199 - Bypassing CloudTrail and Tricking GPTs [Bug Bounty Podcast]

We are back with more discussion about applying AI/ChatGPT to security research, but before that we have a few interesting vulnerabilities. An OTP implementation that is too complex for its own good, a directory traversal leading to a guest to host VM escape, and server-side mime-sniffing.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/199.html

[00:00:00] Introduction
[00:00:31] Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
[00:07:45] Story of a Beautiful Account Takeover
[00:14:06] Parallels Desktop …

account account takeover aws back bounty bug bug bounty bypassing catalog chatgpt cloudtrail desktop directory directory traversal escape exploit golang host introduction logging mime otp own parallels podcast research security security research server service sniffing story takeover tool vm escape vulnerabilities vulnerability