Hacking Cameras, Stealing Logins, and Breaking Git

RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible.

[00:00:32] Critics fume after Github removes exploit code for Exchange vulnerabilities

• https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/


• https://borncity.com/win/2021/03/14/gab-es-beim-exchange-massenhack-ein-leck-bei-microsoft/

[00:09:21] CCTV: Now You See Me, Now You Don't

• https://research.aurainfosec.io/v380-ip-camera/

[00:13:47] CSRF to RCE Chain in Zabbix [CVE-2021-27927]

• https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce

[00:19:44] Stealing Froxlor login credentials using dangling markup [CVE-2020-29653]

• https://labs.detectify.com/2021/03/10/cve-2020-29653-stealing-froxlor-login-credentials-dangling-markup/

[00:25:29] git: malicious repositories can execute remote code while cloning

• https://www.openwall.com/lists/oss-security/2021/03/09/3


• https://github.com/gitster/git/commit/684dd4c2b414bcf648505e74498a608f28de4592

[00:30:49] git: malicious repositories can execute remote code while cloning

• https://www.openwall.com/lists/oss-security/2021/03/09/3


• https://bugs.chromium.org/p/project-zero/issues/detail?id=2021

[00:33:37] Dell OpenManage Server Administrator File Read [CVE-2020-5377]

• https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/

[00:38:55] Windows Containers: ContainerUser has Elevated Privileges

• https://bugs.chromium.org/p/project-zero/issues/detail?id=2127

[00:40:18] Windows Containers: Host Registry Virtual Registry Provider Bypass EoP

• https://bugs.chromium.org/p/project-zero/issues/detail?id=2129

[00:42:34] F5 Big IP - ASM stack-based buffer overflow in is_hdr_criteria_matches

• https://bugs.chromium.org/p/project-zero/issues/detail?id=2132

[00:48:59] F5 Big IP - TMM uri_normalize_host infoleak and out-of-bounds write

• https://bugs.chromium.org/p/project-zero/issues/detail?id=2126

[00:59:37] One day short of a full chain: Part 1 - Android Kernel arbitrary code execution

• https://securitylab.github.com/research/one_day_short_of_a_fullchain_android

[01:08:07] Exploiting a “Simple” Vulnerability, Part 2 – What If We Made Exploitation Harder?

• https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder

[01:09:11] Playing in the (Windows) Sandbox

• https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/

[01:09:39] Regexploit: DoS-able Regular Expressions

• https://blog.doyensec.com/2021/03/11/regexploit.html

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)