Pwn2Own Results, Voatz (again), some web-exploits and a code-reuse mitigation
01:40:07 Share

More discussion about election hacking with Voatz undergoing a more complete security assessment, we also discuss a few interesting web attacks and end with a good discussion about a new code-reuse mitigation: Hurdle.

• [00:00:20] Learn Exploit Development While Not Dying)

• [00:02:10] Exploit Education)

• [00:07:32] Pwn2Own Results)

• https://www.zerodayinitiative.com/blog/2020/3/19/pwn2own-2020-day-one-results)

• [00:16:19] DEF CON CTF 2020 QUALS COVID-19 DELAY)

• [00:22:30] Software Engineer - Jobs at Apple)

• [00:30:56] Tesla Model 3 Denial of Service Vulnerability [CVE-2020-10558])

• [00:36:26] Trail of Bits - Voatz Security Review)

• [01:01:49] XXE-scape through the front door: circumventing the firewall with HTTP request smuggling)

• [01:08:12] Don't Clone That Repo: Visual Studio Code^2 Execution)

• https://github.com/doyensec/VSCode_PoC_Oct2019/)

• https://github.com/doyensec/VSCode_PoC_Oct2019/blob/master/.vscode/settings.json)

• https://github.com/doyensec/VSCode_PoC_Oct2019/commit/19b4687259bd5d1821525a3ebbe6aa76618359c3#diff-62b00de1d62bb867ef03dec7057712f1R50)

• [01:14:22] [Hacker101] Race Condition leads to undeletable group member)

• [01:19:58] JavaScript without parentheses using DOMMatrix)

• https://portswigger.net/web-security/cross-site-scripting/contexts/lab-javascript-url-some-characters-blocked)

• [01:24:21] Hurdle: Securing Jump Instructions Against Code Reuse Attacks)

• https://www.youtube.com/watch?v=qFWTZ2zZ1XQ)

• http://se.ri0.us/2020-03-23-110829182-9e1b1.png)

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0]))