با برنامه Player FM !
[binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY
Manage episode 380699939 series 2606557
Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows kernel code, and an integer underflow in Safari with some questionable exploitation. Ending the episode with some thoughts on how impactful grsecurity's "constify" mitigation could be.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/220.html
[00:00:00] Introduction
[00:00:14] How I made a heap overflow in curl
[00:17:32] Critically close to zero (day): Exploiting Microsoft Kernel streaming service
[00:30:34] Story of an innocent Apple Safari copyWithin gone (way) outside [CVE-2023-38600]
[00:38:10] CONSTIFY: Fast Defenses for New Exploits
[00:46:53] An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
[00:47:40] Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
257 قسمت
Manage episode 380699939 series 2606557
Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows kernel code, and an integer underflow in Safari with some questionable exploitation. Ending the episode with some thoughts on how impactful grsecurity's "constify" mitigation could be.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/220.html
[00:00:00] Introduction
[00:00:14] How I made a heap overflow in curl
[00:17:32] Critically close to zero (day): Exploiting Microsoft Kernel streaming service
[00:30:34] Story of an innocent Apple Safari copyWithin gone (way) outside [CVE-2023-38600]
[00:38:10] CONSTIFY: Fast Defenses for New Exploits
[00:46:53] An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
[00:47:40] Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
257 قسمت
Alle Folgen
×به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.