all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

227 - Kubernetes Code Exec and There Is No Spoon [Bug Bounty Podcast]

Add to bookmarks
Nov. 28, 2023, 1 p.m. | DAY[0]

DAY[0] www.youtube.com

This week we've got a few relatively simple bugs to talk about along with a discussion about auditing and manually analysis for vulnerabilities.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/227.html

[00:00:00] Introduction
[00:00:23] Introducing the Microsoft Defender Bounty Program
[00:04:26] Tapping into a telecommunications company’s office cameras
[00:07:47] CrushFTP Critical Vulnerability CVE-2023-43177 Unauthenticated Remote Code Execution
[00:17:22] [Kubernetes] Ingress nginx annotation injection causes arbitrary command execution
[00:24:38] Testing for audits: there is no spoon

The DAY[0] …

analysis auditing bounty bug bug bounty bugs cameras code critical critical vulnerability crushftp cve defender introduction kubernetes microsoft microsoft defender microsoft defender bounty program office podcast program simple telecommunications there is no spoon unauthenticated vulnerabilities vulnerability week

Visit resource

More from www.youtube.com / DAY[0]

Memory Corruption: Best Tackled with Mitigations or Safe-Languages? [254] 1 day, 21 hours ago | www.youtube.com
amp cisa corruption evolution +11
253 - A Retrospective and Future Look Into DAY[0] 4 weeks, 1 day ago | www.youtube.com
air bounty change future +5
252 - Bypassing KASLR and a FortiGate RCE [Binary Exploitation Podcast] 1 month, 4 weeks ago | www.youtube.com
aslr binary binary exploitation bypass +23
251 - RCE'ing Mailspring and a .NET CRLF Injection [Bug Bounty Podcast] 1 month, 4 weeks ago | www.youtube.com
attack attack chain attacks bounty +16
Future of Exploit Development Follow-up (Episode 250) 2 months ago | www.youtube.com
corruption development exploit exploit development +9
249 - libXPC to Root and Digital Lockpicking [Bug Bounty Podcast] 2 months ago | www.youtube.com
android authentication authentication bypass bounty +22
248 - Binary Ninja Free and K-LEAK [Binary Exploitation Podcast] 2 months, 1 week ago | www.youtube.com
automated binary binary exploitation binary ninja +13
247 - Hacking Google AI and SAML [Bug Bounty Podcast] 2 months, 1 week ago | www.youtube.com
auth authentication authentication bypass automated +25
246 - Rust Memory Corruption??? [Binary Exploitation Podcast] 2 months, 2 weeks ago | www.youtube.com
access array binary binary exploitation +21

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Senior - Penetration Tester

@ Deloitte | Madrid, España
View on infosec-jobs.com

Associate Cyber Incident Responder

@ Highmark Health | PA, Working at Home - Pennsylvania
View on infosec-jobs.com

Senior Insider Threat Analyst

@ IT Concepts Inc. | Woodlawn, Maryland, United States
View on infosec-jobs.com