- Technology
- SEE MORE
- classical
- general
- talk
- News
- Family
- Bürgerfunk
- pop
- Islam
- soul
- jazz
- Comedy
- humor
- wissenschaft
- opera
- baroque
- gesellschaft
- theater
- Local
- alternative
- electro
- rock
- rap
- lifestyle
- Music
- como
- RNE
- ballads
- greek
- Buddhism
- deportes
- christian
- piano
- djs
- Dance
- dutch
- flamenco
- social
- hope
- christian rock
- academia
- afrique
- Business
- musique
- ελληνική-μουσική
- religion
- World radio
- Zarzuela
- travel
- World
- NFL
- media
- Art
- public
- Sports
- Gospel
- st.
- baptist
- Leisure
- Kids & Family
- musical
- club
- Culture
- Health & Fitness
- True Crime
- Fiction
- children
- Society & Culture
- TV & Film
- gold
- kunst
- música
- gay
- Natural
- a
- francais
- bach
- economics
- kultur
- evangelical
- tech
- Opinion
- Government
- gaming
- College
- technik
- History
- Jesus
- Health
- movies
- radio
- services
- Church
- podcast
- Education
- international
- Transportation
- Other
- kids
- podcasts
- philadelphia
- Noticias
- love
- sport
- Salud
- film
- and
- 4chan
- Disco
- Stories
- fashion
- Arts
- interviews
- hardstyle
- entertainment
- humour
- medieval
- literature
- alma
- Cultura
- video
- TV
- Science
- en
[bounty] Web Hackers vs. Cars and a Facebook Account Takeover
First episode of the new year, and we've got some cool stuff. Several authentication issues and "class pollution" in Python.
\nLinks and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/177.html
\n[00:00:00] Introduction
\n[00:00:31] ReDoS "vulnerabilities" and misaligned incentives
\n[00:17:14] Web Hackers vs. The Auto Industry
\n[00:37:19] Prototype Pollution in Python
\n- Correction: We discuss a bit of a disagreement regarding calling the issue "Prototype Pollution" in Python, turns out we missed the fact the author calls it "Class Pollution" in the actual article which is a more fitting name.
\n[00:50:26] [MK8DX] Improper verification of Competition creation allows to create "Official" competitions
\n[00:56:36] 0 click Facebook Account Takeover and Two-Factor Authentication Bypass
\n[01:01:18] How SAML works and some attacks on it
\nThe DAY[0] Podcast episodes are streamed live on Twitch twice a week:
\n-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
\n-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
\nWe are also available on the usual podcast platforms:
\n-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
\n-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
\n-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
\n-- Other audio platforms can be found at https://anchor.fm/dayzerosec
\nYou can also join our discord: https://discord.gg/daTxTK9