Skip to main content
Stealing Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability [Bug Bounty Podcast]
Kicking off the week with some discussion about DOJ's policy change before getting into some vulnerabilities: "powerdir" a macOS TCC bypass, an integer overflow on the web, and another attack against HelloSign and their Google Drive integration Links and vulnerability summaries for this episode are available at: https://ift.tt/vhyRq86 [00:00:00] Introduction [00:02:12] DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security Researchers [00:11:02] macOS Vulnerability "powerdir" could lead to unauthorized user data access [00:17:17] Arbitrary POST request as victim user from HTML injection in Jupyter notebooks [00:21:44] [Glovo] Integer overflow vulnerability [00:25:11] Stealing Google Drive OAuth tokens from Dropbox [00:29:46] Privileged pod escalations in Kubernetes and GKE The DAY[0] Podcast episodes are streamed live on Twitch twice a week: - Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities - Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The audio-only version of the podcast is available on: -- Apple Podcasts: https://ift.tt/mi2lbDw -- Spotify: https://ift.tt/hJXq2FZ -- Google Podcasts: https://ift.tt/DnTE6sY -- Other audio platforms can be found at https://ift.tt/RosxbMg You can also join our discord: https://ift.tt/tD1UPc3 Or follow us on Twitter (@dayzerosec) to know when new releases are coming. #BugBounty #EthicalHacking #InfoSec #Podcast
For more hacking info and tutorials visit: https://ift.tt/yHfOCaN
Hello and welcome to the temple of cybersecurity. Now you are watching Stealing Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability [Bug Bounty Podcast] published at May 24, 2022 at 03:00PM. If you are looking for tutorials and all the news about the world of hacking and computer security, you have come to the right place. We invite you to subscribe to our newsletter in the box at the top and to follow us on our social networks:
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/5SmaP39rdM
Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news
Comments
Post a Comment