cover of episode [bounty] The End of a DEFCON Era and Flipper Zero Woes

[bounty] The End of a DEFCON Era and Flipper Zero Woes

2024/2/13
logo of podcast Day[0]

Day[0]

Frequently requested episodes will be transcribed first

Shownotes Transcript

DEF CON moves venues, the Canadian government moves to ban Flipper Zero, and some XSS issues affect Microsoft Whiteboard and Meta's Excalidraw.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/241.html

[00:00:00] Introduction

[00:00:33] DEF CON was canceled.

[00:16:42] Federal action on combatting auto theft

[00:39:03] Jenkins Arbitrary File Leak Vulnerability, CVE-2024-23897, Can Lead To RCE

[00:43:27] Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140)

[00:52:26] SSRF on a Headless Browser Becomes Critical!

[00:59:04] ChatGPT Account Takeover - Wildcard Web Cache Deception

[01:05:14] Differential testing and fuzzing of HTTP servers and proxies

[01:10:14] Hunting for Vulnerabilities that are ignored by most of the Bug Bounty Hunters

[01:19:38] Analyzing AI Application Threat Models

The DAY[0] Podcast episodes are streamed live on Twitch twice a week:

-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities

-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.

We are also available on the usual podcast platforms:

-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

-- Other audio platforms can be found at https://anchor.fm/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9