![Day[0]](https://static.mytuner.mobi/media/podcasts/063/day0-zero-days-for-day-zero.jpg)
Day[0]
dayzerosec
Categorias: Tecnología
Escuchar el último episodio:
A quick episode this week, which includes attacking VS Code with ASCII control characters, as well as a referrer leak and SCIM hunting.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/282.html
[00:00:00] Introduction
[00:00:57] Attacking Hypervisors - Training Update
[00:06:20] Drag and Pwnd: Leverage ASCII characters to exploit VS Code
[00:12:12] Full Referer URL leak through img tag
[00:17:52] SCIM Hunting - Beyond SSO
[00:25:17] Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Episodios anteriores
-
282 - Exploiting VS Code with Control CharactersMon, 12 May 2025
-
281 - Mitigating Browser Hacking - Interview with John Carse (SquareX Field CISO)Tue, 22 Apr 2025
-
280 - Pulling Gemini Secrets and Windows HVPTWed, 16 Apr 2025
-
279 - Session-ception and User Namespaces Strike AgainTue, 01 Apr 2025
-
278 - Extracting YouTube Creator Emails and Spilling Azure SecretsMon, 24 Mar 2025
-
277 - ESP32 Backdoor Drama and SAML Auth BypassesMon, 17 Mar 2025
-
276 - Exploiting Xbox 360 Hypervisor and Microcode HackingWed, 12 Mar 2025
-
275 - Path Confusion and Mixing Public/Private KeysMon, 03 Mar 2025
-
274 - ZDI's Triaging Troubles and LibreOffice ExploitsTue, 25 Feb 2025
-
273 - Recycling Exploits in MacOS and Pirating AudiobooksTue, 18 Feb 2025
-
272 - Top 10 Web Hacking Techniques and Windows Shadow StacksWed, 12 Feb 2025
-
271 - Unicode Troubles, Bypassing CFG, and Racey Pointer UpdatesTue, 04 Feb 2025
-
270 - Deanonymization with CloudFlare and Subaru's Security WoesMon, 27 Jan 2025
-
269 - Excavating Exploits and PHP FootgunsMon, 20 Jan 2025
-
268 - WhatsApp vs. NSO and CCC TalksTue, 14 Jan 2025
-
267 - Buggy Operating Systems Are Coming to TownMon, 16 Dec 2024
-
266 - Machine Learning Attacks and Tricky Null BytesMon, 09 Dec 2024
-
265 - A Windows Keyhole and Buggy OAuthMon, 02 Dec 2024
-
264 - Linux Is Still a Mess and Vaultwarden Auth IssuesTue, 26 Nov 2024
-
263 - FortiJump Higher, Pishi, and Breaking Control Flow FlatteningMon, 18 Nov 2024
-
262 - Static Analysis, LLMs, and In-The-Wild Exploit ChainsMon, 11 Nov 2024
-
261 - Attacking Browser Extensions and CyberPanelMon, 04 Nov 2024
-
260 - Hardwear.IO NL, DEF CON 32, and Filesystem ExploitationTue, 29 Oct 2024
-
259 - Zendesk's Email Fiasco and Rooting Linux with a LighterWed, 16 Oct 2024
-
258 - Summer Recap: Phrack, Off-by-One, and RCEsTue, 08 Oct 2024
-
257 - Attack of the CUPS and Exploiting Web Views via HSTSMon, 30 Sep 2024
-
256 - Future of the Windows Kernel and Encryption Nonce ReuseMon, 23 Sep 2024
-
255 - Iterating Exploits & Extracting SGX KeysMon, 16 Sep 2024
-
254 - Memory Corruption: Best Tackled with Mitigations or Safe-LanguagesFri, 17 May 2024
-
253 - [discussion] A Retrospective and Future Look Into DAY[0]Fri, 19 Apr 2024
-
252 - [binary] Bypassing KASLR and a FortiGate RCEWed, 20 Mar 2024
-
251 - [bounty] RCE'ing Mailspring and a .NET CRLF InjectionTue, 19 Mar 2024
-
250 - [binary] Future of Exploit Development FollowupWed, 13 Mar 2024
-
249 - [bounty] libXPC to Root and Digital LockpickingTue, 12 Mar 2024
-
248 - [binary] Binary Ninja Free and K-LEAKWed, 06 Mar 2024
-
247 - [bounty] Hacking Google AI and SAMLTue, 05 Mar 2024
-
246 - [binary] Rust Memory Corruption???Wed, 28 Feb 2024
-
245 - [bounty] A PHP and Joomla Bug and some DOM ClobberingTue, 27 Feb 2024
-
244 - [binary] Linux Burns Down CVEsWed, 21 Feb 2024
-
243 - [bounty] GhostCMS, ClamAV, and the Top Web Hacking Techniques of 2023Tue, 20 Feb 2024
-
242 - [binary] kCTF Changes, LogMeIn, and wlan VFS BugsWed, 14 Feb 2024
-
241 - [bounty] The End of a DEFCON Era and Flipper Zero WoesTue, 13 Feb 2024
-
240 - [binary] The Syslog SpecialWed, 07 Feb 2024
-
239 - [bounty] Public Private Android Keys and Docker EscapesTue, 06 Feb 2024
-
238 - [binary] Busted ASLR, PixieFail, and Bypassing HVCIWed, 31 Jan 2024
-
237 - [bounty] Reborn Homograph Attacks and Ransacking PasswordsTue, 30 Jan 2024
-
236 - [binary] Bypassing Chromecast Secure-Boot and Exploiting FactorioWed, 17 Jan 2024
-
235 - [bounty] A GitLab Account Takeover and a Coldfusion RCETue, 16 Jan 2024
-
234 - [binary] Allocator MTE, libwebp, and Operation TriangulationWed, 10 Jan 2024
-
233 - [bounty] Spoofing Emails, PandoraFMS, and KeycloakTue, 09 Jan 2024
