Day[0]

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the

Episodes

Total: 267

[bounty] Kubernetes Code Exec and There Is No Spoon
2023/11/28

This week we've got a few relatively simple bugs to talk about along with a discussion about aud

[binary] A Heap of Linux Bugs
2023/11/22

Last week we brought you several Windows bugs, this week we are talking Linux kernel vulnerabilities

[bounty] Prompting for Secrets and Malicious Extensions
2023/11/21

This week has an interesting mix of issues, starting with a pretty standard template inject. Then we

[binary] A Bundle of Windows Bugs
2023/11/15

We've got a few Windows bugs this week, but first a fun off-by-one null-byte write. Then we jump

[bounty] Usurping Mastodon and Broken Signature Schemes
2023/11/13

Just a few issues this week, a Mastodon normalization issue leading to the potential to impersonate

[binary] MTE Debuts, DNS Client Exploits, and iTLB Multihit
2023/11/8

As memory tagging (MTE) finally comes to a consumer device, we talk about how it may impact vulnerab

[bounty] Attacking OAuth, Citrix, and some P2O Drama
2023/11/7

Kicking off the week with a bit of Pwn2Own drama, then taking a look at an OAuth attack against Gram

[binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY
2023/10/24

Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of

[bounty] Rapid Reset, Attacking AWS Cognito, and Confluence Bugs
2023/10/22

We've got a mix of topics this week, started with a bit of discussion around the recent Rapid Re

[binary] A Chrome RCE, WebP 0day, and glibc LPE
2023/10/11

Some complex and confusing vulnerabilities as we talk about the recent WebP 0day and the complexitie

[bounty] Insecure Firewalls, MyBB, and Winning with WinRAR
2023/10/10

This week we've got some fun issues, including a WinRAR processing bug that results in code exec

[binary] Busted Stack Protectors, MTE, and AI Powered Fuzzing
2023/9/27

A binary summer-recap episode, looking at some vulnerabilities and research put out over the summer.

[bounty] DEF CON, HardwearIO, Broken Caching, and Dropping Headers
2023/9/26

We are back, and talking about our summer with a lengthy discussion about our DEF CON experiences be

[binary] Exploiting VMware Workstation and the Return of CSG0-Days
2023/5/25

This week we've got a handful of low-level vulns, VM-escape, Windows EoP, and a single IPv6 pack

[bounty] Jellyfin Exploits and TOCTOU Spellcasting
2023/5/23

Another bug bounty podcast, another set of vulnerabilities. Starting off with a desktop info-disclos

[binary] Attacking VirtualBox and Malicious Chess
2023/5/18

This week we we've got a neat little printer corruption, a probably unexploitable stockfish bug,

[bounty] OverlayFS to Root and Parallels Desktop Escapes
2023/5/16

More bug bounty style bugs, but you'd be forgiven reading that title thinking we had a low-level

[binary] TPMs and Baseband Bugs
2023/5/11

This week we go a bit deeper than normal and look at some low level TPM attacks to steal keys. We&#3

[bounty] Bad Ordering, Free OpenAI Credits, and Goodbye Passwords?
2023/5/9

We open up this weeks bug bounty podcast with a discussion about Google's recent support for pas

[binary] A Timing Side-Channel for Kernel Exploitation and VR in the wake of Rust
2023/5/4

Not a lot of interesting binary exploitation topics for this week, we've got a DHCPv6 service vu