as a novel blackbox binary querying language called QueryX. Project Zero also leverages Large Language Models to successfully find a SQLite vulnerability. Finally, we wrap up with some discussion on Hexacon and WOOT talks, with a focus on Clem1's In-The-Wild exploit chains insights via Google's Threat Analysis Group. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/262.html [00:00:00] Introduction [00:00:35] Discovering Hidden Vulnerabilities in Portainer with CodeQL [00:18:12] Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX [00:28:25] From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code [00:50:00] Hexacon2024 - Caught in the Wild, Past, Present and Future by Clem1 [01:06:34] Hexacon 2024 Videos [01:11:34] WOOT 2024 Videos [01:18:38] Securing the open source supply chain: The essential role of CVEs [01:20:19] A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Attacking Browser Extensions and CyberPanel 58:18
58:18 Play Later Play Later Lists Like Liked58:18
Play Later Play Later Lists Like LikedIn this week's episode, we talk a little bit about LLMs and how they can be used with static analysis. We also cover GitHub Security Blog's post on attacking browser extensions, as well as a somewhat controversial CyberPanel Pre-Auth RCE that was disclosed. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/261.html [00:00:00] Introduction [00:01:56] Autonomous Discovery of Critical Zero-Days [00:14:43] Attacking browser extensions [00:25:26] What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE [00:52:15] Security research on Private Cloud Compute [01:01:02] Bluetooth Low Energy GATT Fuzzing Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation 1:11:24
1:11:24 Play Later Play Later Lists Like Liked1:11:24
Play Later Play Later Lists Like LikedIn this week's episode, Specter recaps his experiences at Hardwear.IO and a PS5 hypervisor exploit chain presented there. We also cover some of the recently released DEF CON 32 talks. After the conference talk, we get into some filesystem exploit tricks and how arbitrary file write can be taken to code execution in read-only environments. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/260.html [00:00:00] Introduction [00:00:27] Hardwear.io NL 2024 [00:14:27] Byepervisor - Breaking the PS5 Hypervisor Security [00:26:38] DEF CON 32 Main Stage Talks [00:51:16] The Missing Guide to Filesystem Security [01:00:51] Why Code Security Matters - Even in Hardened Environments [01:09:12] How I Defeated An MMO Game Hack Author Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Zendesk's Email Fiasco and Rooting Linux with a Lighter 50:26
50:26 Play Later Play Later Lists Like Liked50:26
Play Later Play Later Lists Like LikedIn this week's episode, we cover the fiasco of a vulnerability in Zendesk that could allow intrusion into multiple fortune 500 companies. We also discuss a project zero blogpost that talks about fuzzing Dav1d and the challenges of fuzzing, as well as rooting Linux via EMFI with a lighter. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/259.html [00:00:00] Introduction [00:00:57] 1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies [00:27:10] Effective Fuzzing: A Dav1d Case Study [00:40:15] Can You Get Root With Only a Cigarette Lighter? Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
In our summer recap, we discuss Phrack's latest issue and talks from the new Off-by-One conference. We also cover some interesting bugs, such as a factorio lua RCE and another RCE via iconv. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/258.html [00:00:00] Introduction [00:01:06] Getting Started with Exploit Development [00:14:07] Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws [00:24:35] Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1) [00:43:29] Off-by-One Conference 2024 Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Attack of the CUPS and Exploiting Web Views via HSTS 1:08:09
1:08:09 Play Later Play Later Lists Like Liked1:08:09
Play Later Play Later Lists Like LikedIn this week's episode, we cover an attack utilizing HSTS for exploiting Android WebViews and abusing YouTube embeds in Google Slides for clickjacking. We also talk about the infamous CUPS attack, and the nuances that seem to be left behind in much of the discussion around it. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/257.html [00:00:00] Introduction [00:01:30] Exploiting Android Client WebViews with Help from HSTS [00:09:08] Using YouTube to steal your files [00:18:43] Attacking UNIX Systems via CUPS, Part I Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Future of the Windows Kernel and Encryption Nonce Reuse 33:52
33:52 Play Later Play Later Lists Like Liked33:52
Play Later Play Later Lists Like LikedIn this week's episode, we discuss Microsoft's summit with vendors on their intention to lock down the Windows kernel from endpoint security drivers and possibly anti-cheats. We also talk cryptography and about the problems of nonce reuse. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/256.html [00:00:00] Introduction [00:01:12] Friends don’t let friends reuse nonces [00:13:22] Serious Cryptography, 2nd Edition [00:14:30] Taking steps that drive resiliency and security for Windows customers Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
We are back and testing out a new episode format focusing more on discussion than summaries. We start talking a bit about the value of learning hacking by iterating on the same exploit and challenging yourself as a means of practicing the creative parts of exploitation. Then we dive into the recent Intel SGX fuse key leak, talk a bit about what it means, how it happened. We are seeking feedback on this format. Particularly interested in those of you with more of a bug bounty or higher-level focus if an episode like this would still be appealing? If you want to share any feedback feel free to DM us (@__zi or @specterdev) or email us at media [at] dayzerosec.com Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/255.html [00:00:00] Introduction [00:04:55] Exploiting CVE-2024-20017 4 different ways [00:22:26] Intel SGX Fuse Keys Extracted [00:51:01] Introducing the URL validation bypass cheat sheet Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 Memory Corruption: Best Tackled with Mitigations or Safe-Languages 58:23
58:23 Play Later Play Later Lists Like Liked58:23
Play Later Play Later Lists Like LikedMemory corruption is a difficult problem to solve, but many such as CISA are pushing for moves to memory safe languages. How viable is rewriting compared to mitigating? Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/254.html [00:00:00] Introduction [00:01:12] Clarifying Scope & Short/Long Term [00:04:28] Mitigations [00:15:37] Safe Languages Are Falliable [00:21:20] Weaknesses & Evolution of Mitigations [00:29:19] Rewriting and the Iterative Process [00:34:55] The Rewriting Scalability Argument [00:41:43] System vs App Bugs [00:48:46] Mitigations & Rewriting Are Not Mutually Exclusive [00:50:25] Corporate vs Open Source [00:54:12] Generational Change [00:56:18] Conclusion Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [discussion] A Retrospective and Future Look Into DAY[0] 1:03:55
1:03:55 Play Later Play Later Lists Like Liked1:03:55
Play Later Play Later Lists Like LikedChange is in the air for the DAY[0] podcast! In this episode, we go into some behind the scenes info on the history of the podcast, how it's evolved, and what our plans are for the future. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/253.html [00:00:00] Introduction [00:01:30] Early days of the DAY[0] podcast [00:14:10] Split into bounty and binary episodes [00:21:50] Novelty focus on topic selection [00:30:47] Difficulties with the current format [00:40:18] Change [00:48:02] New direction for content [00:57:42] Conclusions & Feedback Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [binary] Bypassing KASLR and a FortiGate RCE 29:47
29:47 Play Later Play Later Lists Like Liked29:47
Play Later Play Later Lists Like LikedBit of a lighter episode this week with a Linux Kernel ASLR bypass and a clever exploit to RCE FortiGate SSL VPN. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/252.html [00:00:00] Introduction [00:00:29] KASLR bypass in privilege-less containers [00:13:13] Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762 [00:19:32] Making Mojo Exploits More Difficult [00:22:57] Robots Dream of Root Shells [00:27:02] Gaining kernel code execution on an MTE-enabled Pixel 8 [00:28:23] SMM isolation - Security policy reporting (ISSR) Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [bounty] RCE'ing Mailspring and a .NET CRLF Injection 43:19
43:19 Play Later Play Later Lists Like Liked43:19
Play Later Play Later Lists Like LikedIn this week's bounty episode, an attack takes an XSS to RCE on Mailspring, a simple MFA bypass is covered, and a .NET CRLF injection is detailed in its FTP functionality. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/251.html [00:00:00] Introduction [00:00:20] Making Desync attacks easy with TRACE [00:16:01] Reply to calc: The Attack Chain to Compromise Mailspring [00:35:29] $600 Simple MFA Bypass with GraphQL [00:38:38] Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability [CVE-2023-36049] Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [binary] Future of Exploit Development Followup 46:41
46:41 Play Later Play Later Lists Like Liked46:41
Play Later Play Later Lists Like LikedIn the 250th episode, we have a follow-up discussion to our "Future of Exploit Development" video from 2020. Memory safety and the impacts of modern mitigations on memory corruption are the main focus.
D
Day[0]
1 [bounty] libXPC to Root and Digital Lockpicking 45:35
45:35 Play Later Play Later Lists Like Liked45:35
Play Later Play Later Lists Like LikedIn this episode we have an libXPC root privilege escalation, a run-as debuggability check bypass in Android, and digital lockpicking on smart locks. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/249.html [00:00:00] Introduction [00:00:21] Progress OpenEdge Authentication Bypass Deep-Dive [CVE-2024-1403] [00:05:19] xpcroleaccountd Root Privilege Escalation [CVE-2023-42942] [00:10:50] Bypassing the “run-as” debuggability check on Android via newline injection [00:18:09] Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2: discovered vulnerabilities) [00:43:06] Using form hijacking to bypass CSP The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
In this week's binary episode, Binary Ninja Free releases along with Binja 4.0, automated infoleak exploit generation for the Linux kernel is explored, and Nintendo sues Yuzu. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/248.html [00:00:00] Introduction [00:00:31] Binary Ninja Free [00:10:25] K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel [00:19:53] Glitching in 3D: Low Cost EMFI Attacks [00:22:08] Nintendo vs. Yuzu [00:38:32] Finding Gadgets for CPU Side-Channels with Static Analysis Tools [00:40:12] ThinkstScapes Research Roundup - Q4 - 2023 The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
A shorter episode this week, featuring some vulnerabilities impacting Google's AI and a SAML auth bypass. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/247.html [00:00:00] Introduction [00:00:31] We Hacked Google A.I. for $50,000 [00:17:26] SAML authentication bypass vulnerability in RobotsAndPencils/go-saml [CVE-2023-48703] [00:22:17] Exploiting CSP Wildcards for Google Domains [00:26:11] ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
VirtualBox has a very buggy driver, PostgreSQL has an Out of Bounds Access, and lifetime issues are demonstrated in Rust in "safe" code. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/246.html [00:00:00] Introduction [00:00:22] cve-rs [00:18:28] Oracle VM VirtualBox: Intra-Object Out-Of-Bounds Write in virtioNetR3CtrlVlan [00:32:30] PostgreSQL: Array Set Element Memory Corruption [00:35:06] Analyzing the Google Chrome V8 CVE-2024-0517 Out-of-Bounds Code Execution Vulnerability [00:37:15] Continuously fuzzing Python C extensions The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [bounty] A PHP and Joomla Bug and some DOM Clobbering 48:30
48:30 Play Later Play Later Lists Like Liked48:30
Play Later Play Later Lists Like LikedThis week's episode features a cache deception issue, Joomla inherits a PHP bug, and a DOM clobbering exploit. Also covered is a race condition in Chrome's extension API published by project zero. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/245.html [00:00:00] Introduction [00:00:21] Cache Deception Without Path Confusion [00:07:15] Hello Lucee! Let us hack Apple again? [00:14:41] Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities [00:26:37] Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild [00:38:23] chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to racy access check [00:42:28] 🎮 Diving Back into Games-related Bugs! [00:44:43] Exploiting Empire C2 Framework [00:46:19] iMessage with PQ3: The new state of the art in quantum-secure messaging at scale The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
Linux becomes a CNA and takes a stance on managing CVEs for themselves, and underutilized fuzzing strategies are discussed. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/244.html [00:00:00] Introduction [00:00:14] What to do about CVE numbers - The first article we bring up is the 2019 LWN article able Greg's talk back then. The topic itself is a more recent change actually moving forward. [00:26:50] Bug - Double free on `dcm_dataset_insert` · Issue #82 · ImagingDataCommons/libdicom [00:31:48] Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables [00:38:35] Underutilized Fuzzing Strategies for Modern Software Testing The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [bounty] GhostCMS, ClamAV, and the Top Web Hacking Techniques of 2023 47:19
47:19 Play Later Play Later Lists Like Liked47:19
Play Later Play Later Lists Like LikedIn this bounty episode, some straightforward bugs were disclosed in GhostCMS and ClamAV, and Portswigger publishes their top 10 list of web hacking techniques from 2023. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/243.html [00:00:00] Introduction [00:02:15] Ghost CMS Stored XSS Leading to Owner Takeover [CVE-2024-23724] [00:16:07] ClamAV Not So Calm [CVE-2024-20328] [00:21:00] Top 10 web hacking techniques of 2023 [00:44:46] Hacking a Smart Home Device [00:48:15] Cloud cryptography demystified: Amazon Web Services The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [binary] kCTF Changes, LogMeIn, and wlan VFS Bugs 33:53
33:53 Play Later Play Later Lists Like Liked33:53
Play Later Play Later Lists Like LikedGoogle makes some changes to their kCTF competition, and a few kernel bugs shake out of the LogMeIn and wlan VFS drivers. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/242.html [00:00:00] Introduction [00:00:29] Netfilter Tables Removed from kCTF [00:20:23] LogMeIn / GoTo LMIInfo.sys Handle Duplication [00:27:20] Several wlan VFS read handlers don't check buffer size leading to userland memory corruption [00:32:35] International Journal of Proof-of-Concept or Get The Fuck Out (PoC||GTFO) - 0x22 [00:34:15] Exploring AMD Platform Secure Boot The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [bounty] The End of a DEFCON Era and Flipper Zero Woes 1:16:22
1:16:22 Play Later Play Later Lists Like Liked1:16:22
Play Later Play Later Lists Like LikedDEF CON moves venues, the Canadian government moves to ban Flipper Zero, and some XSS issues affect Microsoft Whiteboard and Meta's Excalidraw. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/241.html [00:00:00] Introduction [00:00:33] DEF CON was canceled. [00:16:42] Federal action on combatting auto theft [00:39:03] Jenkins Arbitrary File Leak Vulnerability, CVE-2024-23897, Can Lead To RCE [00:43:27] Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140) [00:52:26] SSRF on a Headless Browser Becomes Critical! [00:59:04] ChatGPT Account Takeover - Wildcard Web Cache Deception [01:05:14] Differential testing and fuzzing of HTTP servers and proxies [01:10:14] Hunting for Vulnerabilities that are ignored by most of the Bug Bounty Hunters [01:19:38] Analyzing AI Application Threat Models The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
Libfuzzer goes into maintenance-only mode and syslog vulnerabilities plague some vendors in this week's episode. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/240.html [00:00:00] Introduction [00:00:20] LibFuzzer in Maintainence-only Mode [00:11:41] Heap-based buffer overflow in the glibc's syslog() [CVE-2023-6246] [00:26:33] Hunting for ~~Un~~authenticated n-days in Asus Routers [00:34:44] Inside the LogoFAIL PoC: From Integer Overflow to Arbitrary Code Execution [00:35:51] Chaos Communication Congress (37C3) recap [00:36:51] GitHub - google/oss-fuzz-gen: LLM powered fuzzing via OSS-Fuzz. The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [bounty] Public Private Android Keys and Docker Escapes 48:22
48:22 Play Later Play Later Lists Like Liked48:22
Play Later Play Later Lists Like LikedThis week we have a crazy crypto fail where some Android devices had updates signed by publicly available private keys, as well as some Docker container escapes. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/239.html [00:00:00] Introduction [00:00:22] Missing signs: how several brands forgot to secure a key piece of Android [00:13:37] ModSecurity: Path Confusion and really easy bypass on v2 and v3 [00:21:24] runc process.cwd & leaked fds container breakout [CVE-2024-21626] [00:24:23] Buildkit GRPC SecurityMode Privilege Check [CVE-2024-23653] [00:27:49] Jumpserver Preauth RCE Exploit Chain [00:43:49] 500$: MFA bypass By Race Condition [00:49:52] HTTP Downgrade attacks with SmuggleFuzz The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [binary] Busted ASLR, PixieFail, and Bypassing HVCI 46:17
46:17 Play Later Play Later Lists Like Liked46:17
Play Later Play Later Lists Like LikedThis week's binary episode features a range of topics from discussion on Pwn2Own's first automotive competition to an insane bug that broke ASLR on various Linux systems. At the lower level, we also have some bugs in UEFI, including one that can be used to bypass Windows Hypervisor Code Integrity mitigation. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/238.html [00:00:00] Introduction [00:02:40] 37C3: Unlocked - media.ccc.de [00:08:15] Zero Day Initiative — Pwn2Own Automotive 2024 - Day One Results [00:16:35] ASLRn’t: How memory alignment broke library ASLR [00:22:47] Unleashing ksmbd: remote exploitation of the Linux kernel (ZDI-23-979, ZDI-23-980) [00:26:33] PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. [00:31:10] Hunting down the HVCI bug in UEFI [00:35:51] A Deep Dive into V8 Sandbox Escape Technique Used in In-The-Wild Exploit [00:37:32] Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution - Exodus Intelligence [00:38:38] OffSec EXP-401 Advanced Windows Exploitation (AWE) - Course Review [00:44:56] Dumping GBA ROMs from Sound The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
D
Day[0]
1 [bounty] Reborn Homograph Attacks and Ransacking Passwords 1:14:00
1:14:00 Play Later Play Later Lists Like Liked1:14:00
Play Later Play Later Lists Like LikedA packed episode this week as we cover recent vulnerabilities from the last two weeks, including some IDORs, auth bypasses, and a HackerOne bug. Some fun attacks such as a resurface of IDN Homograph Attacks and timing attacks also appear. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/237.html [00:00:00] Introduction [00:02:59] 37C3: Unlocked - media.ccc.de [00:09:00] Ivanti's Pulse Connect Secure Auth Bypass and RCE [00:19:47] [HackerOne] View Titles of Private Reports with pending email invitation [00:23:58] 1 Program, 4 Business Logic Bugs and Cashing in 2300$. [00:33:32] Global site selector authentication bypass [00:42:55] IDN Homograph Attack - Reborn of the Rare Case [00:50:53] PII Disclosure At `theperfumeshop.com/register/forOrder` [00:54:40] [darkhttpd] timing attack and local leak of HTTP basic auth credentials [01:02:42] Ransacking your password reset tokens [01:08:11] Worse than SolarWinds: Three Steps to Hack Blockchains, GitHub, and ML through GitHub Actions [01:10:41] Crypto Gotchas! [01:13:37] Web LLM attacks [01:15:13] Improving LLM Security Against Prompt Injection [01:16:17] Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise [01:17:37] Kubernetes Scheduling And Secure Design The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Similar to Day[0]
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
