Google exposes an APT campaign, PHP owned, and Several Auth Issues

Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption.

[00:00:46] Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy

• https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/

[00:21:48] PHP Git Compromised

• https://news-web.php.net/php.internals/113838


• https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a

[00:32:24] [Google Chrome] File System Access API vulnerabilities

• https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome

[00:37:58] Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos

• https://hackerone.com/reports/1034257

[00:42:05] GHSL-2020-323: Template injection in a GitHub workflow of geek-cookbook

• https://securitylab.github.com/advisories/GHSL-2020-323-geek-cookbook-workflow/

[00:47:58] H2C Smuggling in the Wild

• https://blog.assetnote.io/2021/03/18/h2c-smuggling/


• https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c

[00:53:27] H2C Smuggling in the Wild

• https://blog.assetnote.io/2021/03/18/h2c-smuggling/

[00:57:18] Multiple Authorization bypass issues in Google's Richmedia Studio

• https://www.ehpus.com/post/multiple-authorization-bypass-issues-in-google-s-richmedia-studio

[01:06:15] DD-WRT UPNP Buffer Overflow

• https://ssd-disclosure.com/ssd-advisory-dd-wrt-upnp-buffer-overflow/


• https://github.com/mirror/dd-wrt/commit/da1d65a2ec471f652c77ae0067544994cdaf5e27

[01:10:36] GHSL-2021-045: Integer Overflow in GLib - [CVE-2021-27219]

• https://securitylab.github.com/advisories/GHSL-2021-045-g_bytes_new/

[01:14:12] Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities

• https://raelize.com/blog/qualcomm-ipq40xx-analysis-of-critical-qsee-vulnerabilities/

[01:22:50] One day short of a full chain: Part 3 - Chrome renderer RCE

• https://securitylab.github.com/research/one_day_short_of_a_fullchain_renderer/

[01:35:37] Chat Question: Where to learn about Windows Heap exploitation

• https://dayzerosec.com

[01:39:44] Adobe Reader CoolType arbitrary stack manipulation in Type 1/Multiple Master othersubrs 14-18

• https://bugs.chromium.org/p/project-zero/issues/detail?id=2131

[01:46:26] Eliminating XSS from WebUI with Trusted Types

• https://microsoftedge.github.io/edgevr/posts/eliminating-xss-with-trusted-types/

[01:54:19] Hidden OAuth attack vectors

• https://portswigger.net/research/hidden-oauth-attack-vectors

[02:03:05] The Future of C Code Review

• https://research.nccgroup.com/2021/03/23/the-future-of-c-code-review/

[02:15:03] Microsoft Exchange Server-Side Request Forgery [CVE-2021-26855]

• https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-26855.html

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)