Binary Ninja's Decompiler, git credential leak, cross-platform LPEs
Day[0] - Un pódcast de dayzerosec
Categorías:
Zoom vuln worth $500k? Probably not... What is worth $500k? Binary Ninja's new decompiler...okay probably not but it is exciting.We've also got some stupid issues and some interesting LPEs this episode.
- [00:00:29] Cognizant suffers Maze Ransomware cyber attack
- [00:14:08] Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000
- [00:27:46] How I Reverse Engineered the LastPass CLI Tool
- [00:35:59] State of the Ninja: Episode 13
- [01:02:18] Riot offering up to $100k n Bug Bounty
- [01:05:31] Research Grants to support Google VRP Bug Hunters during COVID-19
- [01:09:08] Denial of service to WP-JSON API by cache poisoning
- [01:11:43] CSRF to RCE bug chain in Prestashop
- [01:21:16] Unintended disclosure of OTP
- [01:24:20] JSON Web Token Validation Bypass in Auth0 Authentication API
- [01:27:06] git: Newline injection in credential helper
- [01:31:20] How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability
- [01:36:34] Pwning vCenter with CVE-2020-3952
- [01:45:19] Oracle Solaris 11.x/10 whodo/w Buffer Overflow
- [01:51:22] Linux Kernel EoP via Improper eBPF Program Verification [CVE-2020-8835]
- [01:57:39] Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c4f42c24e02ce82392d8f8fe215570568380c8ab
- [02:07:20] Ricerca Security: "SMBGhost pre-auth RCE
- [02:14:01] IJON: Exploring Deep State Spaces via Fuzzing
- [02:23:26] Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
- [02:27:45] GitHub - wcventure/FuzzingPaper