[bounty] Buggy Cookies and a macOS TCC Bypass

This week brings up a pretty solid variety of issues. Starting off with some cookie smuggling (and other cookie attacks) which presents some interesting research I hadn't really looked for before that has some potential. Then an AI alignment evasion to leak training data. Not the most interesting attack but it appears to open up some other ideas for further research. A MacOS desktop issue (for a $30k bounty), and some home assistant issues. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/229.html [00:00:00] Introduction [00:00:25] Humble Tech Book Bundle: Hacking 2023 by No Starch [00:06:58] Cookie Bugs - Smuggling & Injection [00:17:21] Extracting Training Data from ChatGPT [00:32:22] lateralus (CVE-2023-32407) - a macOS TCC bypass [00:37:35] Securing our home labs: Home Assistant code review [00:45:16] TRAP; RESET; POISON; - Taking over a country Kaminsky style [00:47:04] Exploiting XPath Injection Weaknesses [00:47:42] Deep dive into the new Amazon EKS Pod Identity feature The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9