Fingerprinting Exploit Devs, BLURtooth and Punking Punkbuster
Day[0] - Un pódcast de dayzerosec
Categorías:
Every wondering how you might fingerprint and trace exploit devs in the wild? Wondered what a backdoor in a D-Link router looks like? Want to hack Facebook (for Android)? We have all of that and more! [00:00:43] Google: Android Partner Vulnerability Initiative https://bugs.chromium.org/p/apvi/issues/list?q=&can=1 [00:02:55] Project Zero: Announcing the Fuzzilli Research Grant Program [00:08:40] GitHub: Code scanning is now available [00:16:39] Hunting for exploits by looking for the author's fingerprints [00:22:26] Forcing Firefox to Execute XSS Payloads during 302 Redirects [00:27:10] Exploiting fine-grained AWS IAM permissions for total cloud compromise https://medium.com/bugbountywriteup/aws-iam-explained-for-red-and-blue-teams-2dda8b20fbf7 [00:38:04] BLURtooth (the BLUR attacks) [00:44:25] Arbitrary code execution on Facebook for Android [00:51:44] [stripo] Public and secret api key leaked in JavaScript source [01:00:14] [GitLab] Unvalidated Oauth email results in accounts takeovers on 3rd parties [01:06:03] Hacking Grindr Accounts with Copy and Paste [01:16:37] Exploiting Other Remote Protocols in IBM WebSphere https://portswigger.net/web-security/deserialization/exploiting [01:25:57] The Anatomy of a Bug Door: Dissecting Two D-Link Router Authentication Bypasses [01:38:36] Hacking Punkbuster. [01:43:26] Race Condition in handling of PID by apport [CVE-2020-15702] [01:57:24] Hardware Hacking Experiments [01:59:11] How I automated McDonalds mobile game to win free iPhones [01:59:42] Voyager - A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel) [02:00:28] zznop/sploit: Go package that aids in binary analysis and exploitation Watch