- Technology
- SEE MORE
- classical
- general
- talk
- News
- Family
- Bürgerfunk
- pop
- Islam
- soul
- jazz
- Comedy
- humor
- wissenschaft
- opera
- baroque
- gesellschaft
- theater
- Local
- alternative
- electro
- rock
- rap
- lifestyle
- Music
- como
- RNE
- ballads
- greek
- Buddhism
- deportes
- christian
- piano
- djs
- Dance
- dutch
- flamenco
- social
- hope
- christian rock
- academia
- afrique
- Business
- musique
- ελληνική-μουσική
- religion
- World radio
- Zarzuela
- travel
- World
- NFL
- media
- Art
- public
- Sports
- Gospel
- st.
- baptist
- Leisure
- Kids & Family
- musical
- club
- Culture
- Health & Fitness
- True Crime
- Fiction
- children
- Society & Culture
- TV & Film
- gold
- kunst
- música
- gay
- Natural
- a
- francais
- bach
- economics
- kultur
- evangelical
- tech
- Opinion
- Government
- gaming
- College
- technik
- History
- Jesus
- Health
- movies
- radio
- services
- Church
- podcast
- Education
- international
- Transportation
- Other
- kids
- podcasts
- philadelphia
- Noticias
- love
- sport
- Salud
- film
- and
- 4chan
- Disco
- Stories
- fashion
- Arts
- interviews
- hardstyle
- entertainment
- humour
- medieval
- literature
- alma
- Cultura
- video
- TV
- Science
- en
Cross-Browser Tracking, Frag Attacks, and Malicious Rust Macros
A shorter episode, but some really cool vulns none-the-less, from mitigation bypassing on D-Link routers, to a new set of WiFi protocol design flaws.
\n\n[00:01:14] Security Vulnerability Detection Using Deep Learning Natural Language Processing
\n
- \n\t
- https://arxiv.org/abs/2105.02388v1
- https://samate.nist.gov/SARD/
\n
\n[00:08:12] Stealing secrets with Rust Macros proof-of-concept via VSCode
\n
- \n\t
- https://github.com/lucky/bad_actor_poc
\n
\n[00:13:21] [GitLab] RCE when removing metadata with ExifTool
\n
- \n\t
- https://hackerone.com/reports/1154542
- https://github.com/exiftool/exiftool/blob/11.70/lib/Image/ExifTool/DjVu.pm#L233
\n
\n[00:19:47] Terminal escape injection in AWS CloudShell
\n
- \n\t
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2154
- https://github.com/c9/core/blob/master/plugins/c9.ide.terminal/aceterm/libterm.js#L1276
\n
\n[00:23:54] Cross-browser tracking vulnerability in Tor, Safari, Chrome and Firefox
\n
- \n\t
- https://fingerprintjs.com/blog/external-protocol-flooding/
\n
\n[00:34:27] Fei Protocol Flashloan Vulnerability Postmortem
\n
- \n\t
- https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affb
- https://uniswap.org/docs/v2/smart-contract-integration/providing-liquidity/
\n
\n[00:44:46] One-click reflected XSS on Instagram
\n
- \n\t
- https://ysamm.com/?p=695
\n
\n[00:47:24] D-Link Vulnerability [CVE-2021-27342]
\n
- \n\t
- https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html
\n
\n[00:51:52] Experimental Security Assessment of Mercedes-Benz Cars
\n
- \n\t
- https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
- https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
\n
\n[01:01:08] FragAttacks: Fragmentation & Aggregation Attacks
\n
- \n\t
- https://github.com/vanhoefm/fragattacks
- https://www.youtube.com/watch?v=OJ9nFeuitIU
\n
\n[01:10:57] Dell \u2018dbutil_2_3.sys\u2019 Kernel Exploit [CVE-2021-21551]
\n
- \n\t
- https://connormcgarr.github.io/cve-2020-21551-sploit/
\n
\n[01:11:45] googleprojectzero/Hyntrospect
\n
- \n\t
- https://github.com/googleprojectzero/Hyntrospect
\n
\n[01:13:01] IDA Free w/ Cloud Decompiler Dropped
\n
- \n\t
- https://www.hex-rays.com/ida-free/
\n
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
\nOr the video archive on Youtube (@dayzerosec)