OSED, North Korean hackers, NAT Slipstream 2.0, and PGP (in)security
02:11:15 Share

Starting with a long discussion about the North Korean hackers targeting security reseachers, and some thoughts (rants) about the newly released Windows exploit dev course from Offensive Security before getting into some real exploits including NAT Slipstreaming 2.0 and a new Sudo vuln.

[00:00:52] About the security content of iOS 14.4 and iPadOS 14.4

- https://support.apple.com/en-us/HT212146

[00:02:42] New campaign targeting security researchers

- https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/

• https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
• https://twitter.com/pwn_expoit/status/1354024291398950913
• https://twitter.com/chris_salls/status/1353989045617975297

[00:44:45] New Exploit Dev Course: EXP-301

- https://www.offensive-security.com/offsec/new-course-exp301/

• https://wargames.ret2.systems/

[01:04:53] Linksys WRT160NL – Authenticated Command Injection [CVE-2021-25310]

- https://research.nccgroup.com/2021/01/28/technical-advisory-linksys-wrt160nl-authenticated-command-injection-cve-2021-25310/

[01:07:13] Vulnerabilities within TikTok Friend-Finder

- https://research.checkpoint.com/2021/tiktok-fixes-privacy-issue-discovered-by-check-point-research/

[01:14:07] BitLocker touch-device lockscreen bypass

- https://secret.club/2021/01/29/touch-lockscreen-bypass.html

[01:20:53] NAT Slipstreaming v2.0

- https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/

• https://samy.pl/slipstream/

[01:26:35] [Security fix] Libgcrypt 1.9.1 released

- https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html

• https://dev.gnupg.org/rC512c0c75276949f13b6373b5c04f7065af750b08

[01:30:44] Baron Samedit: Heap-based buffer overflow in Sudo [CVE-2021-3156]

- https://www.openwall.com/lists/oss-security/2021/01/26/3

• https://github.com/sudo-project/sudo/commit/1f8638577d0c80a4ff864a2aad80a0d95488e9a8
• https://github.com/lockedbyte/CVE-Exploits/tree/master/CVE-2021-3156

[01:44:49] Exploiting a “Simple” Vulnerability – Part 1.5 – The Info Leak

- https://windows-internals.com/exploiting-a-simple-vulnerability-part-1-5-the-info-leak/

[01:50:53] Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref

- https://www.thezdi.com/blog/2021/1/27/zdi-can-12671-windows-kernel-dosprivilege-escalation-via-a-null-pointer-deref

[01:56:31] XS-Leaks in redirect flows

- https://docs.google.com/presentation/d/1rlnxXUYHY9CHgCMckZsCGH4VopLo4DYMvAcOltma0og/edit#slide=id.g63e29d5a06_0_0

[02:02:13] Keeping your GitHub Actions and workflows secure: Untrusted input

- https://securitylab.github.com/research/github-actions-untrusted-input

[02:08:04] iOS Security Tutorial - Patching ASLR in the Kernel

- https://www.youtube.com/watch?v=Gszvbi8AU68

[02:08:58] Project Zero: A Look at iMessage in iOS 14

- https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html

[02:09:37] Effectively Fuzzing the IPC Layer in Firefox

- https://blog.mozilla.org/attack-and-defense/2021/01/27/effectively-fuzzing-the-ipc-layer-in-firefox/

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on <a href="h