After 283 episodes, this will be the final episode of the DAY[0] podcast.
We started the podcast on a hopeful note in the days following Ghidra's release. Now, to end it off we've got another discussion about how we see the future of vulnerability research and exploit development going.
We recorded this episode before all the hype around "Mythos" and Project Glasswing so it doesn't play into our commentary here.
Thank you all for the support over the last seven years.
Good luck and happy hacking!
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/283.html
[00:00:00] Introduction [00:09:57] Summer/Year Break Recap [00:10:18] Opening pAMDora's Box and Unleashing a Thousand Paths on the Journey to Play Beatsaber Custom [00:27:20] Vulnerability Research Is Cooked [01:15:42] Outro
Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Exploiting VS Code with Control Characters
12/05/2025 | 30min
A quick episode this week, which includes attacking VS Code with ASCII control characters, as well as a referrer leak and SCIM hunting.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/282.html
[00:00:00] Introduction [00:00:57] Attacking Hypervisors - Training Update [00:06:20] Drag and Pwnd: Leverage ASCII characters to exploit VS Code [00:12:12] Full Referer URL leak through img tag [00:17:52] SCIM Hunting - Beyond SSO [00:25:17] Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Mitigating Browser Hacking - Interview with John Carse (SquareX Field CISO)
22/04/2025 | 1h 46min
A special episode this week, featuring an interview with John Carse, Chief Information Security Officer (CISO) of SquareX. John speaks about his background in the security industry, grants insight into attacks on browsers, and talks about the work his team at SquareX is doing to detect and mitigate browser-based attacks.
Pulling Gemini Secrets and Windows HVPT
16/04/2025 | 1h 33min
A long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Windows new Hypervisor-enforced Paging Translation (HVPT).
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/280.html
[00:00:00] Introduction [00:00:18] Doing the Due Diligence - Analyzing the Next.js Middleware Bypass [CVE-2025-29927] [00:29:20] We hacked Google’s A.I Gemini and leaked its source code (at least some part) [00:44:40] Improper Use of Private iOS APIs in some Vietnamese Banking Apps [00:55:03] Protecting linear address translations with Hypervisor-enforced Paging Translation (HVPT) [01:06:57] Code reuse in the age of kCET and HVCI [01:13:02] GhidraMCP: LLM Assisted RE [01:31:45] Emulating iOS 14 with qemu
Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Session-ception and User Namespaces Strike Again
01/04/2025 | 49min
API hacking and bypassing Ubuntu's user namespace restrictions feature in this week's episode, as well as a bug in CimFS for Windows and revisiting the infamous NSO group WebP bug.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/279.html
[00:00:00] Introduction [00:00:28] Next.js and the corrupt middleware: the authorizing artifact [00:06:15] Pwning Millions of Smart Weighing Machines with API and Hardware Hacking [00:20:37] oss-sec: Three bypasses of Ubuntu's unprivileged user namespace restrictions [00:32:10] CimFS: Crashing in memory, Finding SYSTEM (Kernel Edition) [00:43:18] Blasting Past Webp [00:47:50] We hacked Google’s A.I Gemini and leaked its source code (at least some part)
Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
![Day[0]](https://br.radio.net/podcast-images/175/day-0-zero-days-for-day-zero.jpeg?version=39b1eeaf9186bacda468ed716e56434cc5b5c1b7){kind=small}
![Day[0]](https://podcast-images-prod.radio-assets.com/175/day-0-zero-days-for-day-zero.jpeg?version=39b1eeaf9186bacda468ed716e56434cc5b5c1b7)
Brasil