[binary] SoCs with Holes, Crow HTTP Bugs, and Bypassing Intel CET
Day[0] - Een podcast door dayzerosec
Categorieën:
Starting off with meme vulnerabilities in UNISOC BootROMs, and ending with a discussion about bypassing CFI/Intel CET and some fun issues in-between. Links and summaries are available at https://dayzerosec.com/podcast/154.html [00:00:00] Introduction [00:00:24] Spot the Vuln - You Put Where Where?! [00:04:05] There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities [00:12:19] Crow HTTP framework use-after-free [00:17:51] Crowbleed (Crow HTTP framework vulnerability) [00:19:34] exploit for CVE-2022-2588 [00:23:24] Bypassing Intel CET with Counterfeit Objects [00:48:05] Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja [00:50:32] PS5 IPV6_2292PKTOPTIONS Use-After-Free