Getting into Vulnerability Research and a FUSE use-after-free [Binary Exploitation Podcast]


We are joined by Cts for a discussion about getting into vulnerability research and some thoughts about the higher-level bug hunting process, then a look at some black-box fuzzing of MS Defender for IoT and a FUSE use-after-free. Links and vulnerability summaries for this episode are available at: https://ift.tt/RGELFTC [00:00:00] Introduction [00:00:44] Spot the Vuln - What do I need? [00:03:11] Discussion: Getting into Vulnerability Research [00:39:43] Inside the Black Box - How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities [00:43:25] FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes [00:46:51] FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes The DAY[0] Podcast episodes are streamed live on Twitch twice a week: - Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities - Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The audio-only version of the podcast is available on: -- Apple Podcasts: https://ift.tt/eKMbZCY -- Spotify: https://ift.tt/ZKRwHNe -- Google Podcasts: https://ift.tt/zuWxe5b -- Other audio platforms can be found at https://ift.tt/Owba4R2 You can also join our discord: https://ift.tt/c2eoNIj Or follow us on Twitter (@dayzerosec) to know when new releases are coming. #ExploitDevelopment #BinaryExploitation #InfoSec #Podcast

For more hacking info and tutorials visit: https://ift.tt/EHjxuBq

Hello and welcome to the temple of cybersecurity. Now you are watching Getting into Vulnerability Research and a FUSE use-after-free [Binary Exploitation Podcast] published at April 27, 2022 at 07:00PM. If you are looking for tutorials and all the news about the world of hacking and computer security, you have come to the right place. We invite you to subscribe to our newsletter in the box at the top and to follow us on our social networks:

NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/5SmaP39rdM

We also invite you to visit the other blogs in our network, where you can find something for every taste.
https://elantroposofista.blogspot.com/
https://gamingspeedrun.blogspot.com/
https://skatemutante.blogspot.com/
https://budoyartesmarciales.blogspot.com/
https://elrinconparanormal.blogspot.com/
https://freaktvseries.blogspot.com/


Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news

Comments