A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.
…
continue reading
Join CovertSwarm and special guests, as they discuss the latest Cyber Security news, trends, 0-day exploits and research. www.covertswarm.com
…
continue reading
The show that decrypts the secrets of offensive cybersecurity, one byte at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.
…
continue reading
The Cyber Consulting Room Podcast and Meetup Network is your gateway to a world of knowledge and collaboration in the ever-evolving realm of cyber security and consulting. Our podcast, hosted by Gordon Draper, brings you in-depth interviews with industry leaders, experts, and trailblazers, offering invaluable insights, strategies, and experiences. From award-winning professionals to those paving the way for diversity in the field, we delve into the most pressing issues and emerging trends. B ...
…
continue reading
Want to learn about all of the latest security tools and techniques? This is the show for you! We show you how to install, configure and use a wide variety of security tools for both offense and defense. Whether you are a penetration tester or defending enterprise networks, this show will help you
…
continue reading
Global Bob who is a cyber security expert and political science hobbyist brings you a show that fuses these topics together to explain in simple terms the interaction between the two. He uses his years of experience in both the government, commercial and private sector to give a unique perspective on these topics.
…
continue reading
Want to learn about all of the latest security tools and techniques? This is the show for you! We show you how to install, configure and use a wide variety of security tools for both offense and defense. Whether you are a penetration tester or defending enterprise networks, this show will help you!
…
continue reading
1
Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation
1:11:24
1:11:24
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
1:11:24
In this week's episode, Specter recaps his experiences at Hardwear.IO and a PS5 hypervisor exploit chain presented there. We also cover some of the recently released DEF CON 32 talks. After the conference talk, we get into some filesystem exploit tricks and how arbitrary file write can be taken to code execution in read-only environments. Links and…
…
continue reading
1
#20 What it REALLY Takes to Pass OSCP (and What They Don’t Tell You) ft. Trent Miller
36:40
36:40
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
36:40
Kyser Clark interviews Trent Miller, a cybersecurity professional with a diverse background in IT and security roles. They discuss Trent's career journey, the challenges of breaking into cybersecurity, the importance of networking, and insights on certifications like OSCP. Trent shares his experiences with the job market, the reality of skill short…
…
continue reading
1
Attacking Browser Extensions and CyberPanel
58:18
58:18
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
58:18
In this week's episode, we talk a little bit about LLMs and how they can be used with static analysis. We also cover GitHub Security Blog's post on attacking browser extensions, as well as a somewhat controversial CyberPanel Pre-Auth RCE that was disclosed. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/…
…
continue reading
1
#19 Beating the Odds in Cybersecurity: What It Really Takes ft. James Scott
35:39
35:39
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
35:39
Kyser Clark interviews James Scott, a cybersecurity professional with a diverse background in the military and digital forensics. They discuss James's journey into penetration testing, the challenges he faced in landing his first role, and the importance of networking and creating personal tools. The conversation also covers the significance of pro…
…
continue reading
1
#18 16 Years in IT, Now a Fortune 100 Pentester: 0xD1CE Shares His Journey
30:16
30:16
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
30:16
Kyser Clark interviews 0xD1CE, a seasoned penetration tester, who shares his extensive journey from IT to cybersecurity. 0xD1CE discusses his various roles, certifications, and the impact of COVID on his career shift. The conversation gets into the differences between consulting and internal roles, the value of certain cybersecurity certifications,…
…
continue reading
1
Episode 14: Bridging the Gap: How to Make Cybersecurity Relevant to Business Leaders with Simona Dimovski
1:00:00
1:00:00
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
1:00:00
Did you know that Australian businesses are facing a rapidly evolving cybersecurity landscape? In this episode of the Cyber Consulting Room podcast, host Gordon Draper interviews cybersecurity expert Simona Dimovski. Simona shares her journey into the field, emphasizing the importance of understanding business strategy and the human element in tech…
…
continue reading
1
Episode 31 - Insights From A Former State-Sponsored Hacker
48:14
48:14
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
48:14
In this episode, explore the most significant cyber threats impacting businesses today. From emerging risks to the persistent attack vectors that continue to catch companies off-guard, we’ll cover it all in a dynamic and insightful discussion. Join our host, Will Morrish, as he chats with Dahvid Schloss, Swarm Leader and former State-Sponsored Hack…
…
continue reading
1
Zendesk's Email Fiasco and Rooting Linux with a Lighter
50:26
50:26
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
50:26
In this week's episode, we cover the fiasco of a vulnerability in Zendesk that could allow intrusion into multiple fortune 500 companies. We also discuss a project zero blogpost that talks about fuzzing Dav1d and the challenges of fuzzing, as well as rooting Linux via EMFI with a lighter. Links and vulnerability summaries for this episode are avail…
…
continue reading
1
#17 Unpacking Bug Bounty Strategies with RootSploit: Zero Days, Recon, and Vulnerabilities
37:18
37:18
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
37:18
Cybersecurity professionals Kyser Clark and Pranit Garud (RootSploit) discuss their experiences in the field. They cover topics such as bug bounty programs, the role of an offensive security engineer, and the differences between consulting and working for a Fortune 500 company. Pranit shares tips for getting started in bug bounty hunting and emphas…
…
continue reading
1
#16 Why Cybersecurity Is Stressful and How to Succeed with Opeyemi Kolawole (Hacking Insights)
38:56
38:56
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
38:56
Kyser Clark interviews Opeyemi Kolawole, a full-time red teamer and cybersecurity professional. They discuss Opeyemi's background in biology and his transition into the cybersecurity field. Opeyemi shares his experience and insights on various certifications, including the Cyberwarfare Lab Certified Red Team Analyst (CPTA) and the importance of sta…
…
continue reading
1
Summer Recap: Phrack, Off-by-One, and RCEs
54:11
54:11
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
54:11
In our summer recap, we discuss Phrack's latest issue and talks from the new Off-by-One conference. We also cover some interesting bugs, such as a factorio lua RCE and another RCE via iconv. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/258.html [00:00:00] Introduction [00:01:06] Getting Started…
…
continue reading
1
#15 From Zero to Hero: How Anyone Can Succeed in Cybersecurity
34:28
34:28
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
34:28
In this solo episode, Kyser Clark discusses the accessibility of cybersecurity careers, emphasizing that anyone can enter the field regardless of their background. He shares his personal journey from blue-collar jobs to becoming a penetration tester, highlighting the importance of certifications and continuous learning. Kyser provides actionable st…
…
continue reading
1
Attack of the CUPS and Exploiting Web Views via HSTS
1:08:09
1:08:09
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
1:08:09
In this week's episode, we cover an attack utilizing HSTS for exploiting Android WebViews and abusing YouTube embeds in Google Slides for clickjacking. We also talk about the infamous CUPS attack, and the nuances that seem to be left behind in much of the discussion around it. Links and vulnerability summaries for this episode are available at: htt…
…
continue reading
1
Episode 30 - CovertSwarm Academy: End of First Year
46:32
46:32
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
46:32
Join our host and Academy Hive Leader, Iain Jackson, as he sits down with Phill and Joao, members of the inaugural CovertSwarm Academy intake. In this episode, they reflect on their transformative journey and share insights from their successful first year at the Academy. Thanks for listening! Follow us on LinkedIn.…
…
continue reading
1
#14 Social Engineering Unleashed: DEF CON Insights from Jacob Villarreal
34:24
34:24
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
34:24
Kyser Clark interviews Jacob Villarreal, a penetration tester, about his journey into the cybersecurity field, his experiences at DEFCON, and various topics related to cybersecurity. Jacob shares his background, including his education, certifications, and transition from IT roles to penetration testing. The discussion covers the importance of netw…
…
continue reading
1
Future of the Windows Kernel and Encryption Nonce Reuse
33:52
33:52
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
33:52
In this week's episode, we discuss Microsoft's summit with vendors on their intention to lock down the Windows kernel from endpoint security drivers and possibly anti-cheats. We also talk cryptography and about the problems of nonce reuse. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/256.html […
…
continue reading
1
Episode 13: The Greatest Insights from Black Hat USA and DEF CON 2024
54:05
54:05
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
54:05
Are cybersecurity conferences just another industry event, or are they the driving force behind the next big leap in the field? When you think about the future of cybersecurity, do you consider the role of gatherings like Black Hat USA and DEF CON? In this episode of the Cyber Consulting Room podcast, host Gordon Draper explores the recent Black Ha…
…
continue reading
1
#13 Hacking Time: Real World Skills They Don't Teach You | Trent Darrow
39:32
39:32
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
39:32
Kyser Clark interviews Trent Darrow, a senior penetration tester and cyber protection team crew lead. They discuss Trent's background, certifications, and his role in building a red team. They also touch on ethical dilemmas in the industry, the effectiveness of certifications in preparing for real-world pen testing, and the importance of skills lik…
…
continue reading
1
Iterating Exploits & Extracting SGX Keys
53:44
53:44
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
53:44
We are back and testing out a new episode format focusing more on discussion than summaries. We start talking a bit about the value of learning hacking by iterating on the same exploit and challenging yourself as a means of practicing the creative parts of exploitation. Then we dive into the recent Intel SGX fuse key leak, talk a bit about what it …
…
continue reading
1
#12 Why OSCP Might Not Be Worth It - A Surprising Take by Evan Isaac
37:52
37:52
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
37:52
Kyser Clark and Evan Isaac discuss their experiences and insights in cybersecurity. They cover topics such as certifications, content creation on LinkedIn, web hacking resources, job searching advice, and the importance of offensive and defensive cybersecurity skills. Connect with Evan Isaac on LinkedIn: https://www.linkedin.com/in/evan-isaac/ Take…
…
continue reading
1
#11 Stay Creative Together: Insights from Nouha Ben Brahim
34:26
34:26
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
34:26
Kyser Clark interviews Nouha Ben Brahim, a Python programmer turned bug bounty hunter and founder of No Breach. They discuss Nouha's journey into cybersecurity, the most concerning cyber breach, common web hacking vulnerabilities, becoming a speaker at events, starting a cybersecurity company, and Nouha's podcast, The Hackers Line. Connect with Nou…
…
continue reading
1
#10 Breaking into Cybersecurity: Tips from a Pro ft. Jake Mayhew
39:04
39:04
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
39:04
In this conversation, Kyser Clark interviews Jake Mayhew, a senior penetration tester, about his background and experiences in cybersecurity. They discuss the importance of internships, the value of creating a home lab, and the benefits of networking at local conferences and meetups. Jake also shares advice for job seekers, including the significan…
…
continue reading
1
Episode 29 - DEF CON: Las Vegas Special
26:20
26:20
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
26:20
Earlier this month, our Swarm of ethical hackers attended DEF CON 32 in Las Vegas, one of the most anticipated events in the hacking community. On this episode, join our Head of People and Culture and host, Ellie Lancaster, as she interviews our colleagues Faith, Alex, and Joao about their standout moments from the event. Learn about the different …
…
continue reading
1
#9 Red Teaming & Malware Development ft. Nathan Rice
35:04
35:04
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
35:04
In this conversation, Kyser Clark interviews Nathan Rice, a senior penetration tester, about his background and experience in cybersecurity. They discuss the differences between penetration testing and red team operations, the importance of starting with penetration testing before moving to red teaming, and the challenges and rewards of obtaining c…
…
continue reading
1
Episode 12: How Secure Is Your Digital Life? The Alarming Reality of Tech Trust Issues
45:46
45:46
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
45:46
Can we ever truly trust the technology that runs our lives? Think about it: every time we use a phone, share a photo, or shop online, we’re putting a lot of trust in these digital systems. But how safe are they? In this episode of the Cyber Consulting Room podcast, host Gordon Draper continues his conversation with Helen Patton, a distinguished cyb…
…
continue reading
1
#8 Cybersecurity Is a Beautiful Field: There's People That Don't Like Me ft. Aaron Tran
35:14
35:14
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
35:14
Kyser Clark interviews Aaron Tran, a military veteran who successfully transitioned into a career in cybersecurity. They discuss Aaron's journey from the military to becoming a penetration tester, the challenges he faced, and the steps he took to bridge the gap between non-cyber and cyber roles. They also touch on the importance of having a plan an…
…
continue reading
1
#7 Think Outside the Box to Land First Pentesting Job ft. Ryan Daub
32:28
32:28
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
32:28
In this conversation, Kyser Clark interviews Ryan Daub, an Offensive Security Analyst Associate, about his journey in cybersecurity and his current role as an internal penetration tester for healthcare organizations. They discuss topics such as landing a job in cybersecurity, the role of AI in penetration testing, the differences between internal a…
…
continue reading
1
#6 Is AI Going to Cause Bad Stuff? Of Course, Everything Does ft. Mike Finkel
31:33
31:33
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
31:33
In this conversation, Kyser Clark interviews Mike Finkel, a penetration tester, about his background and experiences in the cybersecurity field. They discuss certifications, the importance of customer service skills in pentesting, and the role of AI in the industry. Mike shares his hot take on AI, expressing his excitement for its potential in pent…
…
continue reading
1
Episode 28 - DEF CON: Badge Life
40:58
40:58
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
40:58
Those of you at DEF CON 31 might remember the badges our swarm members had. Well, this year, we've got something even better! With DEF CON 32 around the corner, we are ready to introduce the team behind the awesome badge we will bring to the event. Meet our host and Head of People and Culture, Ellie Lancaster, as she discusses with Paul, John, and …
…
continue reading
1
#5 Pay It Forward ft. George Raileanu
39:24
39:24
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
39:24
In this conversation, George Raileanu discusses the importance of mentoring, strategies for finding a mentor, and the benefits of building a strong network in cybersecurity. He also shares advice on continuous learning, dealing with imposter syndrome and burnout, and the value of paying it forward in the industry. Connect with George Raileanu on Li…
…
continue reading
1
Episode 11: Cultivating a People-Centric Approach to Cybersecurity with Helen Patton
45:12
45:12
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
45:12
Did you know that your organization's security culture could be its strongest defense—or its weakest link? In today's digital landscape, where cyber threats lurk around every corner, relying solely on technological safeguards isn't enough. Building a resilient security culture within your organization is paramount. This episode of The Cyber Consult…
…
continue reading
1
#4 A Vulnerability Assessment Isn't a Pentest ft. Kristofer Johnson
36:26
36:26
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
36:26
Kyser Clark and Kristopher Johnson's conversation covers various topics related to offensive security, certifications, career progression, and distinguishing between vulnerability assessments and penetration tests. Kristopher shares his journey into offensive security, his challenges, and the importance of continuous learning and perseverance. The …
…
continue reading
1
#3 Best Way to Learn Active Directory Hacking Skills ft. Robert O’Connor
39:17
39:17
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
39:17
The conversation between Kyser Clark and Robert O'Connor covers a wide range of topics related to penetration testing, certifications, career progression, and personal experiences in the cybersecurity field. Robert shares insights on his journey from IT intern to senior analyst to penetration tester, discussing certifications, specialization in Act…
…
continue reading
1
#1 Do Something Great in the World ft. Joshua Ragland
36:57
36:57
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
36:57
The conversation covers a wide range of topics related to cybersecurity, including the background and career journey of the guest, the importance of offensive security, the cybersecurity skills shortage, strategies for excelling in CTF competitions, and the correlation between cybersecurity and everyday life. The guest also shares insights on preve…
…
continue reading
1
#2 Transition From Pentester to Senior Pentester ft. Adolfo (Val) Vask
37:05
37:05
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
37:05
Adolfo (Val) Vask, a seasoned cybersecurity professional, shares insights on his journey from intelligence analysis to penetration testing and red teaming. He discusses certifications, the MetaSploit Pro Specialist, the relevance of education in cybersecurity, and the transition from penetration tester to senior penetration tester. He also provides…
…
continue reading
1
#0 Security Is Not Everybody’s Responsibility
30:23
30:23
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
30:23
In this episode, I introduce myself, Kyser Clark, and share my background in cybersecurity. I talk about my experience as a client systems technician in the United States Air Force and my transition into penetration testing. I also discuss my certifications and educational background in cybersecurity. I explain the purpose of this podcast, which is…
…
continue reading
1
Episode 27 - From America's Insurance Capital: Let's Talk About Fraudsters
25:54
25:54
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
25:54
The YOU DESERVE TO BE HACKED™ slogan has reached Hartford, the insurance capital of North America, to challenge the cybersecurity approach of CISOs in the industry. On this episode, listen to our host and CRO, Will Morrish, and Ilan Fehler, our first hired member in the US, as they explore the type of fraud companies are exposed to, what we have le…
…
continue reading
1
Cyber Consulting Room - Episode 10 Akshaye Kalkura - Consulting Around The World
30:01
30:01
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
30:01
In this episode of the Cyber Consulting Room podcast, host Gordon Draper interviews Akshaye Kalkura, a cybersecurity leader from Consulting Firm Razilio with extensive experience in the field. Akshaye discusses his journey into cybersecurity, his education and certifications, and the challenges of hiring the right consultants. He also shares his ex…
…
continue reading
1
Episode 26 - Understanding DORA and NIS2
32:23
32:23
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
32:23
Listen to our host and Swarm Director, Louis Blackburn, as he discusses with our new Hive Member, Ben Stickland, their interpretation of DORA (Digital Operational Resilience Act) and NIS2 (Network and Information Security Directive 2) and how they will help financial entities and critical infrastructure sectors to strengthen their cybersecurity pos…
…
continue reading
1
Cyber Consulting Room - Episode 9 - David Jorm
39:50
39:50
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
39:50
In this episode of the Cyber Consulting Room podcast, host Gordon Draper interviews cybersecurity veteran David Jorm. David Jorm discusses his journey into cybersecurity, his experience in the industry, and his passion for nurturing new talent. He shares stories from his consulting career, including pen testing a plane and working on what may have …
…
continue reading
1
Memory Corruption: Best Tackled with Mitigations or Safe-Languages
58:23
58:23
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
58:23
Memory corruption is a difficult problem to solve, but many such as CISA are pushing for moves to memory safe languages. How viable is rewriting compared to mitigating? Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/254.html [00:00:00] Introduction [00:01:12] Clarifying Scope & Short/Long Term [0…
…
continue reading
1
Episode 25 - SwarmCon 7 at Bletchley Park
30:35
30:35
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
30:35
Immersed in the world of cryptography, WWII espionage and the remarkable story behind Alan Turing and his team's groundbreaking efforts to crack the Nazi encryption system, the Enigma code, our Swarm came from all over the world to share, learn and collaborate with each other. On this episode of our podcast, our host and new Head of People and Cult…
…
continue reading
1
Cyber Consulting Room - Episode 8 - Mark Nicholls
1:29:32
1:29:32
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
1:29:32
Mark Nicholls, CEO of Information Professionals Group, shares his insights and advice on cybersecurity and information security. He emphasizes the importance of learning from mistakes and taking an iterative approach to career development. Nicholls also highlights the significance of threat and risk assessments in cybersecurity decision-making. He …
…
continue reading
1
[discussion] A Retrospective and Future Look Into DAY[0]
1:03:55
1:03:55
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
1:03:55
Change is in the air for the DAY[0] podcast! In this episode, we go into some behind the scenes info on the history of the podcast, how it's evolved, and what our plans are for the future. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/253.html [00:00:00] Introduction[00:01:30] Early days of the …
…
continue reading
1
Cyber Consulting Room - Episode 7 - Prashant Mahajan, Amy Nightingale, John Gerardos
23:22
23:22
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
23:22
Welcome to the Cyber Consulting Room podcast, where host Gordon Draper leads engaging discussions with cybersecurity experts Prashant Mahajan, Amy Nightingale, and John Gerardos. In this episode, the panel delves into the ethical considerations guiding cybersecurity consultants, the essential skills and attributes sought in hiring processes, and th…
…
continue reading
1
Episode 24 - Initial Access Brokers
34:43
34:43
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
34:43
On this episode meet our CEO, Anders Reeves, as he interviews Swarm Director, Louis Blackburn, on the topics of the 'Cyber Kill Chain' and how 'Initial Access Brokers' (IAB) play a key role in enabling mass negative impact by threat actors seeking to deploy Ransomware, and more. Watch on YouTube! Thanks for listening! Follow us on LinkedIn.…
…
continue reading
1
[binary] Bypassing KASLR and a FortiGate RCE
29:47
29:47
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
29:47
Bit of a lighter episode this week with a Linux Kernel ASLR bypass and a clever exploit to RCE FortiGate SSL VPN. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/252.html [00:00:00] Introduction [00:00:29] KASLR bypass in privilege-less containers [00:13:13] Two Bytes is Plenty: FortiGate RCE with…
…
continue reading
1
[bounty] RCE'ing Mailspring and a .NET CRLF Injection
43:19
43:19
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
43:19
In this week's bounty episode, an attack takes an XSS to RCE on Mailspring, a simple MFA bypass is covered, and a .NET CRLF injection is detailed in its FTP functionality. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/251.html [00:00:00] Introduction [00:00:20] Making Desync attacks easy with TR…
…
continue reading
1
[binary] Future of Exploit Development Followup
46:41
46:41
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
46:41
In the 250th episode, we have a follow-up discussion to our "Future of Exploit Development" video from 2020. Memory safety and the impacts of modern mitigations on memory corruption are the main focus.
…
continue reading
1
[bounty] libXPC to Root and Digital Lockpicking
45:35
45:35
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
45:35
In this episode we have an libXPC root privilege escalation, a run-as debuggability check bypass in Android, and digital lockpicking on smart locks. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/249.html [00:00:00] Introduction [00:00:21] Progress OpenEdge Authentication Bypass Deep-Dive [CVE-20…
…
continue reading