Linux Exploits, Secure Credentials, Side-Channels and Election(SDK) hacking

Update: 2019-10-21

Description

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00 pm PST (3:00 pm EST)

Or the video archive on Youtube (@DAY[0])

[00:01:29 ] Sudo: CVE-2019-14287

[00:08:40 ] Buffer overflow in Realtek Wi-Fi chips

[00:17:13 ] US Law Enforcement Traces Bitcoin Transfers to Nab ‘Largest’ Child Porn Site

[00:39:45 ] Equifax Using admin:admin as Credentials for Sensitive Information

[00:48:40 ] CenturyLink Data Leak of 2.8 Million Records

[00:56:37 ] NordVPN Reportedly Compromised

https://crt.sh/?q=nordvpn.com

[00:59:07 ] NordVPN Reportedly Compromised

https://twitter.com/hexdefined/status/1185974575214940161

https://nordvpn.com/

https://thatoneprivacysite.net/

[01:07:45 ] Pop_OS 19.10

[01:13:26 ] JSFuzz

[01:19:08 ] Site Isolation improvement (and now on Android)

[01:22:54 ] A New Memory Type Against Speculative Side Channel Attacks

[01:30:06 ] oo7: Low-overhead Defense against Spectre Attacks via Program Analysis

[01:38:37 ] UK Government to fund development of attack resistant Arm chips

[01:46:59 ] Germany's Cyber Security Agency Recommends Firefox as Most Secure Browser

[02:01:36 ] Facebook Expanding Bug Bountry Program to Third-Party Apps

https://www.facebook.com/whitehat/info/

[02:04:14 ] ElectionGuard SDK Bug Bounty

https://www.youtube.com/watch?v=w3_0x6oaDmI

https://www.youtube.com/watch?v=BYRTvoZ3Rho

https://www.microsoft.com/en-us/msrc/bounty-electionguard

Comments

In Channel

Linux Exploits, Secure Credentials, Side-Channels and Election(SDK) hacking

2019-10-2102:13:43

[binary] Fuchsia OS, Printer Bugs, and Hacking Radare2

2022-06-0254:43

[bounty] A Zoom RCE, VMware Auth Bypass, and GitLab Stored XSS

2022-05-3151:35

[binary] Pwn2Own, Parallels Desktop, and an AppleAVD Bug

2022-05-2634:29

[bounty] Stealing DropBox Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability

2022-05-2432:32

[bounty] Deleting Rubygems, BIG-IP Auth Bypass, and a Priceline Account Takeover

2022-05-1734:23

[binary] Pwn2Owning Routers and Anker Eufy Bugs

2022-05-1230:40

[bounty] Cloudflare Pages, Hacking a Bank, and Attacking Price Oracles

2022-05-1038:36

[binary] NimbusPwn, a CLFS Vulnerability, and DatAFLow (Fuzzing)

2022-05-0541:59

[bounty] XSS for NFTs, a VMWare Workspace ONE UEM SSRF, and GitLab CI Container Escape

2022-05-0337:06

[binary] Getting into Vulnerability Research and a FUSE use-after-free

2022-04-2849:54

[bounty] A Struts RCE, Broken Java ECDSA (Psychic Signatures) and a Bad Log4Shell Fix

2022-04-2632:44

[binary] Another iOS Bug and Edge Chakra Exploitation

2022-04-2155:33

[bounty] Taking Over an Internal AWS Service and an Interesting XSS Vector

2022-04-1922:28

[binary] A subtle iOS parsing bug and a PHP use-after-free

2022-04-1454:55

[bounty] A Double-Edged SSRF, Pritunl VPN LPE, and a NodeBB Vuln

2022-04-1226:11

[binary] FORCEDENTRY Sandbox Escape and NetFilter Bugs

2022-04-0742:33

[bounty] Spring4Shell, PEAR Bugs, and GitLab Hardcoded Passwords

2022-04-0501:02:10

[binary] Pwning WD NAS, NetGear Routers, and Overflowing Kernel Pages

2022-03-3132:23

[bounty] GitLab Arbitrary File Read and Bypassing PHP's filter_var

2022-03-2934:56

00:00

Linux Exploits, Secure Credentials, Side-Channels and Election(SDK) hacking

#box-pro-ellipsis-17667492442167{-webkit-line-clamp:2;}Linux Exploits, Secure Credentials, Side-Channels and Election(SDK) hacking

Linux Exploits, Secure Credentials, Side-Channels and Election(SDK) hacking

dayzerosec

Linux Exploits, Secure Credentials, Side-Channels and Election(SDK) hacking