Day[0]
dayzerosec
Categories: Technology
Listen to the last episode:
We are back and testing out a new episode format focusing more on discussion than summaries. We start talking a bit about the value of learning hacking by iterating on the same exploit and challenging yourself as a means of practicing the creative parts of exploitation. Then we dive into the recent Intel SGX fuse key leak, talk a bit about what it means, how it happened.
We are seeking feedback on this format. Particularly interested in those of you with more of a bug bounty or higher-level focus if an episode like this would still be appealing? If you want to share any feedback feel free to DM us (@__zi or @specterdev) or email us at media [at] dayzerosec.com
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/255.html
[00:00:00] Introduction
[00:04:55] Exploiting CVE-2024-20017 4 different ways
[00:22:26] Intel SGX Fuse Keys Extracted
[00:51:01] Introducing the URL validation bypass cheat sheet
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Previous episodes
-
255 - Iterating Exploits & Extracting SGX Keys Mon, 16 Sep 2024
-
254 - Memory Corruption: Best Tackled with Mitigations or Safe-Languages Fri, 17 May 2024
-
253 - [discussion] A Retrospective and Future Look Into DAY[0] Fri, 19 Apr 2024
-
252 - [binary] Bypassing KASLR and a FortiGate RCE Wed, 20 Mar 2024
-
251 - [bounty] RCE'ing Mailspring and a .NET CRLF Injection Tue, 19 Mar 2024
-
250 - [binary] Future of Exploit Development Followup Wed, 13 Mar 2024
-
249 - [bounty] libXPC to Root and Digital Lockpicking Tue, 12 Mar 2024
-
248 - [binary] Binary Ninja Free and K-LEAK Wed, 06 Mar 2024
-
247 - [bounty] Hacking Google AI and SAML Tue, 05 Mar 2024
-
246 - [binary] Rust Memory Corruption??? Wed, 28 Feb 2024
-
245 - [bounty] A PHP and Joomla Bug and some DOM Clobbering Tue, 27 Feb 2024
-
244 - [binary] Linux Burns Down CVEs Wed, 21 Feb 2024
-
243 - [bounty] GhostCMS, ClamAV, and the Top Web Hacking Techniques of 2023 Tue, 20 Feb 2024
-
242 - [binary] kCTF Changes, LogMeIn, and wlan VFS Bugs Wed, 14 Feb 2024
-
241 - [bounty] The End of a DEFCON Era and Flipper Zero Woes Tue, 13 Feb 2024
-
240 - [binary] The Syslog Special Wed, 07 Feb 2024
-
239 - [bounty] Public Private Android Keys and Docker Escapes Tue, 06 Feb 2024
-
238 - [binary] Busted ASLR, PixieFail, and Bypassing HVCI Wed, 31 Jan 2024
-
237 - [bounty] Reborn Homograph Attacks and Ransacking Passwords Tue, 30 Jan 2024
-
236 - [binary] Bypassing Chromecast Secure-Boot and Exploiting Factorio Wed, 17 Jan 2024
-
235 - [bounty] A GitLab Account Takeover and a Coldfusion RCE Tue, 16 Jan 2024
-
234 - [binary] Allocator MTE, libwebp, and Operation Triangulation Wed, 10 Jan 2024
-
233 - [bounty] Spoofing Emails, PandoraFMS, and Keycloak  Tue, 09 Jan 2024
-
232 - [binary] RetSpill, A Safari Vuln, and Steam RCE Fri, 22 Dec 2023
-
231 - [bounty] IOT Issues and DNS Rebinding Tue, 19 Dec 2023
-
230 - [binary] Samsung Baseband and GPU Vulns Wed, 06 Dec 2023
-
229 - [bounty] Buggy Cookies and a macOS TCC Bypass Tue, 05 Dec 2023
-
228 - [binary] Hypervisor Bugs and a FAR-out iOS bug Wed, 29 Nov 2023
-
227 - [bounty] Kubernetes Code Exec and There Is No Spoon Tue, 28 Nov 2023
-
226 - [binary] A Heap of Linux Bugs Wed, 22 Nov 2023
-
225 - [bounty] Prompting for Secrets and Malicious Extensions Tue, 21 Nov 2023
-
224 - [binary] A Bundle of Windows Bugs Wed, 15 Nov 2023
-
223 - [bounty] Usurping Mastodon and Broken Signature Schemes Mon, 13 Nov 2023
-
222 - [binary] MTE Debuts, DNS Client Exploits, and iTLB Multihit Wed, 08 Nov 2023
-
221 - [bounty] Attacking OAuth, Citrix, and some P2O Drama Tue, 07 Nov 2023
-
220 - [binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY Tue, 24 Oct 2023
-
219 - [bounty] Rapid Reset, Attacking AWS Cognito, and Confluence Bugs Sun, 22 Oct 2023
-
218 - [binary] A Chrome RCE, WebP 0day, and glibc LPE Wed, 11 Oct 2023
-
217 - [bounty] Insecure Firewalls, MyBB, and Winning with WinRAR Tue, 10 Oct 2023
-
216 - [binary] Busted Stack Protectors, MTE, and AI Powered Fuzzing Wed, 27 Sep 2023
-
215 - [bounty] DEF CON, HardwearIO, Broken Caching, and Dropping Headers Tue, 26 Sep 2023
-
214 - [binary] Exploiting VMware Workstation and the Return of CSG0-Days Thu, 25 May 2023
-
213 - [bounty] Jellyfin Exploits and TOCTOU Spellcasting Tue, 23 May 2023
-
212 - [binary] Attacking VirtualBox and Malicious Chess Thu, 18 May 2023
-
211 - [bounty] OverlayFS to Root and Parallels Desktop Escapes Tue, 16 May 2023
-
210 - [binary] TPMs and Baseband Bugs Thu, 11 May 2023
-
209 - [bounty] Bad Ordering, Free OpenAI Credits, and Goodbye Passwords? Tue, 09 May 2023
-
208 - [binary] A Timing Side-Channel for Kernel Exploitation and VR in the wake of Rust Thu, 04 May 2023
-
207 - [bounty] Git Config Injection and a Sophos Pre-Auth RCE Tue, 02 May 2023
-
206 - [binary] A Ghostscript RCE and a Windows Registry Bug Thu, 27 Apr 2023