kr00k, GhostCat, and more issues from NordVPN, Samsung, OpenSMTPd

Join Specter and zi at they discuss several named vulns (kr00k, Forgot2kEyXCHANGE, GhostCat), the benefits of DNS-over-HTTPS, and a a few vulns in some of our regular targets: Samsung drivers, NordVPN, OpenSMTPd.

• [00:01:13] Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen
  
• [00:06:13] Firefox continues push to bring DNS over HTTPS by default for US users
  
  • https://github.com/curl/curl/wiki/DNS-over-HTTPS
  
  
• [00:19:07] Securing Memory at EPYC Scale
  
• [00:26:30] How a Hacker's Mom Broke Into a Prison—and the Warden's Computer
  
• [00:29:12] kr00k | ESET
  
• [00:33:14] CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys
  
• [00:37:41] CVE-2020-1938: Ghostcat vulnerability
  
• [00:46:16] LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)
  
• [00:55:43] Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance
  
  • https://hackerone.com/reports/374737
  
  
• [01:00:30] x-request-id header reflected in server response without sanitization
  
• [01:05:54] Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection
  
  • https://hackerone.com/valve/hacktivity
  
  
• [01:12:56] Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition
  
• [01:14:59] Samsung Kernel Arbitrary /dev/vipx / /dev/vertex kfree
  
• [01:18:34] Samsung Kernel /dev/vipx Pointer Leak
  
• [01:22:21] HFL: Hybrid Fuzzing on the Linux Kernel – NDSS Symposium
  
• [01:30:32] Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors
  
• [01:38:27] Evasion techniques
  
• [01:39:31] Hacking Unicode Like a Boss
  
• [01:43:05] Pwning VMware, Part 2: ZDI-19-421, a UHCI bug | nafod
  
• [01:44:48] Intro to chrome's v8 from an exploit development angle
  

Watch Live on Twitch (@dayzerosec) at 3PM EST