Hacking Cameras, Stealing Logins, and Breaking Git

RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible. [00:00:32] Critics fume after Github removes exploit code for Exchange vulnerabilities https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/https://borncity.com/win/2021/03/14/gab-es-beim-exchange-massenhack-ein-leck-bei-microsoft/ [00:09:21] CCTV: Now You See Me, Now You Don't https://research.aurainfosec.io/v380-ip-camera/ [00:13:47] CSRF to RCE Chain in Zabbix [CVE-2021-27927] https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce [00:19:44] Stealing Froxlor login credentials using dangling markup [CVE-2020-29653] https://labs.detectify.com/2021/03/10/cve-2020-29653-stealing-froxlor-login-credentials-dangling-markup/ [00:25:29] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://github.com/gitster/git/commit/684dd4c2b414bcf648505e74498a608f28de4592 [00:30:49] git: malicious repositories can execute remote code while cloning https://www.openwall.com/lists/oss-security/2021/03/09/3https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 [00:33:37] Dell OpenManage Server Administrator File Read [CVE-2020-5377] https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/ [00:38:55] Windows Containers: ContainerUser has Elevated Privileges https://bugs.chromium.org/p/project-zero/issues/detail?id=2127 [00:40:18] Windows Containers: Host Registry Virtual Registry Provider Bypass EoP https://bugs.chromium.org/p/project-zero/issues/detail?id=2129 [00:42:34] F5 Big IP - ASM stack-based buffer overflow in is_hdr_criteria_matches https://bugs.chromium.org/p/project-zero/issues/detail?id=2132 [00:48:59] F5 Big IP - TMM uri_normalize_host infoleak and out-of-bounds write https://bugs.chromium.org/p/project-zero/issues/detail?id=2126 [00:59:37] One day short of a full chain: Part 1 - Android Kernel arbitrary code execution https://securitylab.github.com/research/one_day_short_of_a_fullchain_android [01:08:07] Exploiting a “Simple” Vulnerability, Part 2 – What If We Made Exploitation Harder? https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder [01:09:11] Playing in the (Windows) Sandbox https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/ [01:09:39] Regexploit: DoS-able Regular Expressions https://blog.doyensec.com/2021/03/11/regexploit.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)