Fast Fuzzing, Malicious Pull Requests, and Rust in my kernel?!
01:45:13 Share

Time to rewrite Linux in Rust? Probably not, but it has landed in linux-next which we talked about. We also look at a couple interesting GitHub vulns, and talk about fuzzing.

[00:00:28] Rust in the Linux Kernel

- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/rust?id=c77c8025525c36c9d2b9d82e4539403701276a1d

• https://www.youtube.com/watch?v=FFjV9f_Ub9o&t=2066s
• https://lkml.org/lkml/2020/7/9/952
• https://lkml.org/lkml/2020/7/10/1261

[00:13:40] Two Undocumented Instructions to Update Microcode Discovered

- https://twitter.com/_markel___/status/1373059797155778562

[00:19:06] DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS

- https://palant.info/2021/03/15/duckduckgo-privacy-essentials-vulnerabilities-insecure-communication-and-universal-xss/

[00:26:46] Abusing VoIPmonitor for Remote Code Execution

- https://www.rtcsec.com/post/2021/03/bug-discovery-diaries-abusing-voipmonitor-for-remote-code-execution/

[00:32:18] Stealing arbitrary GitHub Actions secrets

- https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html

[00:40:29] How we found and fixed a rare race condition in our session handling

- https://github.blog/2021-03-18-how-we-found-and-fixed-a-rare-race-condition-in-our-session-handling/

[00:49:05] GitLab - Ability To Delete User(s) Account Without User Interaction

- https://hackerone.com/reports/928255

[00:52:49] New Old Bugs in the Linux Kernel

- https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html

• https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.03.12-linux-iscsi

[01:00:33] Fuzzing: FastStone Image Viewer [CVE-2021-26236]

- https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236/

[01:06:53] A Replay-Style Deserialization Attack Against SharePoint [CVE-2021-27076]

- https://www.thezdi.com/blog/2021/3/17/cve-2021-27076-a-replay-style-deserialization-attack-against-sharepoint

[01:12:38] One day short of a full chain: Part 2 - Chrome sandbox escape

- https://securitylab.github.com/research/one_day_short_of_a_fullchain_sbx

[01:18:58] Code execution in Wireshark via non-http(s) schemes in URL fields

- https://gitlab.com/wireshark/wireshark/-/issues/17232

[01:21:59] Attacking and Defending OAuth 2.0 (Part 2 of 2: Attacking OAuth 2.0 Authorization Servers)

- https://www.praetorian.com/blog/attacking-and-defending-oauth-2/

[01:30:37] Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace

- https://blog.trailofbits.com/2021/03/19/un-bee-lievable-performance-fast-coverage-guided-fuzzing-with-honeybee-and-intel-processor-trace/

[01:42:00] Pulling Bits From ROM Silicon Die Images: Unknown Architecture

- https://ryancor.medium.com/pulling-bits-from-rom-silicon-die-images-unknown-architecture-b73b6b0d4e5d

[01:42:28] 0dayfans.com

- https://0dayfans.com/

• https://github.com/dayzerosec/feedgen
• https://shop.spreadshirt.com/dayzerosec/

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec))