all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

189 - Compromising Azure, Password Verification Fails, and Readline Crime [Bug Bounty Podcast]

Add to bookmarks
Feb. 21, 2023, 9 p.m. | DAY[0]

DAY[0] www.youtube.com

A variety episode this week with some bad cryptography in PHP and Azure, information disclosure in suid binaries, request smuggling in HAProxy, and some research on testing for server-side prototype pollution.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/189.html

[00:00:00] Introduction
[00:00:22] PHP :: Sec Bug #81744 :: Password_verify() always return true with some hash
[00:11:25] Readline crime: exploiting a SUID logic bug
[00:18:05] Azure B2C Crypto Misuse and Account Compromise
[00:24:32] BUG/CRITICAL: http: properly reject empty …

account account compromise azure b2c bad bounty bug bug bounty compromise crime critical crypto cryptography disclosure exploiting haproxy hash http information information disclosure introduction logic password php podcast prototype request request smuggling research return sec server smuggling testing verification

Visit resource

More from www.youtube.com / DAY[0]

Memory Corruption: Best Tackled with Mitigations or Safe-Languages? [254] 4 days ago | www.youtube.com
amp cisa corruption evolution +11
253 - A Retrospective and Future Look Into DAY[0] 1 month ago | www.youtube.com
air bounty change future +5
252 - Bypassing KASLR and a FortiGate RCE [Binary Exploitation Podcast] 2 months ago | www.youtube.com
aslr binary binary exploitation bypass +23
251 - RCE'ing Mailspring and a .NET CRLF Injection [Bug Bounty Podcast] 2 months ago | www.youtube.com
attack attack chain attacks bounty +16
Future of Exploit Development Follow-up (Episode 250) 2 months, 1 week ago | www.youtube.com
corruption development exploit exploit development +9
249 - libXPC to Root and Digital Lockpicking [Bug Bounty Podcast] 2 months, 1 week ago | www.youtube.com
android authentication authentication bypass bounty +22
248 - Binary Ninja Free and K-LEAK [Binary Exploitation Podcast] 2 months, 2 weeks ago | www.youtube.com
automated binary binary exploitation binary ninja +13
247 - Hacking Google AI and SAML [Bug Bounty Podcast] 2 months, 2 weeks ago | www.youtube.com
auth authentication authentication bypass automated +25
246 - Rust Memory Corruption??? [Binary Exploitation Podcast] 2 months, 3 weeks ago | www.youtube.com
access array binary binary exploitation +21

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Vulnerability Research and Reverse Engineer (Onsite)

@ SNC-Lavalin | FL711: Raytheon SI Gov Dixie Hwy 3520 Dixie Highway NE , Palm Bay, FL, 32905 USA
View on infosec-jobs.com

Principal Consultant, Offensive Security

@ Kroll | CDMX, Mexico
View on infosec-jobs.com