An update on Apple v. Corellium, some 3DS vulnerabilities, and some drama on this weeks episode.
[00:00:34] Remote Chaos Experience
[00:20:06] Apple Inc. v. Corellium, LLC
[00:28:17] The Great Suspender - New maintainer is probably malicious
[00:36:59] An HTML Injection Worth 600$ Dollars
[00:44:06] Zoom Meeting Connector Post-Auth Remote Root
[00:46:21] Hijacking Google Docs Screenshots
[00:49:49] Nintendo 3DS - Improper certificate validation allows an attacker to perform MitM attacks
[00:52:02] Nintendo 3DS - Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player
[00:55:45] Apple macOS 6LowPAN Vulnerability [CVE-2020-9967]
[01:01:24] An iOS hacker tries Android
[01:14:29] Turning Imprisonment to Advantage in the FreeBSD ftpd chroot Jail [CVE-2020-7468]
[01:18:36] Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)
[01:27:17] Helping secure DOMPurify (part 1)
[01:28:23] A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation
[01:30:01] PS4 7.02 WebKit + Kernel Chain Implementation
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)