Defcon is canceled, Microsoft was hacked, Rust has vulns
Day[0] - Un pódcast de dayzerosec
Categorías:
Update: While we talk about Huawei Kernel Self Protection (HKSP) I make mention of the authors statement that he is unrelated to Huawei. Turns out this statement, despite a commit date of Friday wasn't pushed until Monday morning so it was not original. Further information has also come out showing that the author is a Huawei employee, so the relationship is much closer than I believe it to be. ~zi
It was a busy week, Microsofts Github account was hacked, Centurylink Routers have no security, and multiple interactionless RCEs in Samsung phones.
- [00:01:45] OpenOrbis PS4 Toolchain
- [00:05:06] DEF CON 28 in-person conference is CANCELLED
- [00:13:23] The Nintendo leak saga continues...
- [00:18:40] Keybase joins Zoom
- [00:33:41] Azure Security Lab - Research Challenge
- [00:42:38] Hijacking Centurylink Routers [CVE 2019-19639]
- [00:46:24] DoS on Twitter App
- [00:51:39] A tale of verbose error message and a JWT token
- [01:00:29] Pentesting Cisco SD-WAN Part 2: Breaking routers
- [01:04:21] Memory leak and Use After Free in Squid
- [01:17:48] How a Deceptive Assert Caused a Critical Windows Kernel Vulnerability
- [01:28:30] Samsung Android multiple interactionless RCE
- [01:38:25] Linux futex+VFS Use-After-Free
- [01:45:03] Huawei HKSP Introduces Trivially Exploitable Vulnerability
- [01:50:32] Ragnarok Stopper: development of a vaccine
- [01:55:51] Understanding Memory and Thread Safety Practices and Issues in Real-World Rust Programs
- [02:09:34] Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters
- [02:10:19] GitHub - JHUAPL/Beat-the-Machine: Reverse engineering basics in puzzle form