Podcasts about crlf

Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deception, leaking window location, self-stored XSS, and much more.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount. Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources:Even BetterNahamSec's 5 Week ProgramNahamCon NewsCSS Injection ResearchTimestamps:(00:00:00) Introduction(00:03:31) Caido's New Features(00:15:20) Nahamcon News and 5 week Bootcamp and pentest opportunity(00:19:54) HTML Injection, CSS Injection, and Clickjacking(00:33:11) Image Injection(00:37:19) Open Redirects, Client-side path traversal, and Client-side Open Redirect(00:49:51) Leaking window.location.href(00:57:15) Cookie refresh gadget(01:01:40) Stored XXS(01:09:01) CRLF Injection(01:13:24) 'A Place To Stand' in GraphQL and ID Oracle(01:18:23) Auth gadgets, Web Cache Deception, & LocalStorage poisoning(01:27:46) Cookie Injection & Context Breaks

A few varied issues this week, exploiting an apparently unexploitable CRLF injection, organization secrets exposure in GitHub, and a Jenkins XSS. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/195.html [00:00:00] Introduction [00:00:25] Abusing Hop-by-Hop Header to Chain A CRLF Injection Vulnerability [00:04:26] HubSpot Full Account Takeover in Bug Bounty [00:12:22] Unauthorized access to organization secrets in GitHub [00:17:39] CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE [00:26:37] Firefly: a smart black-box fuzzer for web applications testing [00:29:27] EJS - Server Side Prototype Pollution gadgets to RCE The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Parameter pollution for an auth bypass, SQL injection in an ORM, CRLF injection for a WAF bypass...this episode has a great mix of issues. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/191.html [00:00:00] Introduction [00:00:26] OpenEMR - Remote Code Execution in your Healthcare System [00:10:13] Vulnerability write-up - "Dangerous assumptions" [00:18:05] Chat Question: How do we find topics for the podcast? [00:19:22] Exploiting Parameter Pollution in Golang Web Apps [00:24:10] Using CRLF Injection to Bypass a Web App Firewall [00:34:17] Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml Fujitsu Centricstor Vulnerability https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/ Meeting Owl Vulnerablities https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf

TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml Fujitsu Centricstor Vulnerability https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/ Meeting Owl Vulnerablities https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf

In this Conservation Conversations episode we talk with Dr. Katy Delaney, a Wildlife Ecologist for the National Park Service at the Santa Monica National Recreation Area in Los Angeles California. Among the many things she does, she has been in charge of the reintroduction of CA Red Legged Frogs into local streams. A federally threatened species listed under the endangered species act, the CRLF, has lost most of its historical habitat throughout CA and Baja. Their reintroduction into the streams of coastal California and Baja is essential to the survival of the species. Enjoy! This episode is brought to you in part by our sponsor Tidal Influence, a Californian ecological consulting firm who proudly supports environmental education and all of the diverse conservation efforts that Pelecanus works to highlight. Visit their website at www.tidalinfluence.com to learn more about what they do to conserve our coastal resources and how you can get involved All podcasts can be found at Pelecanus.org, Soundcloud, iTunes, Spotify, Stitcher, Amazon Podcasts, and Google Podcasts. New Conservation Conversations can be found on YouTube as well! Host: Austin Parker Producers: Austin Parker and Taylor Parker Music provided by: A Picture Book

Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is Broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, Keith and Paul interview Rey Bango, Security Advocate for Microsoft! Rey is focused on helping the community build secure systems & being a voice for researchers within MS! In the Application Security News, Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is Broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, Keith and Paul interview Rey Bango, Security Advocate for Microsoft! Rey is focused on helping the community build secure systems & being a voice for researchers within MS! In the Application Security News, Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Aufbau HL7v2 Der Frühling ist da! Die Vögel zwitschern und die üblichen eHealth-Protagonisten nehmen sich in diesem eHealth-Podcast endlich eines Themas an, das vermutlich schon viel früher erwartet wurde: HL7 DER weltweite Kommunikationsstandard im Gesundheitswesen war bisher noch nicht explizit Thema in diesem Podcast. Grund ist sicherlich auch, dass Renato und Christian Respekt hatten, dieses doch sehr technische Thema ohne visuelle Unterstützung zu erläutern.. In diesem eHealth-Podcast wird erst die Organisation HL7 erläutert und dann HL7v2 erklärt, der vermutlich in jedem Krankenhaus in Europa im Einsatz ist. Nach dem Podcast sollte der Hörer den Unterschied zwischen Nachrichtentypen (z.B. ADT  zur Aufnahme, Verlegung und Entlassung), Segmenten (EVN, MSH, OBR..), Headern, Pipes (|) und CRLF kennen. HL7v3 wird entsprechend seiner Einsatzhäufigkeit wenig Zeit eingeräumt und nur auf hoher Abstraktionsebene erläutert, wie er sich von HL7v2 unterscheidet und warum Renato und Christian nicht glauben, dass er sich noch durchsetzen wird. In den News wird über die Personaluntergrenze, die EBM-Ziffern zur Videosprechstunde und genervte Ärzte gesprochen.

Danish producer CRLF (a.k.a. Peter Dre) drops a mix of nothin but 70s synth jazz/funk/soul. A dose of some of the truest music of all time - and a history lesson for those who this is new to!