Big episode this week, with a lot of discussion about CTFs, kernel drama, and Github's exploit policy. Then some really interesting exploit strategies on Tesla and Netgear, along with some simple, yet deadly issues in Wordpress and Composer.

[00:00:32] An Update on the UMN Affair

• https://lwn.net/SubscriberLink/854645/334317047842b6c3/


• https://www-users.cs.umn.edu/%7Ekjlu/papers/full-disclosure.pdf

[00:11:29] [GitHub] Exploits and Malware Policy Updates

• https://github.com/github/site-policy/pull/397


• https://github.com/github/site-policy/pull/397/commits/f220679709b60dd4d6b34465a56b89bb79efcfe6#diff-24d72c4cb9785e60d5cbf50905291a5e079f4efd8c03f67904077cc2af4b8412L34

[00:18:22] OOO - DEF CON CTF

• https://oooverflow.io/


• https://twitter.com/oooverflow/status/1388920554111987715

[00:34:23] BadAlloc - Memory Allocation Vulnerabilities

• https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/


• https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04

[00:40:15] I See Dead μops: Leaking Secrets via Intel/AMDMicro-Op Caches

• http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf


• https://comparch.org/2021/05/01/i-see-dead-uops-thoughts-on-the-latest-spectre-paper-targeting-uop-caches/

[00:54:43] Brave - Stealing your cookies remotely

• https://infosecwriteups.com/brave-stealing-your-cookies-remotely-1e09d1184675

[00:57:37] Facebook account takeover due to unsafe redirects after the OAuth flow

• https://ysamm.com/?p=667

[01:03:11] WordPress 5.7 XXE Vulnerability

• https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/

[01:05:43] PHP Supply Chain Attack on Composer

• https://blog.sonarsource.com/php-supply-chain-attack-on-composer

[01:10:25] Multiple Issues in Libre Wireless LS9 Modules

• https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/

[01:14:50] macOS Gatekeeper Bypass

• https://objective-see.com/blog/blog_0x64.html


• https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508

[01:19:28] Linux Kernel /proc/pid/syscall information disclosure vulnerability

• https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211

[01:24:08] Remote Zero-Click Exploit in Tesla Automobiles

• https://kunnamon.io/tbone/

[01:31:00] NETGEAR Nighthawk R7000 httpd PreAuth RCE

• https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/

[01:34:43] Parallels Desktop RDPMC Hypercall Interface and Vulnerabilities

• https://www.zerodayinitiative.com/blog/2021/4/26/parallels-desktop-rdpmc-hypercall-interface-and-vulnerabilities

[01:39:24] Exploiting Undocumented Hardware Blocks in the LPC55S69

• https://oxide.computer/blog/lpc55/

[01:40:05] python stdlib "ipaddress" - Improper Input Validation [CVE-2021-29921]

• https://sick.codes/sick-2021-014/

[01:40:35] Ham Hacks: Breaking Into Software-defined Radio

• https://labs.bishopfox.com/industry-blog/ham-hacks-breaking-into-software-defined-radio

[01:41:59] gand3lf/heappy: A happy heap editor to support your exploitation process

• https://github.com/Gand3lf/heappy

[01:43:38] LiveQL Episode II: The Rhino in the room

• https://securitylab.github.co