Sveriges mest populära poddar
Start / Day[0] / Nosql injection mobile misconfigurations and a wormable windows bug

Day[0]

NoSQL Injection, Mobile Misconfigurations and a Wormable Windows Bug

71 min • 25 maj 2021

Another short episode this week covering graphql attacks, a couple NoSQL injections, a few misconfigurations and a cool attack to reset monotonic counters on a Mifare card.

[00:01:25] From CTFs to the Real World

  • https://dayzerosec.com/tags/ctf-to-real-world/

[00:02:50] [GitHub] Exploits and Malware Policy Updates

  • https://github.com/github/site-policy/pull/397

  • https://github.com/github/site-policy/pull/397/files

[00:07:37] Mobile app developers’ misconfiguration of third party services leave personal data of over 100 million exposed

  • https://research.checkpoint.com/2021/mobile-app-developers-misconfiguration-of-third-party-services-leave-personal-data-of-over-100-million-exposed/

[00:13:49] QNAP MusicStation/MalwareRemover Pre-Auth RCE

  • https://www.shielder.it/advisories/qnap-musicstation-malwareremover-pre-auth-remote-code-execution/

[00:17:45] 2FA Bypass via Forced Browsing

  • https://infosecwriteups.com/2fa-bypass-via-forced-browsing-9e511dfdb8df

[00:24:22] That single GraphQL issue that you keep missing

  • https://blog.doyensec.com/2021/05/20/graphql-csrf.html

[00:32:22] Remote code execution in squirrelly [CVE-2021-32819]

  • https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/

[00:44:30] NoSQL Injections in Rocket.Chat

  • https://blog.sonarsource.com/nosql-injections-in-rocket-chat/

  • https://hackerone.com/reports/1130721

[00:49:15] RFID: Monotonic Counter Anti-Tearing Defeated

  • https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html

[00:56:24] A Wormable Code Execution Bug in HTTP.sys [CVE-2021-31166]

  • https://www.zerodayinitiative.com/blog/2021/5/17/cve-2021-31166-a-wormable-code-execution-bug-in-httpsys

  • https://github.com/0vercl0k/CVE-2021-31166

[01:04:15] Fuzzing iOS code on macOS at native speed

  • https://googleprojectzero.blogspot.com/2021/05/fuzzing-ios-code-on-macos-at-native.html

[01:05:07] RuhrSec 2018: "Keynote: Weird machines, exploitability and unexploitability", Thomas Dullien

  • https://www.youtube.com/watch?v=1ynkWcfiwOk

[01:07:58] Browser fuzzing at Mozilla

  • https://blog.mozilla.org/attack-and-defense/2021/05/20/browser-fuzzing-at-mozilla/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)

Kategorier
PoddarTeknologi
Förekommer på
Teknik
00:00 -00:00
Hur lyssnar jag på podcast?

En liten tjänst av I'm With Friends. Finns även på engelska.