dayzerosec
Day[0]
A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.
Wo hören?
Podcasts in der App Replaio Radio Bald verfügbarPodcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts
Folgen
The Future 10.04.2026 1:20:07
After 283 episodes, this will be the final episode of the DAY[0] podcast. We started the podcast on a hopeful note in the days following Ghidra's release. Now, to end it off we've got another discussion about how we see the future of vulnerability research and exploit development going. We recorded this episode before all the hype around "Mythos" and Project Glasswing so it doesn...
Exploiting VS Code with Control Characters 12.05.2025 30:08
A quick episode this week, which includes attacking VS Code with ASCII control characters, as well as a referrer leak and SCIM hunting. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/282.html [00:00:00] Introduction [00:00:57] Attacking Hypervisors - Training Update [00:06:20] Drag and Pwnd: Leverage ASCII characters to exploit VS Code [00:12:12...
Mitigating Browser Hacking - Interview with John Carse (SquareX Field CISO) 22.04.2025 1:46:57
A special episode this week, featuring an interview with John Carse, Chief Information Security Officer (CISO) of SquareX. John speaks about his background in the security industry, grants insight into attacks on browsers, and talks about the work his team at SquareX is doing to detect and mitigate browser-based attacks.
Pulling Gemini Secrets and Windows HVPT 16.04.2025 1:33:22
A long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Windows new Hypervisor-enforced Paging Translation (HVPT). Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/280.html [00:00:00] Introduction [00:00:18] Doing the Due Diligence - Analyzing the Next.js Middleware...
Session-ception and User Namespaces Strike Again 01.04.2025 49:36
API hacking and bypassing Ubuntu's user namespace restrictions feature in this week's episode, as well as a bug in CimFS for Windows and revisiting the infamous NSO group WebP bug. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/279.html [00:00:00] Introduction [00:00:28] Next.js and the corrupt middleware: the authorizing artifact [00:06...
Extracting YouTube Creator Emails and Spilling Azure Secrets 24.03.2025 44:04
This episode features some game exploitation in Neverwinter Nights, weaknesses in mobile implementation for PassKeys, and a bug that allows disclosure of the email addresses of YouTube creators. We also cover some research on weaknesses in Azure. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/278.html [00:00:00] Introduction [00:00:35] Exploitin...
ESP32 Backdoor Drama and SAML Auth Bypasses 17.03.2025 1:14:08
Discussion this week starts with the ESP32 "backdoor" drama that circled the media, with some XML-based vulnerabilities in the mix. Finally, we cap off with a post on reviving modprobe_path for Linux exploitation, and some discussion around an attack chain against China that was attributed to the NSA. Links and vulnerability summaries for this episode are available at: https://dayzerosec...
Exploiting Xbox 360 Hypervisor and Microcode Hacking 12.03.2025 1:19:05
A very technical episode this week, featuring some posts on hacking the xbox 360 hypervisor as well as AMD microcode hacking. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/276.html [00:00:00] Introduction [00:00:15] Reversing Samsung's H-Arx Hypervisor Framework - Part 1 [00:10:34] Hacking the Xbox 360 Hypervisor Part 1: System Overview [00:21:...
Path Confusion and Mixing Public/Private Keys 03.03.2025 59:34
This week's episode features a variety of vulnerabilities, including a warning on mixing up public and private keys in OpenID Connect deployments, as well as path confusion with an nginx+apache setup. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/275.html [00:00:00] Introduction [00:19:00] The OOB Read zi Introduced [00:16:55] Mixing up Pub...
ZDI's Triaging Troubles and LibreOffice Exploits 25.02.2025 57:02
We discuss an 0day that was dropped on Parallels after 7 months of no fix from the vendor, as well as ZDI's troubles with responses to researchers and reproducing bugs. Also included are a bunch of filesystem issues, and an insanely technical linux kernel exploit chain. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/274.html [00:00:00] Intro...
Recycling Exploits in MacOS and Pirating Audiobooks 18.02.2025 1:17:06
We cover a comical saga of vulnerabilities and variants from incomplete fixes in macOS, as well as a bypass of Chrome's miraclePtr mitigation against Use-After-Frees (UAFs). We also discuss an attack that abuses COM hijacking to elevate to SYSTEM through AVG Antivirus, and a permissions issue that allows unauthorized access to DRM'd audiobooks. Links and vulnerability summaries for this episode ar...
Top 10 Web Hacking Techniques and Windows Shadow Stacks 12.02.2025 1:12:42
In this episode, we discuss the US government discloses how many 0ds were reported to vendors in a first-ever report. We also cover PortSwigger's top 10 web hacking techniques of 2024, as well as a deep dive on how kernel mode shadow stacks are implemented on Windows by Connor McGarr. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/272.html [...
Unicode Troubles, Bypassing CFG, and Racey Pointer Updates 04.02.2025 41:29
On the web side, we cover a portswigger post on ways of abusing unicode mishandling to bypass firewalls and a doyensec guide to OAuth vulnerabilities. We also get into a Windows exploit for a use-after-free in the telephony service that bypasses Control Flow Guard, and a data race due to non-atomic writes in the macOS kernel. Links and vulnerability summaries for this episode are available at: htt...
Deanonymization with CloudFlare and Subaru's Security Woes 27.01.2025 1:07:35
Zero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a technique leverages CloudFlare to deanonymize users on messaging apps. PortSwigger also publishes a post on the Cookie Sandwich technique, and Subaru's weak admin panel security allows tracking and controlling other people's vehicles. Links and vulnerability s...
Excavating Exploits and PHP Footguns 20.01.2025 1:12:18
This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excavating an exploit strategy from crash logs of an In-The-Wild campaign. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/269.html [00:00:00] Introduction [00:07:48] Attacking Hypervisors - From KVM to Mobile Sec...
WhatsApp vs. NSO and CCC Talks 14.01.2025 1:22:50
Specter and zi discuss their winter break, cover some interesting CCC talks, and discuss the summary judgement in the WhatsApp vs. NSO Group case. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/268.html [00:00:00] Introduction [00:09:53] 38C3: Illegal Instructions [00:35:38] WhatsApp v. NSO Group [01:04:06] Vulnerability Research Highlights 2024...
Buggy Operating Systems Are Coming to Town 16.12.2024 47:01
In our last episode of 2024, we delve into some operating system bugs in both Windows and Linux, as well as some bugs that are not bugs but rather AI slop. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/267.html [00:00:00] Introduction [00:06:48] Buffer Overflow Risk in Curl_inet_ntop and inet_ntop4 [00:19:20] Bypassing WAFs with the phantom $Ve...
Machine Learning Attacks and Tricky Null Bytes 09.12.2024 45:07
This week's episode contains some LLM hacking and attacks on classifiers, as well as the renewal of DMA attacks with SD Express and the everlasting problems of null bytes. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/266.html [00:00:00] Introduction [00:00:31] Hacking 2024 by No Starch [00:09:18] Announcing the Adaptive Prompt Injection Challe...
A Windows Keyhole and Buggy OAuth 02.12.2024 27:13
A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypass. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/265.html [00:00:00] Introduction [00:00:16] Attacking Hypervisors From KVM to Mobile Security Platforms [00:02:30] Keyhole [00:10:12] Drilling the redirect_u...
Linux Is Still a Mess and Vaultwarden Auth Issues 26.11.2024 52:18
Linux userspace is still a mess and has some bad bugs in root utilities, and Vaultwarden has an interesting auth bypass attack. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/264.html [00:00:00] Introduction [00:00:29] LPEs in needrestart [Ubuntu] [00:18:41] Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5 [00:...
FortiJump Higher, Pishi, and Breaking Control Flow Flattening 18.11.2024 1:00:38
This week, we dive into some changes to V8CTF, the FortiJump Higher bug in Fortinet's FortiManager, as well as some coverage instrumentation on blackbox macOS binaries via Pishi. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/263.html [00:00:00] Introduction [00:00:25] V8 Sandbox Bypass Rewards [00:25:39] Hop-Skip-FortiJump-FortiJump-Higher - Fo...
Static Analysis, LLMs, and In-The-Wild Exploit Chains 11.11.2024 1:22:02
Methodology is the theme of this week's episode. We cover posts about static analysis via CodeQL, as well as a novel blackbox binary querying language called QueryX. Project Zero also leverages Large Language Models to successfully find a SQLite vulnerability. Finally, we wrap up with some discussion on Hexacon and WOOT talks, with a focus on Clem1's In-The-Wild exploit chains insights via Google'...
Attacking Browser Extensions and CyberPanel 04.11.2024 58:18
In this week's episode, we talk a little bit about LLMs and how they can be used with static analysis. We also cover GitHub Security Blog's post on attacking browser extensions, as well as a somewhat controversial CyberPanel Pre-Auth RCE that was disclosed. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/261.html [00:00:00] Introduction [00:01:56...
Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation 29.10.2024 1:11:24
In this week's episode, Specter recaps his experiences at Hardwear. IO and a PS5 hypervisor exploit chain presented there. We also cover some of the recently released DEF CON 32 talks. After the conference talk, we get into some filesystem exploit tricks and how arbitrary file write can be taken to code execution in read-only environments. Links and vulnerability summaries for this episode are ava...
Zendesk's Email Fiasco and Rooting Linux with a Lighter 16.10.2024 50:26
In this week's episode, we cover the fiasco of a vulnerability in Zendesk that could allow intrusion into multiple fortune 500 companies. We also discuss a project zero blogpost that talks about fuzzing Dav1d and the challenges of fuzzing, as well as rooting Linux via EMFI with a lighter. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/259.html [...
Ähnliche Podcasts
Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet