kr00k, GhostCat, and more issues from NordVPN, Samsung, OpenSMTPd
Day[0] - Un pódcast de dayzerosec
Categorías:
Join Specter and zi at they discuss several named vulns (kr00k, Forgot2kEyXCHANGE, GhostCat), the benefits of DNS-over-HTTPS, and a a few vulns in some of our regular targets: Samsung drivers, NordVPN, OpenSMTPd.
- [00:01:13] Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen
- [00:06:13] Firefox continues push to bring DNS over HTTPS by default for US users
- [00:19:07] Securing Memory at EPYC Scale
- [00:26:30] How a Hacker's Mom Broke Into a Prison—and the Warden's Computer
- [00:29:12] kr00k | ESET
- [00:33:14] CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys
- [00:37:41] CVE-2020-1938: Ghostcat vulnerability
- [00:46:16] LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)
- [00:55:43] Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance
- [01:00:30] x-request-id header reflected in server response without sanitization
- [01:05:54] Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection
- [01:12:56] Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition
- [01:14:59] Samsung Kernel Arbitrary /dev/vipx / /dev/vertex kfree
- [01:18:34] Samsung Kernel /dev/vipx Pointer Leak
- [01:22:21] HFL: Hybrid Fuzzing on the Linux Kernel – NDSS Symposium
- [01:30:32] Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors
- [01:38:27] Evasion techniques
- [01:39:31] Hacking Unicode Like a Boss
- [01:43:05] Pwning VMware, Part 2: ZDI-19-421, a UHCI bug | nafod
- [01:44:48] Intro to chrome's v8 from an exploit development angle
Watch Live on Twitch (@dayzerosec) at 3PM EST