Cross-Browser Tracking, Frag Attacks, and Malicious Rust Macros
Day[0]
Shownotes Transcript
A shorter episode, but some really cool vulns none-the-less, from mitigation bypassing on D-Link routers, to a new set of WiFi protocol design flaws.
[00:01:14] Security Vulnerability Detection Using Deep Learning Natural Language Processing
- https://arxiv.org/abs/2105.02388v1
[00:08:12] Stealing secrets with Rust Macros proof-of-concept via VSCode
- https://github.com/lucky/bad_actor_poc
[00:13:21] [GitLab] RCE when removing metadata with ExifTool
- https://hackerone.com/reports/1154542
[00:19:47] Terminal escape injection in AWS CloudShell
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2154
[00:23:54] Cross-browser tracking vulnerability in Tor, Safari, Chrome and Firefox
- https://fingerprintjs.com/blog/external-protocol-flooding/
[00:34:27] Fei Protocol Flashloan Vulnerability Postmortem
- https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affb
[00:44:46] One-click reflected XSS on Instagram
- https://ysamm.com/?p=695
[00:47:24] D-Link Vulnerability [CVE-2021-27342]
- https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html
[00:51:52] Experimental Security Assessment of Mercedes-Benz Cars
- https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
[01:01:08] FragAttacks: Fragmentation & Aggregation Attacks
- https://github.com/vanhoefm/fragattacks
[01:10:57] Dell ‘dbutil_2_3.sys’ Kernel Exploit [CVE-2021-21551]
- https://connormcgarr.github.io/cve-2020-21551-sploit/
[01:11:45] googleprojectzero/Hyntrospect
- https://github.com/googleprojectzero/Hyntrospect
[01:13:01] IDA Free w/ Cloud Decompiler Dropped
- https://www.hex-rays.com/ida-free/
Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec))