Universal Deserialization, Stealing Youtube Videos, and CTFs
A new universal deserialization gadget for Ruby, a Rocket.Chat SAML auth bypass, and some heap exploitation research.
[00:00:36] Cybersecurity Knowledge and Skills Taught in Capture the Flag Challenges
[00:10:36] Universal Deserialisation Gadget for Ruby 2.x-3.x
[00:13:54] Stealing Your Private YouTube Videos, One Frame at a Time
[00:21:43] Rocket.chat - SAML authentication bypass
[00:25:49] curl is vulnerable to SSRF due to improperly parsing the host component of the URL
[00:31:02] Issue 2095: Node.js: use-after-free in TLSWrap
[00:35:28] Preventing Use-After-Free Attacks with Fast Forward Allocation
[00:49:38] Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
[00:59:50] A Samsung RKP Compendium
[01:11:32] Analyzing CVE-2020-16040
[01:13:51] HexLasso Online
[01:15:30] A Side Journey to Titan
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
Create your
podcast in
minutes
It is Free