Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering
Day[0] - Un pódcast de dayzerosec
Categorías:
Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups. [00:00:26] Project Zero: Policy and Disclosure: 2021 Edition https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html [00:06:27] Remote exploitation of a man-in-the-disk vulnerability in WhatsApp [CVE-2021-24027] https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/ [00:14:06] Allow arbitrary URLs, expect arbitrary code execution https://positive.security/blog/url-open-rce [00:18:29] GHSL-2020-340: log injection in SAP/Infrabox https://securitylab.github.com/advisories/GHSL-2020-340/ [00:22:21] Duo Two-factor Authentication Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/ [00:31:22] [Grammarly] Ability to DOS any organization's SSO and open up the door to account takeovers https://hackerone.com/reports/976603 [00:35:50] From 0 to RCE: Cockpit CMS https://swarm.ptsecurity.com/rce-cockpit-cms/?d [00:41:41] Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape https://www.bugcrowd.com/blog/big-bugs-cve-2020-28914/ [00:48:52] xscreensaver: raw socket leaked https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 [00:51:31] Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086) https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html [00:59:49] Exploiting System Mechanic Driver https://voidsec.com/exploiting-system-mechanic-driver/ [01:03:27] Zero-day vulnerability in Desktop Window Manager used in the wild [CVE-2021-28310] https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/ [01:08:33] Windows Defender mpengine remote code execution [CVE-2021-1647] https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1647.html [01:13:55] ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 https://leethax0.rs/2021/04/ElectricChrome/http://www.phrack.org/papers/attacking_javascript_engines.html [01:20:36] QEMU and U: Whole-system tracing with QEMU customization https://www.atredis.com/blog/qemu-and-u-whole-system-tracing-with-qemu-customization [01:21:31] Learning Resource - Hexterisk Blog https://hexterisk.github.io/blog/posts/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)