Start / Day[0] / Industrial control fails and a package disguised in your own supply

Industrial Control Fails and a Package disguised in your own supply

105 min • 16 februari 2021

"Beg Bounty" hunters, dependency confusion, iOS kernel vuln, and how not to respond to security research.

[00:00:59] Florida Water Treatment Facility Hacked

[00:09:19] Have a domain name? "Beg bounty" hunters may be on their way

https://news.sophos.com/en-us/2021/02/08/have-a-domain-name-beg-bounty-hunters-may-be-on-their-way/amp/

[00:20:14] FootFallCam and MetaTechnology Drama

[00:28:33] Telegram privacy fails [CVE-2021-27204] [CVE-2021-27205]

[00:36:43] Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies

[00:44:33] Exploiting a Second-Order SQL Injection in LibreNMS [CVE-2020-35700]

[00:50:46] Swarm of Palo Alto PAN-OS vulnerabilities

[00:56:25] Advantech iView Missing Authentication RCE [CVE-2021-22652]

https://blog.rapid7.com/2021/02/11/cve-2021-22652-advantech-iview-missing-authentication-rce-fixed/

[01:02:30] Windows kernel zero-day exploit [CVE-2021-1732]

https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/

[01:08:50] Analysis and exploitation of the iOS kernel vulnerability [CVE-2021-1782]

https://www.synacktiv.com/publications/analysis-and-exploitation-of-the-ios-kernel-vulnerability-cve-2021-1782

[01:20:10] Misusing Service Workers for Privacy Leakage

https://www.ndss-symposium.org/ndss-paper/awakening-the-webs-sleeper-agents-misusing-service-workers-for-privacy-leakage/

[01:27:53] security things in Linux v5.8

[01:40:42] Linux Heap Exploitation - Part 2

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)

Kategorier

Förekommer på

00:00 -00:00