A Look At OSEP, Hacking Metasploit and the Legal Risks of Research

This week we are joined by CTS to discuss fuzzing. We also take at PEN-300/OSEP. Before jumping into this weeks exploits, from NAT Slipstreaming to a Metasploit command injection and plenty in between.

• [00:01:06] Cybersecurity as we know it will be 'a thing of the past in the next decade,' says Cloudflare's COO
  
• [00:05:51] A Researcher’s Guide to Some Legal Risks of Security Research
  
• [00:10:57] Exploit Developer Spotlight: The Story of PlayBit
  
• [00:17:25] New Pentesting Course: PEN-300 (OSEP)
  
  • https://www.offensive-security.com/awe-osee/
  
  
• [00:28:20] Vulnonym: Stop the Naming Madness!
  
  • https://twitter.com/vulnonym
  
  
• [00:30:55] DeFuzz: Deep Learning Guided Directed Fuzzing
  
• [00:59:32] NAT Slipstreaming
  
• [01:08:10] GitLab CVE-2020-13294
  
• [01:13:17] Attacking Roku sticks for fun and profit
  
• [01:16:48] Tiki Wiki - Authentication Bypass [CVE-2020-15906]
  
• [01:20:12] Metasploit framework template command injection - CVE-2020-7384
  
• [01:23:43] Wormable remote code execution in Alien Swarm
  
• [01:29:50] Pulse Connect Secure - RCE via Uncontrolled Gzip Extraction [CVE-2020-8260]
  
• [01:32:55] The story of three CVE's in Ubuntu Desktop
  
• [01:41:31] CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation
  
• [01:46:36] Windows Kernel cng.sys pool-based buffer overflow
  
• [01:54:21] Vector35 releases all Binary Ninja core architecture plugins
  
• [01:55:33] How Debuggers Work: Getting and Setting x86 Registers, Part 1
  
• [01:56:12] CodeQL U-Boot Challenge (C/C++)
  
• [01:59:14] Fundamentals of Software Exploitation
  

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])