This week we are joined by CTS to discuss fuzzing. We also take at PEN-300/OSEP. Before jumping into this weeks exploits, from NAT Slipstreaming to a Metasploit command injection and plenty in between.

The DAY[0] podcast is streamed live on Twitch every Monday afternoon at 3:pm EST — https://www.twitch.tv/dayzerosec

The audio-only version of the podcast is available on:
— Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
— Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
— Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
— Other audio platforms can be found at https://anchor.fm/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9
Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

[00:00:00] Introduction
[00:01:06] Cybersecurity as we know it will be ‘a thing of the past in the next decade,’ says Cloudflare’s COO
https://www.businessinsider.com/cloudflare-coo-michelle-zatlyn-cybersecurity-enterprisee-tech-transformers-2020-10
[00:05:51] A Researcher’s Guide to Some Legal Risks of Security Research
https://clinic.cyber.harvard.edu/files/2020/10/Security_Researchers_Guide-2.pdf
[00:10:57] Exploit Developer Spotlight: The Story of PlayBit
https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/
[00:17:25] New Pentesting Course: PEN-300 (OSEP)
https://www.offensive-security.com/offsec/new-course-pen300/
https://www.offensive-security.com/awe-osee/
[00:28:20] Vulnonym: Stop the Naming Madness!
https://insights.sei.cmu.edu/cert/2020/10/vulnonym-stop-the-naming-madness.html

[00:30:55] DeFuzz: Deep Learning Guided Directed Fuzzing
https://arxiv.org/pdf/2010.12149.pdf
[00:59:32] NAT Slipstreaming
https://samy.pl/slipstream/
[01:08:10] GitLab CVE-2020-13294
https://security.lauritz-holtmann.de/advisories/cve-2020-13294/
[01:13:17] Attacking Roku sticks for fun and profit

Attacking Roku sticks for fun and profit

[01:16:48] Tiki Wiki – Authentication Bypass [CVE-2020-15906]
https://github.com/S1lkys/CVE-2020-15906
[01:20:12] Metasploit framework template command injection – CVE-2020-7384
https://github.com/justinsteven/advisories/blob/master/2020_metasploit_msfvenom_apk_template_cmdi.md
[01:23:43] Wormable remote code execution in Alien Swarm
https://secret.club/2020/10/30/alien-swarm-rce.html
[01:29:50] Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction [CVE-2020-8260]

Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)

[01:32:55] The story of three CVE’s in Ubuntu Desktop
https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html
[01:41:31] CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation
https://www.zerodayinitiative.com/blog/2020/10/27/cve-2020-16939-windows-group-policy-dacl-overwrite-privilege-escalation
[01:46:36] Windows Kernel cng.sys pool-based buffer overflow
https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
[01:54:21] Vector35 releases all Binary Ninja core architecture plugins

[01:55:33] How Debuggers Work: Getting and Setting x86 Registers, Part 1
https://www.moritz.systems/blog/how-debuggers-work-getting-and-setting-x86-registers-part-1/
[01:56:12] CodeQL U-Boot Challenge (C/C++)
https://lab.github.com/githubtraining/codeql-u-boot-challenge-(cc++)
[01:59:14] Fundamentals of Software Exploitation
https://wargames.ret2.systems/course

source