all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

161 - XMPP Stanza Smuggling in Jabber and a Cobalt Strike RCE [Bug Bounty Podcast]

Add to bookmarks
Oct. 25, 2022, 9 p.m. | DAY[0]

DAY[0] www.youtube.com

Several fun issues this week, from a Cobalt Strike RCE, a couple auth bypasses, and stanza smuggling in Jabber.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/161.html

[00:00:00] Introduction
[00:00:28] Sophos Firewall User Portal and Web Admin Code Injection [CVE-2022-3236]
[00:07:05] [Cisco Jabber] XMPP Stanza Smuggling with stream:stream tag
[00:14:52] Authentication Bypass & File Upload & Arbitrary File Overwrite
[00:25:31] Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
[00:33:38] HTTP/3 connection contamination: an …

bounty bug bug bounty cobalt cobalt strike jabber podcast rce smuggling strike xmpp

Visit resource

More from www.youtube.com / DAY[0]

253 - A Retrospective and Future Look Into DAY[0] 16 hours ago | www.youtube.com
air bounty change future +5
252 - Bypassing KASLR and a FortiGate RCE [Binary Exploitation Podcast] 4 weeks, 2 days ago | www.youtube.com
aslr binary binary exploitation bypass +23
251 - RCE'ing Mailspring and a .NET CRLF Injection [Bug Bounty Podcast] 1 month ago | www.youtube.com
attack attack chain attacks bounty +16
Future of Exploit Development Follow-up (Episode 250) 1 month ago | www.youtube.com
corruption development exploit exploit development +9
249 - libXPC to Root and Digital Lockpicking [Bug Bounty Podcast] 1 month, 1 week ago | www.youtube.com
android authentication authentication bypass bounty +22
248 - Binary Ninja Free and K-LEAK [Binary Exploitation Podcast] 1 month, 1 week ago | www.youtube.com
automated binary binary exploitation binary ninja +13
247 - Hacking Google AI and SAML [Bug Bounty Podcast] 1 month, 2 weeks ago | www.youtube.com
auth authentication authentication bypass automated +25
246 - Rust Memory Corruption??? [Binary Exploitation Podcast] 1 month, 3 weeks ago | www.youtube.com
access array binary binary exploitation +21
245 - A PHP and Joomla Bug and some DOM Clobbering [Bug Bounty Podcast] 1 month, 3 weeks ago | www.youtube.com
api bounty bug bug bounty +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Junior Cybersecurity Triage Analyst

@ Peraton | Linthicum, MD, United States
View on infosec-jobs.com

Associate Director, Operations Compliance and Investigations Management

@ Legend Biotech | Raritan, New Jersey, United States
View on infosec-jobs.com

Analyst, Cyber Operations Engineer

@ BlackRock | SN6-Singapore - 20 Anson Road
View on infosec-jobs.com

Working Student/Intern/Thesis: Hardware based Cybersecurity Training (m/f/d)

@ AVL | Regensburg, DE
View on infosec-jobs.com
View more jobs