IDA...Go home, Sandboxie source, and some RCEs (TP-Link, Starcraft 1, OhMyZsh)

Spela upp

Starting off the week with a discussion about the disappointing IDA Home, before moving into a few easy command injections, code-reuse attacks applied to XSS, detecting trojaned hardware and ending with a subtle crypto-bug.

• [00:00:45] DAY[0] Episode Transcripts now Available
  
• [00:02:53] Microsoft Buys Corp.com to Keep It Safe from Hackers (Over $1.7 Million Deal)
  
• [00:05:42] Hack for Good: Easily Donate Bounties to WHO’s COVID-19 Response Fund
  
• [00:10:55] RetDec v4.0 is out
  
• [00:17:33] IDA Home is coming
  
  • https://www.sophia.re/Binary-Rockstar/index.html
  
  
  • https://nostarch.com/GhidraBook
  
  
• [00:33:44] Sandboxie Open Source Code is available
  
  • https://github.com/xanasoft/Sandboxie
  
  
• [00:38:01] Exploiting the TP-Link Archer A7
  
• [00:46:50] Exploiting the Starcraft 1 EUD Bug
  
• [00:51:23] OhMyZsh dotenv Remote Code Execution
  
• [00:56:19] Symantec Web Gateway 5.0.2.8 Remote Code Execution
  
• [00:59:15] VMware vCenter Server Sensitive Information Disclosure [CVE-2020-3952]
  
• [01:01:39] Bypassing modern XSS mitigations with code-reuse attacks
  
• [01:07:49] Practical Data Poisoning Attack against Next-Item Recommendation
  
• [01:11:40] Hardware Trojan Detection Using Controlled Circuit Aging
  
• [01:16:18] A "Final" Security Bug
  
• [01:27:05] RCEed version of computer malware / rootkit MyRTUs / Stuxnet.
  
  • https://github.com/christian-roggia/open-myrtus/blob/master/rootkit/FastIo.c
  
  
  • https://xkcd.com/350/
  
  

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])