Day[0]

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the

Episodes

Total: 268

[binary] Rusty Kernel Bugs, mast1c0re, and OpenSSH
2023/2/16

Few discussions this week, from using ASAN for effectively, to vulnerabilities in Rust code, and som

[bounty] Top 2022 Web Hacking Techniques and a Binance Bug
2023/2/14

Bit slow this week, so we talk about the Top Web-hacking techniques of 2022, and some TruffleSec/XSS

[binary] An XNU Exploit and a Chrome Heap Overflow
2023/2/9

First, we take a look at some positive changes to OSS Fuzz, then we dive into some vulnerabilities.

[bounty] Facebook Account Takeovers and a vBulletin RCE
2023/2/7

Is it possible to escalate a self-XSS into an account takeover? Perhaps, we take a look at some pote

[binary] KASAN comes to Windows and Shuffling ROP Gadgets
2023/2/2

Discussion heavy episode this week, talking about KASAN landing on Windows, shuffling gadgets to mak

[bounty] CSS Injection and a Google Cloud Project Takeover Bug
2023/1/31

Starting off the week strong we have a CSS injection turned full-read SSRF, and a MyBB exploit chain

[binary] Exploiting Null Derefs and Windows Type COM-fusion
2023/1/26

Null-dereferences might not be too exploitable on a lot of systems, what about the handling of a nul

[bounty] Cloud Bugs and More Vulns in Galaxy App Store
2023/1/24

We've got a cloud focused episode this week, starting with a logging bypass in AWS CloudTrail, a SSH

[binary] An iPod Nano Bug, XNU Vuln, and a WebKit UAF
2023/1/19

An Apple-focused episode this week, with a trivial iPod Nano BootRom exploit, and a WebKit Use-after

[bounty] Client-Side Path Traversal and Hiding Your Entitlement(s)
2023/1/17

This week kicks off with another look at client-side path traversal attacks, this time with some mor

[binary] Attacking Bhyves and a Kernel UAF
2023/1/12

Just a few issues this week, but some solid exploitation. A Kernel UAF, IoT, and a bhyve escape. Li

[bounty] Web Hackers vs. Cars and a Facebook Account Takeover
2023/1/10

First episode of the new year, and we've got some cool stuff. Several authentication issues and "cla

[binary] JS Type Confusions and Bringing Back Stack Attacks
2022/12/15

In this episode, we discuss the discovery of a type confusion in Internet Explorer's JScript. We als

[bounty] Pwn2Own Bugs and WAF Bypasses
2022/12/13

Is Pwn2Own worth it for bug bounty hunters? A handful of trivial command injections, and some awesom

[binary] A Huawei Hypervisor Vuln and More Memory Safety
2022/12/8

Will AI be your next vuln research assistant? ... Maybe? We also talk about a stack-based overflow i

[bounty] Remotely Controlling Hyundai and a League of Legends XSS
2022/12/6

A variety of issues this week, DOM Clobbering, argument injection, a filesystem race condition, cros

[binary] Patch Gaps and Apple Neural Engine Vulns
2022/12/1

The end of kASLR bypasses? Probably just click-bait, but the patch gap is real and we discuss that a

[bounty] Tailscale RCE, an SQLi in PAM360, and Exploiting Backstage
2022/11/29

Some RCE chains starting with DNS rebinding, always fun to see, a fairly basic SQL injection, and a

[binary] Hacking Pixel Bootloaders and Injecting Bugs
2022/11/24

A hardware heavy episode as we talk about two read protection bypasses, Pixel 6 bootloader exploitat

[bounty] Racing Grafana, Stealing Mastadon Passwords, and Cross-Site Tracing
2022/11/22

This week has the return of cross-site tracing, HTML injection, a golang specific vulnerable code pa