Популярное

DAY[0] Episode 63 - MediaTek BootROM Broken, Free Coffee, and an iOS Kernel Exploit



Издатель
A lot of discussion this week about OSS security and security processes, an iOS kernel type confusion and MediaTek Bootloader bypass impacting everything since atleast 2014.

The DAY[0] podcast is streamed live on Twitch every Monday afternoon at 3:pm EST -- https://www.twitch.tv/dayzerosec

The audio-only version of the podcast is available on:
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9
Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

[00:00:00] Introduction
[00:04:54] Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source
https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html
[00:15:18] Launching OSV - Better vulnerability triage for open source
https://security.googleblog.com/2021/02/launching-osv-better-vulnerability.html
[00:22:38] Most Common Bugs of 2021 So Far
https://www.bugcrowd.com/blog/common-bugs-of-2021/
[00:31:59] Exploiting the Nespresso smart cards for fun and coffee
https://pollevanhoof.be/nuggets/smart_cards/nespresso
[00:39:10] Spoofing and Attacking With Skype
https://blog.thecybersecuritytutor.com/spoofing-and-attacking-with-skype/
[00:45:01] Getting root on webOS
https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html
[00:51:31] Applying Offensive Reverse Engineering to Facebook Gameroom
https://spaceraccoon.dev/applying-offensive-reverse-engineering-to-facebook-gameroom
[00:59:36] Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module
https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered
[01:06:32] MTK Bypass Universal
https://megafon929.github.io/mtk
[01:14:13] Project Zero: iOS Kernel privesc with turnstiles [CVE-2020-27932]
https://googleprojectzero.blogspot.com/p/rca-cve-2020-27932.html
https://googleprojectzero.blogspot.com/p/rca.html
[01:21:41] Why Security Defects Go Unnoticed during Code Reviews?
http://amiangshu.com/papers/paul-ICSE-2021.pdf
Категория
Усилители
Комментариев нет.