Another short episode this week covering graphql attacks, a couple NoSQL injections, a few misconfigurations and a cool attack to reset monotonic counters on a Mifare card.
[00:01:25] From CTFs to the Real World
[00:02:50] [GitHub] Exploits and Malware Policy Updates
[00:07:37] Mobile app developers’ misconfiguration of third party services leave personal data of over 100 million exposed
[00:13:49] QNAP MusicStation/MalwareRemover Pre-Auth RCE
[00:17:45] 2FA Bypass via Forced Browsing
[00:24:22] That single GraphQL issue that you keep missing
[00:32:22] Remote code execution in squirrelly [CVE-2021-32819]
[00:44:30] NoSQL Injections in Rocket.Chat
[00:49:15] RFID: Monotonic Counter Anti-Tearing Defeated
[00:56:24] A Wormable Code Execution Bug in HTTP.sys [CVE-2021-31166]
[01:04:15] Fuzzing iOS code on macOS at native speed
[01:05:07] RuhrSec 2018: "Keynote: Weird machines, exploitability and unexploitability", Thomas Dullien
[01:07:58] Browser fuzzing at Mozilla
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
