Powered by RND
Ouça Day[0] na aplicação
Ouça Day[0] na aplicação
(1 200)(249 324)
Guardar rádio
Despertar
Sleeptimer

Day[0]

Podcast Day[0]
dayzerosec
A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.

Episódios Disponíveis

5 de 276
  • Exploiting Xbox 360 Hypervisor and Microcode Hacking
    A very technical episode this week, featuring some posts on hacking the xbox 360 hypervisor as well as AMD microcode hacking.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/276.html[00:00:00] Introduction[00:00:15] Reversing Samsung's H-Arx Hypervisor Framework - Part 1[00:10:34] Hacking the Xbox 360 Hypervisor Part 1: System Overview[00:21:18] Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit[00:30:48] Zen and the Art of Microcode Hacking[00:41:51] A very fancy way to obtain RCE on a Solr server[01:03:49] Cellebrite zero-day exploit used to target phone of Serbian student activist[01:16:03] When NULL isn't null: mapping memory at 0x0 on LinuxPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9
    --------  
    1:19:05
  • Path Confusion and Mixing Public/Private Keys
    This week's episode features a variety of vulnerabilities, including a warning on mixing up public and private keys in OpenID Connect deployments, as well as path confusion with an nginx+apache setup.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/275.html[00:00:00] Introduction[00:19:00] The OOB Read zi Introduced[00:16:55] Mixing up Public and Private Keys in OpenID Connect deployments[00:22:51] Nginx/Apache Path Confusion to Auth Bypass in PAN-OS [CVE-2025-0108][00:31:50] Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain[00:44:14] Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 3[00:48:48] GigaVulnerability: readout protection bypass on GigaDevice GD32 MCUs[00:56:57] Attempted Research in PHP Class PollutionPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9
    --------  
    59:34
  • ZDI's Triaging Troubles and LibreOffice Exploits
    We discuss an 0day that was dropped on Parallels after 7 months of no fix from the vendor, as well as ZDI's troubles with responses to researchers and reproducing bugs. Also included are a bunch of filesystem issues, and an insanely technical linux kernel exploit chain.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/274.html[00:00:00] Introduction[00:00:12] Training: Attacking Hypervisors[00:01:03] Dropping a 0 day: Parallels Desktop Repack Root Privilege Escalation[00:24:48] From Convenience to Contagion: The Half-Day Threat and Libarchive Vulnerabilities Lurking in Windows 11[00:30:19] Exploiting LibreOffice [CVE-2024-12425, CVE-2024-12426][00:46:47] Patch-Gapping the Google Container-Optimized OS for $0Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9
    --------  
    57:02
  • Recycling Exploits in MacOS and Pirating Audiobooks
    We cover a comical saga of vulnerabilities and variants from incomplete fixes in macOS, as well as a bypass of Chrome's miraclePtr mitigation against Use-After-Frees (UAFs). We also discuss an attack that abuses COM hijacking to elevate to SYSTEM through AVG Antivirus, and a permissions issue that allows unauthorized access to DRM'd audiobooks.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/273.html[00:00:00] Introduction[00:00:23] Attacking Hypervisors From KVM to Mobile Security Platforms [00:01:35] Endless Exploits: The Saga of a macOS Vulnerability Struck Nine Times[00:11:02] The Most "Golden" Bypass of 2024[00:44:55] Leaking the email of any YouTube user for $10,000[01:11:52] Unmasking Cryptographic Risks: A Deep Dive into the Nym Audit w/ Nadim KobeissiPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9
    --------  
    1:17:06
  • Top 10 Web Hacking Techniques and Windows Shadow Stacks
    In this episode, we discuss the US government discloses how many 0ds were reported to vendors in a first-ever report. We also cover PortSwigger's top 10 web hacking techniques of 2024, as well as a deep dive on how kernel mode shadow stacks are implemented on Windows by Connor McGarr.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/272.html[00:00:00] Introduction[00:01:50] U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report[00:19:54] What Okta Bcrypt incident can teach us about designing better APIs[00:40:08] Top 10 web hacking techniques of 2024[00:55:03] Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows[01:06:11] Accidentally uncovering a seven years old vulnerability in the Linux kernelPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9
    --------  
    1:12:42

Mais podcasts de Tecnologia

Sobre Day[0]

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.
Site de podcast

Ouça Day[0], Área de Transferência e muitos outros podcasts de todo o mundo com o aplicativo o radio.net

Obtenha o aplicativo gratuito radio.net

  • Guardar rádios e podcasts favoritos
  • Transmissão via Wi-Fi ou Bluetooth
  • Carplay & Android Audo compatìvel
  • E ainda mais funções
Aplicações
Social
v7.11.0 | © 2007-2025 radio.de GmbH
Generated: 3/14/2025 - 6:40:56 AM