FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging
Day[0] - Un pódcast de dayzerosec
Categorías:
A New AMD sidechannel, and an old intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY[0].
- [00:00:21] Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote
- [00:06:52] Announcing Remote Participation in Pwn2Own Vancouver
- [00:11:22] Revoking certain certificates on March 4
- [00:19:40] FuzzBench: Fuzzer Benchmarking as a Service
- [00:28:53] Intel x86 Root of Trust: loss of trust
- [00:39:07] Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors
- [00:49:11] VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing
- [00:55:11] MediaTek rootkit affecting millions of Android devices
- [01:01:56] Zoho ManageEngine RCE
- [01:11:25] RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555)
- [01:14:22] Regex Vulnerabilities - parse-community/parse-server
- [01:18:57] HTTP request smuggling using malformed Transfer-Encoding header
- [01:27:20] [Nextcloud] Delete All Data of Any User
- [01:30:36] Dismantling DST80-based Immobiliser Systems
- [01:37:53] Exploring Backdoor Poisoning Attacks Against Malware Classifiers
- [01:45:59] Code Renewability for Native Software Protection
- [01:55:42] Security Analysis of Memory Tagging
- [02:04:15] DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@DAY[0])