This week is a shorter episode, but still some solid bugs to look at. From a full chain Chrome exploit, to a Kindle chain from remote to root and a eBPF incorrect calculation leading to OOB read/write.
[00:00:41] Albicla launch clusterfuck
[00:04:41] [NordVPN] RCE through Windows Custom Protocol on Windows client
[00:09:00] Chaining Multiple bugs for Unauthenticated RCE in the SolarWinds Orion Platform
[00:18:50] The Embedded YouTube Player Told Me What You Were Watching (and more)
[00:24:27] The State of State Machines
[00:34:21] KindleDrip - From Your Kindle’s Email Address to Using Your Credit Card
[00:44:00] New campaign targeting security researchers
[00:44:42] An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier
[00:49:18] Chat Question: What do we think of HackTheBox
[00:53:51] Bad Pods: Kubernetes Pod Privilege Escalation
[00:53:24] [Linux Kernel Exploitation 0x2] Controlling RIP and Escalating privileges via Stack Overflow
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)