Feb. 7, 2024, noon | DAY[0]

DAY[0] www.youtube.com

Libfuzzer goes into maintenance-only mode and syslog vulnerabilities plague some vendors in this week's episode.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/240.html

[00:00:00] Introduction
[00:00:20] LibFuzzer in Maintainence-only Mode
[00:11:41] Heap-based buffer overflow in the glibc's syslog() [CVE-2023-6246]
[00:26:33] Hunting for ~~Un~~authenticated n-days in Asus Routers
[00:34:44] Inside the LogoFAIL PoC: From Integer Overflow to Arbitrary Code Execution
[00:35:51] Chaos Communication Congress (37C3) recap
[00:36:51] GitHub - google/oss-fuzz-gen: LLM powered fuzzing via OSS-Fuzz.

The DAY[0] Podcast …

arbitrary code arbitrary code execution asus asus routers binary binary exploitation buffer buffer overflow code code execution cve cve-2023-6246 exploitation glibc goes hunting integer integer overflow introduction logofail maintenance mode overflow poc podcast routers special syslog vendors vulnerabilities week

Privacy Engineer

@ Snap Inc. | Santa Monica - 2850 Ocean Park Blvd

Senior Security Researcher - Security Automation (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

Information Systems Security Engineer (ISSE)

@ Interclypse | Annapolis Junction, MD, US

Information Systems Security Officer (ISSO)

@ Interclypse | Annapolis Junction, MD, US

Systems Security Engineer (Hybrid)

@ RTX | FL410: Largo FL MFG 7887 Bryan Dairy Road , Largo, FL, 33777 USA

Principal Cyber Security Engineer (Onsite)

@ RTX | HIA33: Cedar Rapids, IA (Intertrade) 400 Collins Road NE MS 153-220, Cedar Rapids, IA, 52411-6636 USA