Day[0]

Nov 18 2024 263 ep. 66 mins 256
Day[0] Podcast artwork

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.

  Technology
RSS feed Share
Copy RSS


Subscribe on Podcast Addict


FortiJump Higher, Pishi, and Breaking Control Flow Flattening

Nov 18 2024 60 mins  
This week, we dive into some changes to V8CTF, the FortiJump Higher bug in Fortinet's FortiManager, as well as some coverage instrumentation on blackbox macOS binaries via Pishi. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/263.html [00:00:00] Introduction [00:00:25] V8 Sandbox Bypass Rewards [00:25:39] Hop-Skip-FortiJump-For

Static Analysis, LLMs, and In-The-Wild Exploit Chains

Nov 11 2024 82 mins  
Methodology is the theme of this week's episode. We cover posts about static analysis via CodeQL, as well as a novel blackbox binary querying language called QueryX. Project Zero also leverages Large Language Models to successfully find a SQLite vulnerability. Finally, we wrap up with some discussion on Hexacon and WOOT talks, with a focus on Clem1's In-The-Wild exploit chains insi

Attacking Browser Extensions and CyberPanel

Nov 04 2024 58 mins  
In this week's episode, we talk a little bit about LLMs and how they can be used with static analysis. We also cover GitHub Security Blog's post on attacking browser extensions, as well as a somewhat controversial CyberPanel Pre-Auth RCE that was disclosed. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/261.html [00:00:00] Intr

Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation

Oct 29 2024 71 mins  
In this week's episode, Specter recaps his experiences at Hardwear.IO and a PS5 hypervisor exploit chain presented there. We also cover some of the recently released DEF CON 32 talks. After the conference talk, we get into some filesystem exploit tricks and how arbitrary file write can be taken to code execution in read-only environments. Links and vulnerability summaries for this

Zendesk's Email Fiasco and Rooting Linux with a Lighter

Oct 16 2024 50 mins  
In this week's episode, we cover the fiasco of a vulnerability in Zendesk that could allow intrusion into multiple fortune 500 companies. We also discuss a project zero blogpost that talks about fuzzing Dav1d and the challenges of fuzzing, as well as rooting Linux via EMFI with a lighter. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/p

Summer Recap: Phrack, Off-by-One, and RCEs

Oct 08 2024 54 mins  
In our summer recap, we discuss Phrack's latest issue and talks from the new Off-by-One conference. We also cover some interesting bugs, such as a factorio lua RCE and another RCE via iconv. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/258.html [00:00:00] Introduction [00:01:06] Getting Started with Exploit Development [00:14

Attack of the CUPS and Exploiting Web Views via HSTS

Sep 30 2024 68 mins  
In this week's episode, we cover an attack utilizing HSTS for exploiting Android WebViews and abusing YouTube embeds in Google Slides for clickjacking. We also talk about the infamous CUPS attack, and the nuances that seem to be left behind in much of the discussion around it. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/257.h

Future of the Windows Kernel and Encryption Nonce Reuse

Sep 23 2024 33 mins  
In this week's episode, we discuss Microsoft's summit with vendors on their intention to lock down the Windows kernel from endpoint security drivers and possibly anti-cheats. We also talk cryptography and about the problems of nonce reuse. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/256.html [00:00:00] Introduction [

Iterating Exploits & Extracting SGX Keys

Sep 16 2024 53 mins  
We are back and testing out a new episode format focusing more on discussion than summaries. We start talking a bit about the value of learning hacking by iterating on the same exploit and challenging yourself as a means of practicing the creative parts of exploitation. Then we dive into the recent Intel SGX fuse key leak, talk a bit about what it means, how it happened. We are se

Memory Corruption: Best Tackled with Mitigations or Safe-Languages

May 17 2024 58 mins  
Memory corruption is a difficult problem to solve, but many such as CISA are pushing for moves to memory safe languages. How viable is rewriting compared to mitigating? Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/254.html [00:00:00] Introduction [00:01:12] Clarifying Scope & Short/Long Term [00:04:28] Mitigations [00:15: