FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging
02:14:29 Share

A New AMD sidechannel, and an old intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY[0].

• [00:00:21] Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote)

• [00:06:52] Announcing Remote Participation in Pwn2Own Vancouver)

• [00:11:22] Revoking certain certificates on March 4)

• [00:19:40] FuzzBench: Fuzzer Benchmarking as a Service)

• [00:28:53] Intel x86 Root of Trust: loss of trust )

• [00:39:07] Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors)

• [00:49:11] VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing)

• https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636af)

• https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426)

• [00:55:11] MediaTek rootkit affecting millions of Android devices)

• [01:01:56] Zoho ManageEngine RCE)

• [01:11:25] RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555))

• [01:14:22] Regex Vulnerabilities - parse-community/parse-server)

• [01:18:57] HTTP request smuggling using malformed Transfer-Encoding header)

• [01:27:20] [Nextcloud] Delete All Data of Any User)

• [01:30:36] Dismantling DST80-based Immobiliser Systems)

• [01:37:53] Exploring Backdoor Poisoning Attacks Against Malware Classifiers)

• [01:45:59] Code Renewability for Native Software Protection)

• [01:55:42] Security Analysis of Memory Tagging)

• [02:04:15] DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier)

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0]))