Join Specter and zi at they discuss several named vulns (kr00k, Forgot2kEyXCHANGE, GhostCat), the benefits of DNS-over-HTTPS, and a a few vulns in some of our regular targets: Samsung drivers, NordVPN, OpenSMTPd.
[00:01:13] Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen
[00:06:13] Firefox continues push to bring DNS over HTTPS by default for US users
https://github.com/curl/curl/wiki/DNS-over-HTTPS
[00:19:07] Securing Memory at EPYC Scale
[00:26:30] How a Hacker's Mom Broke Into a Prison—and the Warden's Computer
[00:29:12] kr00k | ESET
[00:33:14] CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys
[00:37:41] CVE-2020-1938: Ghostcat vulnerability
[00:46:16] LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)
[00:55:43] Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance
https://hackerone.com/reports/374737
[01:00:30] x-request-id header reflected in server response without sanitization
[01:05:54] Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection
https://hackerone.com/valve/hacktivity
[01:12:56] Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition
[01:14:59] Samsung Kernel Arbitrary /dev/vipx / /dev/vertex kfree
[01:18:34] Samsung Kernel /dev/vipx Pointer Leak
[01:22:21] HFL: Hybrid Fuzzing on the Linux Kernel – NDSS Symposium
[01:30:32] Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors
[01:38:27] Evasion techniques
[01:39:31] Hacking Unicode Like a Boss
[01:43:05] Pwning VMware, Part 2: ZDI-19-421, a UHCI bug | nafod
[01:44:48] Intro to chrome's v8 from an exploit development angle
Watch Live on Twitch (@dayzerosec) at 3PM EST