Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!
Day[0] - Un pódcast de dayzerosec
Categorías:
Time to rewrite Linux in Rust? Probably not, but it has landed in linux-next which we talked about. We also look at a couple interesting GitHub vulns, and talk about fuzzing. [00:00:28] Rust in the Linux Kernel https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/rust?id=c77c8025525c36c9d2b9d82e4539403701276a1dhttps://www.youtube.com/watch?v=FFjV9f_Ub9o&t=2066shttps://lkml.org/lkml/2020/7/9/952https://lkml.org/lkml/2020/7/10/1261 [00:13:40] Two Undocumented Instructions to Update Microcode Discovered https://twitter.com/_markel___/status/1373059797155778562 [00:19:06] DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS https://palant.info/2021/03/15/duckduckgo-privacy-essentials-vulnerabilities-insecure-communication-and-universal-xss/ [00:26:46] Abusing VoIPmonitor for Remote Code Execution https://www.rtcsec.com/post/2021/03/bug-discovery-diaries-abusing-voipmonitor-for-remote-code-execution/ [00:32:18] Stealing arbitrary GitHub Actions secrets https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html [00:40:29] How we found and fixed a rare race condition in our session handling https://github.blog/2021-03-18-how-we-found-and-fixed-a-rare-race-condition-in-our-session-handling/ [00:49:05] GitLab - Ability To Delete User(s) Account Without User Interaction https://hackerone.com/reports/928255 [00:52:49] New Old Bugs in the Linux Kernel https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.htmlhttps://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.03.12-linux-iscsi [01:00:33] Fuzzing: FastStone Image Viewer [CVE-2021-26236] https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236/ [01:06:53] A Replay-Style Deserialization Attack Against SharePoint [CVE-2021-27076] https://www.thezdi.com/blog/2021/3/17/cve-2021-27076-a-replay-style-deserialization-attack-against-sharepoint [01:12:38] One day short of a full chain: Part 2 - Chrome sandbox escape https://securitylab.github.com/research/one_day_short_of_a_fullchain_sbx [01:18:58] Code execution in Wireshark via non-http(s) schemes in URL fields https://gitlab.com/wireshark/wireshark/-/issues/17232 [01:21:59] Attacking and Defending OAuth 2.0 (Part 2 of 2: Attacking OAuth 2.0 Authorization Servers) https://www.praetorian.com/blog/attacking-and-defending-oauth-2/ [01:30:37] Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace https://blog.trailofbits.com/2021/03/19/un-bee-lievable-performance-fast-coverage-guided-fuzzing-with-honeybee-and-intel-processor-trace/ [01:42:00] Pulling Bits From ROM Silicon Die Images: Unknown Architecture https://ryancor.medium.com/pulling-bits-from-rom-silicon-die-images-unknown-architecture-b73b6b0d4e5d [01:42:28] 0dayfans.com https://0dayfans.com/https://github.com/dayzerosec/feedgenhttps://shop.spreadshirt.com/dayzerosec/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)