Breaking into HashiCorp Vault, Apple and Google
Its a web-exploit heavy episode impacing Apple, Hasicorp, Azure, Google, and even a DOMPurify Bypass. Then we end-off with a look into benchmarking fuzzers, and a look at the House of Muney heap exploitation technique. [00:00:49] Fuzzing internships for Open Source Software [00:03:15] CET Updates – CET on Xanax [00:09:07] Binary Ninja - Open Source Architectures [00:14:03] Memory Safe 'curl' for a More Secure Internet https://daniel.haxx.se/blog/2020/10/09/rust-in-curl-with-hyper/ [00:17:25] We Hacked Apple for 3 Months: Here’s What We Found [00:25:46] Race condition while removing the love react in community files [00:30:11] Enter the Vault: Authentication Issues in HashiCorp Vault [00:46:39] Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure [00:51:11] Password Reset Link Leaked In Refer Header [00:57:37] The mass CSRFing of *.google.com/* products. [01:06:02] A brief encounter with Leostream Connect Broker [01:15:47] Bypassing DOMPurify again with mutation XSS https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/https://github.com/marcinguy/jquery-xss-in-html [01:22:10] Apache Struts OGNL Remote Code Execution [CVE-2019-0230] [01:28:11] UNIFUZZ: A Holistic, Pragmatic Metrics-Driven Platform for Evaluating Fuzzers https://github.com/unifuzz/unibenchhttps://github.com/unifuzz [01:47:15] House of Muney - Leakless Heap Exploitation Technique https://github.com/mdulin2/house-of-muney Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])