Gehen Sie mit der App Player FM offline!
[binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY
Manage episode 380699939 series 2606557
Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows kernel code, and an integer underflow in Safari with some questionable exploitation. Ending the episode with some thoughts on how impactful grsecurity's "constify" mitigation could be.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/220.html
[00:00:00] Introduction
[00:00:14] How I made a heap overflow in curl
[00:17:32] Critically close to zero (day): Exploiting Microsoft Kernel streaming service
[00:30:34] Story of an innocent Apple Safari copyWithin gone (way) outside [CVE-2023-38600]
[00:38:10] CONSTIFY: Fast Defenses for New Exploits
[00:46:53] An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
[00:47:40] Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
257 Episoden
Manage episode 380699939 series 2606557
Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows kernel code, and an integer underflow in Safari with some questionable exploitation. Ending the episode with some thoughts on how impactful grsecurity's "constify" mitigation could be.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/220.html
[00:00:00] Introduction
[00:00:14] How I made a heap overflow in curl
[00:17:32] Critically close to zero (day): Exploiting Microsoft Kernel streaming service
[00:30:34] Story of an innocent Apple Safari copyWithin gone (way) outside [CVE-2023-38600]
[00:38:10] CONSTIFY: Fast Defenses for New Exploits
[00:46:53] An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
[00:47:40] Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
257 Episoden
Alle Folgen
×Willkommen auf Player FM!
Player FM scannt gerade das Web nach Podcasts mit hoher Qualität, die du genießen kannst. Es ist die beste Podcast-App und funktioniert auf Android, iPhone und im Web. Melde dich an, um Abos geräteübergreifend zu synchronisieren.