Podcasts about 0days

In this edition of Between Two Nerds Tom Uren and The Grugq look at Google's review of 0days in 2023. They discuss what this kind of information tells us and how Google's perspective influences the report.

In this podcast, I interview Michael Ness about bug bounty automation and scaling 0 days to get multiple payouts for a single bug. We also talk about how to make the automation better and about some tips to upcoming bug hunters.

Guess who's back with a brand new ra..Podcast. Its Ed, Alex and Will! In this episode we bring you cyber news topics; LAPSUS$ hacking T-Mobile, Google/Mandiant 0day reports and Russian hackers new money laundering challenges. Topic of the week discusses breach notification, using Troy Hunt's recent fun with Avvo as an example. Secrets from the SOC is one of our favourites - We ask each other what SOC tools we WISH we had, that don't exist today. We would love to hear from you: info@hackableyou.com

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/ddr4-rowhammer-azure-bugs-essential-0days-and-backdoored-ida.html North Korea is at it again targeting researchers, 0day hoarding, breaching secure hardware, and fuzzing on this weeks episode. [00:01:15] Spot the Vuln - Beyond the Grave [00:03:50] ESET Research discovered a trojanized IDA Pro installer, distributed by the #Lazarus APT group [00:12:39] Why Zero-Days Are Essential to Security - Randori [00:29:32] Blacksmith - Rowhammer Returns [00:43:04] Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology [00:57:45] Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging stage-without-manifest denial of service vulnerability [01:04:53] Microsoft Azure Sphere Kernel GPIO_SET_PIN_CONFIG_IOCTL information disclosure vulnerability The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/ios-0days-apache-dubbo-rces-and-npm-bugs.html Some of Apple's XPC services are leaking information, Finder has an RCE, and some CodeQL use to find many RCEs in Apache Dubbo. [00:00:38] macOS Finder RCE [00:06:11] AWS WorkSpaces Remote Code Execution [CVE-2021-38112] [00:10:09] Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program [00:26:51] 5 RCEs in npm for $15,000 [00:42:32] Apache Dubbo: All roads lead to RCE The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

If you scroll through the headlines in cybersecurity, you will often see topics that grab the readers' attention. Correct me if I am wrong, but you've probably read a lot about State-sponsored APT attacks, ransomware, bug bounty programs, disclosure of 0Days, zero day usage, what color hat a hacker is. While I could go on with topics, I think that we are on the same page. One of the things that we often don't discuss when it comes to this topic is what is and what is NOT ethical. Subscribers to the Kaspersky Transatlantic Cable podcast may remember that this was a topic that David and I tapped into with Ivan Kwiatkowski discussed on a podcast a few weeks ago. Over the past few months, Ivan and I have been discussing this quite regularly and decided to hop into the topic in some more depth. After crossing all the T's and dotting the I's with our internal stakeholders, we were able to pull together a crew to discuss and debate some of the topics that play into this space. Our guests included my usual co-host David Buxton, Aseel Kayal and Runa Sandvik – make sure to follow these folks on the Twitter. During our near 2-hour conversation, we discuss a wide ranging of topics, including: • Competetive collaboration between infosec vendors • Disclosure • Role of government and private companies for user security • Attribution • Does threat intelligence help adversaries? • Governments hoarding 0days There is much more in there and will definitely help pique the interest of anyone working within the space.

Twitter: mpgn: https://twitter.com/mpgn_x64 itm4n: https://twitter.com/itm4n Blog: https://itm4n.github.io/ Github projects: PrivescCheck: https://github.com/itm4n/PrivescCheck FullPowers: https://github.com/itm4n/FullPowers PrintSpoofer: https://github.com/itm4n/PrintSpoofer

Twitter: mpgn: https://twitter.com/mpgn_x64 itm4n: https://twitter.com/itm4n Blog: https://itm4n.github.io/ Github projects: PrivescCheck: https://github.com/itm4n/PrivescCheck FullPowers: https://github.com/itm4n/FullPowers PrintSpoofer: https://github.com/itm4n/PrintSpoofer

Major DELTA from today and strange coincidence surrounding it, plus perhaps an explanation of the !0Days of Darkness phrase, New details about incoming DECLAS and Haspel and Wray working together to block it PLUS a MAJOR REVELATION from Burma regarding Joe Biden and BRIBES! Plus Kayleigh McEnany test positive. THIS CHANNEL HAS BEEN DEMONETIZED, YOU CAN STILL SUPPORT WITH OPTIONS BELOW & FIND ME ON OTHER PLATFORMS: Use the FREE Cash App: Try Cash App using my code, and you’ll get $10 when you send $5! Click here: https://cash.me/app/JLVVXLX If you already have it, use my special code” One time donation with Cash App: $RedPill78 ► Donate to RedPill78: http://www.Paypal.me/RedPill78News  SEND AS FRIENDS AND FAMILY - NO FEES - UNCHECK THE GOODS & SERVICES BOX ► https://www.subscribestar.com/redpill78 ► Patreon: https://www.patreon.com/RedPill78 NEW REDPILL78 AUDIO PODCAST - https://cms.megaphone.fm/channel/redpillnews?selected=REP4109872238 If you wish to send a check or money order you can make it out to RedPill78, address below LBRY is a new blockchain video host that auto uploads all my videos, plus if you join this free service using my link, the system gives me free crypto: https://lbry.tv/$/invite/@RedPill78:e Follow me once you're there @RedPill78 FOLLOW ME ON GAB: https://gab.com/RedPill78 Parler: https://parler.com/profile/Redpill78/posts https://www.brighteon.com/channels/redpill78 https://www.bitchute.com/channel/ckAsk0HlOn5w/ PLEASE SUB TO BACKUP CHANNELS! IF SOMETHING HAPPENS I WILL PUBLISH THERE! ► https://www.youtube.com/channel/UCsLJ4pNyJ_xWyYQK14vGaXw ► https://www.youtube.com/channel/UCBuQpiTmgB7swLEjnVn0rTQ ► New RedPill78 Merch Store: https://teespring.com/stores/redpill78 ► Donate to M3thods: http://www.paypal.me/M3thods ► Digital Asset Donations if you know Crypto: 1AGKFmLt7qEEDawXKPiSKfVyYXixjdbozW Bitcoin Donations qqg9e623rtqrcym9wer32zj6sclptxx6ey938hgd74 BitcoinCash Donations 0xd13399E491c78195ea576295439889891DAC7374 Ethereum Donations LU66sxkwgg8tWQnecvrLA4qaBrWXQLcYW8 LiteCoin Donations RedPill78@protonmail.com RedPill78 993 “C” S. Santa Fe Ave  #245 Vista, CA  92083 Some video elements provided by: https://creativecommons.org/licenses/by/4.0/ https://royaltyfreetube.com Music: Fri. & Sat. Night Live Intro: Night Stalker by Wave Saver Outro: Alienated by Elfl Occams Razor/Comfy Sunday: Sunset Drive by Future Joust Outro: Arctic Peach by Luwaks Red Pill News: Edge of Discovery by Big Business

Special Guest Inês Narciso (@IWN_LX) – Ines worked in the Portuguese Intelligence Service for 12 years. She started up doing OSINT in 2008 and later became an OSINT and online undercover operations project manager. In 2019, she joined Iscte Iul a Lisbon University where she teaches Digital Methods and conducts research on disinformation. Since then, she's also built a company that uses OSINT to find people's ancestors and build family trees. In her spare time, she also helps pro bono fellow journalists in Portugal and abroad in their investigations and women who have been a victim of revenge porn or intimate image abuse. People in this Episode Micah Hoffman (@webbreacher) Nico (@DutchOSINTGuy) Matthias Wilson (@mwosint) Nixintel Lorand Bodo Sector035 Ritu Gill (@OSINTTechniques) Links to what we discussed Protecting personal privacy against unauthorized deep learning models: https://sandlab.cs.uchicago.edu/fawkes/ Search for videos across 60 platforms: https://www.peteyvid.com/ Estimate the size of a crowd with this tool: https://www.mapchecking.com/ Twitter thread about the video conferencing platform Zoom: https://twitter.com/securitytrails/status/1284187387103457282 Great verification case study in French: https://ledesk.ma/desintox/le-bonimenteur-de-habanos-sa-encore-frappe-il-sest-paye-un-panama-paper/ Twitter search tricks: https://www.labnol.org/internet/twitter-search-tricks/13693/ Improved face detection software that even works on animals: https://www.omgubuntu.co.uk/2020/07/digikams-improved-face-detection-for-photos-even-works-on-animals Blog that has started dropping “0Days” with regards to the TOR project: https://www.hackerfactor.com/blog/index.php?/archives/888-Tor-0day-Stopping-Tor-Connections.html New Telegram update: https://telegram.org/blog/profile-videos-people-nearby-and-more Upcoming virtual OSINT Symposium between 10 and 13 October: https://www.osintsymposium.com/event-details/australian-osint-symposium-1 Self Promotion Learn more about Ines's work: https://medialab.iscte-iul.pt/ (in Portuguese with some English articles) The Open Source Intelligence Skills-building Conference (October 2020): https://www.osmosiscon.com/ German Open Source Intelligence Conference (GOCON): https://www.gosintcon.de/ – if you have any questions, reach out to Matthias (@mwosint) --- Support this podcast: https://anchor.fm/osintcurious/support

Are iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0]. [00:00:52] [UPDATE] Huawei HKSP Introduces Trivially Exploitable Vulnerability https://github.com/cloudsec/aksp/blob/master/hksp.patch [00:11:59] iOS one-click chains prices likely to drop https://www.hackasat.com/ [00:33:30] Defcon Quals 2020 https://hxp.io/blog/72/DEFCON-CTF-Quals-2020-notbefoooled/ [00:46:33] vBulletin 5.6.1 SQL Injection [00:52:52] Subdomain takeover of resources.hackerone.com [01:01:11] MyLittleAdmin PreAuth RCE [01:06:13] DOM-Based XSS at accounts.google.com by Google Voice Extension. [01:16:47] Playing with GZIP: RCE in GLPI [CVE-2020-11060] [01:36:24] Reverse RDP - The Path Not Taken [01:44:19] PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth [CVE-2020-1048] https://twitter.com/VbScrub/status/1260598344650539009 [01:53:34] Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently [02:00:29] Cloud WAF Comparison Using Real-World Attacks https://medium.com/fraktal/cloud-waf-comparison-part-2-e6e2d25f558chttps://en.wikipedia.org/wiki/Server_Side_Includes [02:18:20] Fuzzing TLS certificates from their ASN.1 grammar [02:22:25] DHS CISA and FBI share list of top 10 most exploited vulnerabilities Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0]) [00:05:23] Apple v. Corellium [00:12:04] Firefox to Discontinue Sideloaded Extensions [00:16:52] Delegated Credentials for TLS [00:23:02] North Korean Malware Found on Indian Nuclear Plant's Network [00:28:20] The Pirate Bay Downtime Caused by Malicious Search Queries [00:29:30] Web.com Breach (allegedly includes NetworkSolutions.com and Register.com) [00:32:28] BlueKeep attacks are happening, but it's not a worm https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/ [00:36:13] Untitled Goose Game - Insecure Deserialization [00:39:58] Two Chrome 0Days get Patched [00:42:45] NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114] [00:45:43] Abusing HTTP Hop-by-hop Request Headers [00:50:54] Let's Make Windows Defender Angry: Antivirus Can be an Oracle! -icchy https://en.wikipedia.org/wiki/EICAR_test_file [00:56:54] rConfig v3.9.2 authenticated and unauthenticated RCE (CVE-2019-16663) and (CVE-2019-16662) [01:02:26] Making an Invisibility Cloak: Real World Adversarial Attacks on Object Detectors [01:07:26] Silhouette: Efficient Intra-Address Space Isolation for Protected Shadow Stacks on Embedded Systems [01:19:46] unfork(2) [01:23:51] Destroying x86_64 instruction decoders with differential fuzzing https://github.com/zyantific/zydis

Armed with iOS 0days, hackers indiscriminately infected iPhones for two years, Google throws bug bounty bucks at mega-popular third-party apps, How MuleSoft patched a critical security flaw and avoided a disaster, Jack Dorsey's Twitter account got hacked, Attackers are exploiting vulnerable WP plugins to backdoor sites, and much more! We then talk with Larry Alston, who is the GM of Cloud at Tufin. He will be talking about developing and enforcing security policies in the cloud. To learn more about Tufin, visit: https://securityweekly.com/tufin Full Show Notes: https://wiki.securityweekly.com/HNNEpisode232 Visit http://hacknaked.tv to get all the latest episodes!

Watch the DAY[0] podcast live on Twitch every Monday afternoon at 12:00pm PST (3:00pm EST) -- https://www.twitch.tv/dayzerosec [00:00:37] - Huawei Cyber Security Evaluation Report [00:14:22] - Assange Arrest [00:24:55] - Matrix Compromise [00:32:20] - Outlook Compromise [00:43:39] - Ghidra Source Release [00:49:18] - Relyze 3 Beta (Another Free Decompiler) [00:56:30] - Fracker (New PHP Tool) [01:01:11] - Discussion about EncryptCTF and challenge design [01:25:24] - Dragonblood/WPA3 Vulnerabilities [01:32:21] - CVE-2019-0211 Apache Root Privilege Escalation [01:41:27] - Detailing of CVE-2019-1636 and CVE-2019-6739 in QT [01:49:47] - Splitting Atoms in XNU [02:06:39] - PostgreSQL is it a CVE? [02:11:41] - RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks [02:26:45] - The ROP Needle: Hiding Trigger-based Injection Vectors via Code Reuse [02:29:30] - Assessing Unikernel Security

This week, a Severe RCE vulnerability affected popular StackStorm Automation software, Crowdfense is willing to pay $3 Million for iOS and Android Zero-Days, Equifax neglected cyber security prior to breach, Google launches new Cloud Security services, and an unprotected MongoDB instance exposes 800 million emails! Jason Wood from Paladin Security joins us for expert commentary on how a researcher claims an Iranian APT is behind a 6TB Data Heist at Citrix!   Full Show Notes: https://wiki.securityweekly.com/HNNEpisode210 Visit https://www.securityweekly.com/hnn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Severe RCE vulnerability affected popular StackStorm Automation software, Crowdfense is willing to pay $3 Million for iOS and Android Zero-Days, Equifax neglected cyber security prior to breach, Google launches new Cloud Security services, and an unprotected MongoDB instance exposes 800 million emails! Jason Wood from Paladin Security joins us for expert commentary on how a researcher claims an Iranian APT is behind a 6TB Data Heist at Citrix! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode210 Visit http://hacknaked.tv to get all the latest episodes!

This week, a Severe RCE vulnerability affected popular StackStorm Automation software, Crowdfense is willing to pay $3 Million for iOS and Android Zero-Days, Equifax neglected cyber security prior to breach, Google launches new Cloud Security services, and an unprotected MongoDB instance exposes 800 million emails! Jason Wood from Paladin Security joins us for expert commentary on how a researcher claims an Iranian APT is behind a 6TB Data Heist at Citrix!   Full Show Notes: https://wiki.securityweekly.com/HNNEpisode210 Visit https://www.securityweekly.com/hnn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Welcome to another episode of Hack Naked TV recorded December 17th 2015. Aaron talks about the FBI using 0-Days, Drone Registration, Root DNS attack, and RCE in FireEye.

Welcome to another episode of Hack Naked TV recorded December 17th 2015. Aaron talks about the FBI using 0-Days, Drone Registration, Root DNS attack, and RCE in FireEye.