cover of episode Hacking Nintendo 3DS, Apple vs Corellium, and Android Bugs

Hacking Nintendo 3DS, Apple vs Corellium, and Android Bugs

2021/1/5
logo of podcast Day[0]

Day[0]
Frequently requested episodes will be transcribed first

Shownotes Transcript

An update on Apple v. Corellium, some 3DS vulnerabilities, and some drama on this weeks episode.

[00:00:34] Remote Chaos Experience

- https://media.ccc.de/c/rc3

[00:20:06] Apple Inc. v. Corellium, LLC

- https://www.courtlistener.com/docket/16064642/784/apple-inc-v-corellium-llc/

[00:28:17] The Great Suspender - New maintainer is probably malicious

- https://github.com/greatsuspender/thegreatsuspender/issues/1263

[00:36:59] An HTML Injection Worth 600$ Dollars

- https://medium.com/bugbountywriteup/a-html-injection-worth-600-dollars-5f065be0ab49

[00:44:06] Zoom Meeting Connector Post-Auth Remote Root

- https://packetstormsecurity.com/files/160736/zoomer.py.txt

[00:46:21] Hijacking Google Docs Screenshots

- https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/

[00:49:49] Nintendo 3DS - Improper certificate validation allows an attacker to perform MitM attacks

- https://hackerone.com/reports/894922

[00:52:02] Nintendo 3DS - Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player

- https://hackerone.com/reports/897606

[00:55:45] Apple macOS 6LowPAN Vulnerability [CVE-2020-9967]

- https://alexplaskett.github.io/CVE-2020-9967/

[01:01:24] An iOS hacker tries Android

- https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html

[01:14:29] Turning Imprisonment to Advantage in the FreeBSD ftpd chroot Jail [CVE-2020-7468]

- https://www.thezdi.com/blog/2020/12/21/cve-2020-7468-turning-imprisonment-to-advantage-in-the-freebsd-ftpd-chroot-jail

[01:18:36] Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)

- https://arxiv.org/abs/2012.07432

[01:27:17] Helping secure DOMPurify (part 1)

- https://research.securitum.com/helping-secure-dompurify-part-1/

[01:28:23] A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation

- https://github.com/ant4g0nist/Vulnerable-Kext

[01:30:01] PS4 7.02 WebKit + Kernel Chain Implementation

- https://github.com/ChendoChap/ps4-ipv6-uaf/tree/7.00-7.02

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec))