iOS 0days are worthless, PrintDemon, and a takeover of hackerone
02:32:02 Share

Are iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0].

• [00:00:52] [UPDATE] Huawei HKSP Introduces Trivially Exploitable Vulnerability)

• https://github.com/cloudsec/aksp/blob/master/hksp.patch)

• [00:11:59] iOS one-click chains prices likely to drop)

• https://www.hackasat.com/)

• [00:33:30] Defcon Quals 2020)

• https://hxp.io/blog/72/DEFCON-CTF-Quals-2020-notbefoooled/)

• [00:46:33] vBulletin 5.6.1 SQL Injection)

• [00:52:52] Subdomain takeover of resources.hackerone.com)

• [01:01:11] MyLittleAdmin PreAuth RCE)

• [01:06:13] DOM-Based XSS at accounts.google.com by Google Voice Extension.)

• [01:16:47] Playing with GZIP: RCE in GLPI [CVE-2020-11060])

• [01:36:24] Reverse RDP - The Path Not Taken)

• [01:44:19] PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth [CVE-2020-1048])

• https://twitter.com/VbScrub/status/1260598344650539009)

• [01:53:34] Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently)

• [02:00:29] Cloud WAF Comparison Using Real-World Attacks)

• https://medium.com/fraktal/cloud-waf-comparison-part-2-e6e2d25f558c)

• https://en.wikipedia.org/wiki/Server_Side_Includes)

• [02:18:20] Fuzzing TLS certificates from their ASN.1 grammar)

• [02:22:25] DHS CISA and FBI share list of top 10 most exploited vulnerabilities)

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0]))