Leading off this week's discussion is the news about the now remote CCC and Offensive Security's plans to retire OSCE. On the exploit side of things, this week we have a few recent bug bounties including a Google Maps XSS, a FreeBSD TOCTOU, and a couple of Linux kernel vulnerabilities.
[00:02:30] CCC going remote this year due to pandemic)
[00:09:44] NVIDIA to Acquire Arm for $40 Billion)
[00:20:36] OSCE being retired)
[00:34:21] Giggle; laughable security)
[00:44:51] Raccoon Attack)
[00:53:34] Executing arbitrary code on NVIDIA GeForce NOW VMs)
[01:02:07] Cache poisoning via X-Forwarded-Host)
[01:08:56] Team object in GraphQL disclosed private_comment)
[01:14:08] XSS->Fix->Bypass: 10000$ bounty in Google Maps)
[01:28:33] Microsoft Sharepoint and Exchange Server Vulnerabilities)
[01:45:35] Short story of 1 Linux Kernel Use-After-Free and 2 CVEs)
[01:53:25] FreeBSD Kernel Privilege Escalation [CVE-2020-7460])
[02:02:47] WSL 2.0 dxgkrnl Driver Memory Corruption)
[02:10:46] Project Zero: Attacking the Qualcomm Adreno GPU)
[02:16:03] GoogleCTF 2020 Challenge Source + Exploits Release)
[02:20:08] IDA Pro Tips to Add to Your Bag of Tricks)
[02:20:48] Reverse Engineering: Marvel's Avengers - Developing a Server Emulator)
Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@DAY[0]))