Shownotes Transcript
Several lockscreen-related vulnerabilities this week, a cross-site leak, and the hijacking of all .cd domains.
One important thing to mention about this weeks episode that was neglected during the discussion is that the BitLocker Lockscreen Bypass is a lockscreen bypass. It does not necessarily provide access to data Bitlocker protects. If Bitlocker is being run in "transparent operation mode" where the ability to login is all that is necessary to decrypt data, then this vulnerability can grant access to encrypted data.
[00:00:00] Introduction
[00:00:59] Slayer Labs
[00:12:03] BugTraq Shutdown
[00:17:22] Data Security on Mobile Devices
[00:27:08] Running a fake power plant on the internet for a month
[00:33:43] BitLocker Lockscreen bypass
[00:39:30] [Linux Mint] Screensaver lock by-pass via the virtual keyboard
[00:43:02] [NextCloud] Bypassing Passcode/Device credentials
[00:51:02] How I hijacked the top-level domain of a sovereign state
[01:00:28] Laravel <= v8.4.2 debug mode: Remote code execution
[01:05:47] Leaking silhouettes of cross-origin images
[01:10:36] Escaping VirtualBox 6.1: Part 1
[01:17:15] Hunting for Bugs in Windows Mini-Filter Drivers
[01:18:33] Project Zero: Introducing the In-the-Wild Series
Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec))