Exploits-galore iOS (checkm8), Android, Signal, Whatsapp, PHP and more
Day[0] - Un pódcast de dayzerosec
Categorías:
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube
- [00:00:40] What happened while we were gone. ft. Defcon and Blackhat discussion
- [00:20:10] Checkm8 - iPhone bootROM exploit
- [00:28:52] iPhone A11 debug registers allow full-featured kernel debugging
- [00:32:52] Android: Use-After-Free in Binder driver
- https://groups.google.com/forum/#!msg/syzkaller-bugs/QyXdgUhAF50/g-FXVo1OAwAJ
- [00:39:36] PHP 7.0-7.3 disable_functions bypass
- https://bugs.php.net/bug.php?id=72530
- [00:51:49] An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples
- https://cwe.mitre.org/data/definitions/20.html
- [01:03:18] Signal RTP is processed before call is answered
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
- [01:08:47] Whatsapp RCE
- [01:14:58] Attacking CNN-based anti-spoofing face authentication in the physical domain
- [01:22:52] The Kernel Concurrency Sanitizer (KCSAN)
- [01:30:36] Eradicating Attacks on the Internal Network with Internal Network Policy
- [01:39:22] Analyzing Control Flow Integrity with LLVM-CFI