Windows Bugs, Duo 2FA Bypass, and some Reverse Engineering

Authentication bypasses, a Duo 2FA bypass, RCEs, a VM escape, and some reverse engineering writeups.

[00:00:26] Project Zero: Policy and Disclosure: 2021 Edition

• https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html

[00:06:27] Remote exploitation of a man-in-the-disk vulnerability in WhatsApp [CVE-2021-24027]

• https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/

[00:14:06] Allow arbitrary URLs, expect arbitrary code execution

• https://positive.security/blog/url-open-rce

[00:18:29] GHSL-2020-340: log injection in SAP/Infrabox

• https://securitylab.github.com/advisories/GHSL-2020-340/

[00:22:21] Duo Two-factor Authentication Bypass

• https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/

[00:31:22] [Grammarly] Ability to DOS any organization's SSO and open up the door to account takeovers

• https://hackerone.com/reports/976603

[00:35:50] From 0 to RCE: Cockpit CMS

• https://swarm.ptsecurity.com/rce-cockpit-cms/?d

[00:41:41] Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape

• https://www.bugcrowd.com/blog/big-bugs-cve-2020-28914/

[00:48:52] xscreensaver: raw socket leaked

• https://bugs.chromium.org/p/project-zero/issues/detail?id=2174

[00:51:31] Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)

• https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/


• https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html

[00:59:49] Exploiting System Mechanic Driver

• https://voidsec.com/exploiting-system-mechanic-driver/

[01:03:27] Zero-day vulnerability in Desktop Window Manager used in the wild [CVE-2021-28310]

• https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/

[01:08:33] Windows Defender mpengine remote code execution [CVE-2021-1647]

• https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1647.html

[01:13:55] ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3

• https://leethax0.rs/2021/04/ElectricChrome/


• http://www.phrack.org/papers/attacking_javascript_engines.html

[01:20:36] QEMU and U: Whole-system tracing with QEMU customization

• https://www.atredis.com/blog/qemu-and-u-whole-system-tracing-with-qemu-customization

[01:21:31] Learning Resource - Hexterisk Blog

• https://hexterisk.github.io/blog/posts/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)