114 - NetUSB RCE, a Linux Kernel Heap Overflow, an XNU Use-after-free [Binary Exploitation Podcast]

Integer overflows and underflow this week, covering vulns from desktop Zoom clients, to kernel and some routers.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/netusb-rce-a-kernel-heap-overflow-an-xnu-uaf.html

[00:00:00] Introduction
[00:00:19] Spot the Vuln - One Verified JWT, Please
[00:03:27] Zooming in on Zero-click Exploits
[00:12:18] Zooming in on Zero-click Exploits
[00:26:39] XNU kernel use-after-free in mach_msg
[00:34:06] Linux kernel v5.1+ Heap buffer overflow in fs_context.c
[00:36:03] Linux kernel v5.1+ Heap buffer overflow in fs_context.c
[00:42:21] NetUSB RCE Flaw in Millions of End User Routers [CVE-2021-45608]
[00:47:54] Humble Book Bundle: Cybersecurity by Wiley


The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.

The audio-only version of the podcast is available on:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9
Or follow us on Twitter (@dayzerosec) to know when new releases are coming.


#ExploitDevelopment #BinaryExploitation #InfoSec #Podcast

Скачать видео