![Day[0]](https://static.mytuner.mobi/media/podcasts/063/day0-zero-days-for-day-zero.jpg)
Day[0]
dayzerosec
Categories: Technology
Listen to the last episode:
This week, we dive into some changes to V8CTF, the FortiJump Higher bug in Fortinet's FortiManager, as well as some coverage instrumentation on blackbox macOS binaries via Pishi.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/263.html
[00:00:00] Introduction
[00:00:25] V8 Sandbox Bypass Rewards
[00:25:39] Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager [CVE-2024-47575]
[00:38:07] Pishi: Coverage guided macOS KEXT fuzzing.
[00:44:20] Breaking Control Flow Flattening: A Deep Technical Analysis
[00:55:10] Firefox Animation CVE-2024-9680 - Dimitri Fourny
[00:57:13] Internship Offers for the 2024-2025 Season
Podcast episodes are available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Previous episodes
-
263 - FortiJump Higher, Pishi, and Breaking Control Flow FlatteningMon, 18 Nov 2024
-
262 - Static Analysis, LLMs, and In-The-Wild Exploit ChainsMon, 11 Nov 2024
-
261 - Attacking Browser Extensions and CyberPanelMon, 04 Nov 2024
-
260 - Hardwear.IO NL, DEF CON 32, and Filesystem ExploitationTue, 29 Oct 2024
-
259 - Zendesk's Email Fiasco and Rooting Linux with a LighterWed, 16 Oct 2024
-
258 - Summer Recap: Phrack, Off-by-One, and RCEsTue, 08 Oct 2024
-
257 - Attack of the CUPS and Exploiting Web Views via HSTSMon, 30 Sep 2024
-
256 - Future of the Windows Kernel and Encryption Nonce ReuseMon, 23 Sep 2024
-
255 - Iterating Exploits & Extracting SGX KeysMon, 16 Sep 2024
-
254 - Memory Corruption: Best Tackled with Mitigations or Safe-LanguagesFri, 17 May 2024
-
253 - [discussion] A Retrospective and Future Look Into DAY[0]Fri, 19 Apr 2024
-
252 - [binary] Bypassing KASLR and a FortiGate RCEWed, 20 Mar 2024
-
251 - [bounty] RCE'ing Mailspring and a .NET CRLF InjectionTue, 19 Mar 2024
-
250 - [binary] Future of Exploit Development FollowupWed, 13 Mar 2024
-
249 - [bounty] libXPC to Root and Digital LockpickingTue, 12 Mar 2024
-
248 - [binary] Binary Ninja Free and K-LEAKWed, 06 Mar 2024
-
247 - [bounty] Hacking Google AI and SAMLTue, 05 Mar 2024
-
246 - [binary] Rust Memory Corruption???Wed, 28 Feb 2024
-
245 - [bounty] A PHP and Joomla Bug and some DOM ClobberingTue, 27 Feb 2024
-
244 - [binary] Linux Burns Down CVEsWed, 21 Feb 2024
-
243 - [bounty] GhostCMS, ClamAV, and the Top Web Hacking Techniques of 2023Tue, 20 Feb 2024
-
242 - [binary] kCTF Changes, LogMeIn, and wlan VFS BugsWed, 14 Feb 2024
-
241 - [bounty] The End of a DEFCON Era and Flipper Zero WoesTue, 13 Feb 2024
-
240 - [binary] The Syslog SpecialWed, 07 Feb 2024
-
239 - [bounty] Public Private Android Keys and Docker EscapesTue, 06 Feb 2024
-
238 - [binary] Busted ASLR, PixieFail, and Bypassing HVCIWed, 31 Jan 2024
-
237 - [bounty] Reborn Homograph Attacks and Ransacking PasswordsTue, 30 Jan 2024
-
236 - [binary] Bypassing Chromecast Secure-Boot and Exploiting FactorioWed, 17 Jan 2024
-
235 - [bounty] A GitLab Account Takeover and a Coldfusion RCETue, 16 Jan 2024
-
234 - [binary] Allocator MTE, libwebp, and Operation TriangulationWed, 10 Jan 2024
-
233 - [bounty] Spoofing Emails, PandoraFMS, and KeycloakTue, 09 Jan 2024
-
232 - [binary] RetSpill, A Safari Vuln, and Steam RCEFri, 22 Dec 2023
-
231 - [bounty] IOT Issues and DNS RebindingTue, 19 Dec 2023
-
230 - [binary] Samsung Baseband and GPU VulnsWed, 06 Dec 2023
-
229 - [bounty] Buggy Cookies and a macOS TCC BypassTue, 05 Dec 2023
-
228 - [binary] Hypervisor Bugs and a FAR-out iOS bugWed, 29 Nov 2023
-
227 - [bounty] Kubernetes Code Exec and There Is No SpoonTue, 28 Nov 2023
-
226 - [binary] A Heap of Linux BugsWed, 22 Nov 2023
-
225 - [bounty] Prompting for Secrets and Malicious ExtensionsTue, 21 Nov 2023
-
224 - [binary] A Bundle of Windows BugsWed, 15 Nov 2023
-
223 - [bounty] Usurping Mastodon and Broken Signature SchemesMon, 13 Nov 2023
-
222 - [binary] MTE Debuts, DNS Client Exploits, and iTLB MultihitWed, 08 Nov 2023
-
221 - [bounty] Attacking OAuth, Citrix, and some P2O DramaTue, 07 Nov 2023
-
220 - [binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFYTue, 24 Oct 2023
-
219 - [bounty] Rapid Reset, Attacking AWS Cognito, and Confluence BugsSun, 22 Oct 2023
-
218 - [binary] A Chrome RCE, WebP 0day, and glibc LPEWed, 11 Oct 2023
-
217 - [bounty] Insecure Firewalls, MyBB, and Winning with WinRARTue, 10 Oct 2023
-
216 - [binary] Busted Stack Protectors, MTE, and AI Powered FuzzingWed, 27 Sep 2023
-
215 - [bounty] DEF CON, HardwearIO, Broken Caching, and Dropping HeadersTue, 26 Sep 2023
-
214 - [binary] Exploiting VMware Workstation and the Return of CSG0-DaysThu, 25 May 2023
