Zoom E2E, 15 year old bugs, and killing 20 year old attacks
Day[0] - Un pódcast de dayzerosec
Categorías:
The DAY[0] podcast will be on break until September 14, 2020
A quick chat about E2E Crypto and Zoom, followed by a few noteworth exploits including Bluetooth impersonation, a 15-year old qmail CVE, NordVPN, and an RCE in Google
- [00:00:50] Adventures of porting MUSL to PS4
- [00:01:55] End-to-End Encryption for Zoom Meetings
- [00:13:16] Memory safety - The Chromium Projects
- [00:21:17] First 0d iOS jailbreak in 6 years
- [00:24:11] BIAS: Bluetooth Impersonation AttackS
- [00:33:13] 15 years later: Remote Code Execution in qmail (CVE-2005-1513)
- [00:48:01] Privilege Escalation in Parallels Desktop via VGA Device [CVE-2020-8871]
- [00:55:50] Multiple vulnerabilities in Dovecot IMAP server
- [00:59:05] Yet another arbitrary delete EoP [CVE-2020–1088]
- [01:06:29] Vulnerabilities chain leading to privilege escalation [NordVPN]
- [01:09:27] Race condition in activating email resulting in infinite amount of diamonds received
- [01:12:23] RCE in Google Cloud Deployment Manager
- [01:28:17] QNAP Pre-Auth Root RCE
- [01:37:07] Safe-Linking - Eliminating a 20 year-old malloc() exploit primitive
- [01:47:37] Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget Sets
- [02:05:43] Precise XSS detection and mitigation with Client-side Templates
- [02:17:53] Documenting the impossible: Unexploitable XSS labs
DAY[0] will be on break until September but you can find the video archive on on Youtube (@DAY[0])