Broadcasts.com - "Snooping YouTube History and Breaking State Machines" (Day[0])

Technology
SEE MORE
- classical
- general
- talk
- News
- Family
- Bürgerfunk
- pop
- Islam
- soul
- jazz
- Comedy
- humor
- wissenschaft
- opera
- baroque
- gesellschaft
- theater
- Local
- alternative
- electro
- rock
- rap
- lifestyle
- Music
- como
- RNE
- ballads
- greek
- Buddhism
- deportes
- christian
- piano
- djs
- Dance
- dutch
- flamenco
- social
- hope
- christian rock
- academia
- afrique
- Business
- musique
- ελληνική-μουσική
- religion
- World radio
- Zarzuela
- travel
- World
- NFL
- media
- Art
- public
- Sports
- Gospel
- st.
- baptist
- Leisure
- Kids & Family
- musical
- club
- Culture
- Health & Fitness
- True Crime
- Fiction
- children
- Society & Culture
- TV & Film
- gold
- kunst
- música
- gay
- Natural
- a
- francais
- bach
- economics
- kultur
- evangelical
- tech
- Opinion
- Government
- gaming
- College
- technik
- History
- Jesus
- Health
- movies
- radio
- services
- Church
- podcast
- Education
- international
- Transportation
- Other
- kids
- podcasts
- philadelphia
- Noticias
- love
- sport
- Salud
- film
- and
- 4chan
- Disco
- Stories
- fashion
- Arts
- interviews
- hardstyle
- entertainment
- humour
- medieval
- literature
- alma
- Cultura
- video
- TV
- Science
- en

Snooping YouTube History and Breaking State Machines

Published: Jan. 26, 2021, 11 p.m.

This week is a shorter episode, but still some solid bugs to look at. From a full chain Chrome exploit, to a Kindle chain from remote to root and a eBPF incorrect calculation leading to OOB read/write.

\n[00:00:41] Albicla launch clusterfuck
\n

https://www.reddit.com/r/programminghorror/comments/l25ppk/albicla_launch_clusterfuck/

\n[00:04:41] [NordVPN] RCE through Windows Custom Protocol on Windows client
\n

https://hackerone.com/reports/1001255

\n[00:09:00] Chaining Multiple bugs for Unauthenticated RCE in the SolarWinds Orion Platform
\n

https://www.thezdi.com/blog/2021/1/20/three-bugs-in-orions-belt-chaining-multiple-bugs-for-unauthenticated-rce-in-the-solarwinds-orion-platform

\n[00:18:50] The Embedded YouTube Player Told Me What You Were Watching (and more)
\n

https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/

\n[00:24:27] The State of State Machines
\n

https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html

https://bugs.chromium.org/p/project-zero/issues/detail?id=2085

\n[00:34:21] KindleDrip - From Your Kindle\u2019s Email Address to Using Your Credit Card
\n

https://medium.com/realmodelabs/kindledrip-from-your-kindles-email-address-to-using-your-credit-card-bb93dbfb2a08

\n[00:44:00] New campaign targeting security researchers
\n

https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/

\n[00:44:42] An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier
\n

https://www.thezdi.com/blog/2021/1/18/zdi-20-1440-an-incorrect-calculation-bug-in-the-linux-kernel-ebpf-verifier

\n[00:49:18] Chat Question: What do we think of HackTheBox
\n

https://hackthebox.eu

\n[00:53:51] Bad Pods: Kubernetes Pod Privilege Escalation
\n

https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation

\n[00:53:24] [Linux Kernel Exploitation 0x2] Controlling RIP and Escalating privileges via Stack Overflow
\n

https://blog.k3170makan.com/2021/01/linux-kernel-exploitation-0x2.html

https://pwn.college/modules/kernel

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)