Description

A new universal deserialization gadget for Ruby, a Rocket.Chat SAML auth bypass, and some heap exploitation research.

[00:00:36] Cybersecurity Knowledge and Skills Taught in Capture the Flag Challenges

• https://arxiv.org/pdf/2101.01421v1.pdf

[00:10:36] Universal Deserialisation Gadget for Ruby 2.x-3.x

• https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html

[00:13:54] Stealing Your Private YouTube Videos, One Frame at a Time

• https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/

[00:21:43] Rocket.chat - SAML authentication bypass

• https://hackerone.com/reports/1049375

[00:25:49] curl is vulnerable to SSRF due to improperly parsing the host component of the URL

• https://hackerone.com/reports/704621

[00:31:02] Issue 2095: Node.js: use-after-free in TLSWrap

• https://bugs.chromium.org/p/project-zero/issues/detail?id=2095

[00:35:28] Preventing Use-After-Free Attacks with Fast Forward Allocation

• https://gts3.org/assets/papers/2021/wickman:ffmalloc.pdf

[00:49:38] Automatic Techniques to Systematically Discover New Heap Exploitation Primitives

• https://www.usenix.org/system/files/sec20fall_yun_prepub.pdf

[00:59:50] A Samsung RKP Compendium

• https://blog.longterm.io/samsung_rkp.html

[01:11:32] Analyzing CVE-2020-16040

• https://faraz.faith/2021-01-07-cve-2020-16040-analysis/

[01:13:51] HexLasso Online

• https://suszter.com/hexlasso-online/

[01:15:30] A Side Journey to Titan

• https://ninjalab.io/a-side-journey-to-titan/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)