Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!
Time to rewrite Linux in Rust? Probably not, but it has landed in linux-next which we talked about. We also look at a couple interesting GitHub vulns, and talk about fuzzing.
[00:00:28] Rust in the Linux Kernel
[00:13:40] Two Undocumented Instructions to Update Microcode Discovered
[00:19:06] DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS
[00:26:46] Abusing VoIPmonitor for Remote Code Execution
[00:32:18] Stealing arbitrary GitHub Actions secrets
[00:40:29] How we found and fixed a rare race condition in our session handling
[00:49:05] GitLab - Ability To Delete User(s) Account Without User Interaction
[00:52:49] New Old Bugs in the Linux Kernel
[01:00:33] Fuzzing: FastStone Image Viewer [CVE-2021-26236]
[01:06:53] A Replay-Style Deserialization Attack Against SharePoint [CVE-2021-27076]
[01:12:38] One day short of a full chain: Part 2 - Chrome sandbox escape
[01:18:58] Code execution in Wireshark via non-http(s) schemes in URL fields
[01:21:59] Attacking and Defending OAuth 2.0 (Part 2 of 2: Attacking OAuth 2.0 Authorization Servers)
[01:30:37] Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace
[01:42:00] Pulling Bits From ROM Silicon Die Images: Unknown Architecture
[01:42:28] 0dayfans.com
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
Create your
podcast in
minutes
It is Free