Breaking Lock Screens & The Great Vbox Escape

Several lockscreen-related vulnerabilities this week, a cross-site leak,  and the hijacking of all .cd domains.   One important thing to mention about this weeks episode that was  neglected during the discussion is that the BitLocker Lockscreen Bypass  is a lockscreen bypass. It does not necessarily provide access to data  Bitlocker protects. If Bitlocker is being run in "transparent operation  mode" where the ability to login is all that is necessary to decrypt  data, then this vulnerability can grant access to encrypted data. [00:00:00] Introduction https://dayzerosec.com/ [00:00:59] Slayer Labs https://slayerlabs.com/ [00:12:03] BugTraq Shutdown https://seclists.org/bugtraq/2021/Jan/0 [00:17:22] Data Security on Mobile Devices https://securephones.io/ [00:27:08] Running a fake power plant on the internet for a month https://grimminck.medium.com/running-a-fake-power-plant-on-the-internet-for-a-month-4a624f685aaa [00:33:43] BitLocker Lockscreen bypass https://secret.club/2021/01/15/bitlocker-bypass.html [00:39:30] [Linux Mint] Screensaver lock by-pass via the virtual keyboard https://github.com/linuxmint/cinnamon-screensaver/issues/354 [00:43:02] [NextCloud] Bypassing Passcode/Device credentials https://hackerone.com/reports/747726 [00:51:02] How I hijacked the top-level domain of a sovereign state https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/ [01:00:28] Laravel <= v8.4.2 debug mode: Remote code execution https://www.ambionics.io/blog/laravel-debug-rce [01:05:47] Leaking silhouettes of cross-origin images https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/ [01:10:36] Escaping VirtualBox 6.1: Part 1 https://secret.club/2021/01/14/vbox-escape.html [01:17:15] Hunting for Bugs in Windows Mini-Filter Drivers https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html [01:18:33] Project Zero: Introducing the In-the-Wild Series https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Om Podcasten

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.