all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

239 - Public Private Android Keys and Docker Escapes [Bug Bounty Podcast]

Add to bookmarks
Feb. 6, 2024, noon | DAY[0]

DAY[0] www.youtube.com

This week we have a crazy crypto fail where some Android devices had updates signed by publicly available private keys, as well as some Docker container escapes.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/239.html

[00:00:00] Introduction
[00:00:22] Missing signs: how several brands forgot to secure a key piece of Android
[00:13:37] ModSecurity: Path Confusion and really easy bypass on v2 and v3
[00:21:24] runc process.cwd & leaked fds container breakout [CVE-2024-21626]
[00:24:23] Buildkit GRPC SecurityMode Privilege …

android android devices bounty bug bug bounty container crypto devices docker fail introduction key keys missing modsecurity path piece podcast private private keys public updates week

Visit resource

More from www.youtube.com / DAY[0]

Memory Corruption: Best Tackled with Mitigations or Safe-Languages? [254] 1 day, 17 hours ago | www.youtube.com
amp cisa corruption evolution +11
253 - A Retrospective and Future Look Into DAY[0] 4 weeks, 1 day ago | www.youtube.com
air bounty change future +5
252 - Bypassing KASLR and a FortiGate RCE [Binary Exploitation Podcast] 1 month, 4 weeks ago | www.youtube.com
aslr binary binary exploitation bypass +23
251 - RCE'ing Mailspring and a .NET CRLF Injection [Bug Bounty Podcast] 1 month, 4 weeks ago | www.youtube.com
attack attack chain attacks bounty +16
Future of Exploit Development Follow-up (Episode 250) 2 months ago | www.youtube.com
corruption development exploit exploit development +9
249 - libXPC to Root and Digital Lockpicking [Bug Bounty Podcast] 2 months ago | www.youtube.com
android authentication authentication bypass bounty +22
248 - Binary Ninja Free and K-LEAK [Binary Exploitation Podcast] 2 months, 1 week ago | www.youtube.com
automated binary binary exploitation binary ninja +13
247 - Hacking Google AI and SAML [Bug Bounty Podcast] 2 months, 1 week ago | www.youtube.com
auth authentication authentication bypass automated +25
246 - Rust Memory Corruption??? [Binary Exploitation Podcast] 2 months, 2 weeks ago | www.youtube.com
access array binary binary exploitation +21

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India
View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190
View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal
View on infosec-jobs.com