![Day[0]](https://is1-ssl.mzstatic.com/image/thumb/Podcasts125/v4/a6/69/69/a6696919-3987-fbc0-8e0c-1ba0e1349a2b/mza_6631746544165345331.jpg/600x600bb.jpg)
Publishing Details
Contact & Outreach
About This Podcast
Explore Statistics
Recent Episodes
The Future
After 283 episodes, this will be the final episode of the DAY[0] podcast.We started the podcast on a hopeful note in the days following Ghidra's release. Now, to end it off we've got another…
S1E282 Exploiting VS Code with Control Characters
A quick episode this week, which includes attacking VS Code with ASCII control characters, as well as a referrer leak and SCIM hunting.Links and vulnerability summaries for this episode are available…
S1E281 Mitigating Browser Hacking - Interview with John Carse (SquareX Field CISO)
A special episode this week, featuring an interview with John Carse, Chief Information Security Officer (CISO) of SquareX. John speaks about his background in the security industry, grants insight…
S1E280 Pulling Gemini Secrets and Windows HVPT
A long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Windows new Hypervisor-enforced Paging Translation (HVPT).Links…
S1E279 Session-ception and User Namespaces Strike Again
API hacking and bypassing Ubuntu's user namespace restrictions feature in this week's episode, as well as a bug in CimFS for Windows and revisiting the infamous NSO group WebP bug.Links and…
S1E278 Extracting YouTube Creator Emails and Spilling Azure Secrets
This episode features some game exploitation in Neverwinter Nights, weaknesses in mobile implementation for PassKeys, and a bug that allows disclosure of the email addresses of YouTube creators. We…
S1E277 ESP32 Backdoor Drama and SAML Auth Bypasses
Discussion this week starts with the ESP32 "backdoor" drama that circled the media, with some XML-based vulnerabilities in the mix. Finally, we cap off with a post on reviving modprobe_path for Linux…
S1E276 Exploiting Xbox 360 Hypervisor and Microcode Hacking
A very technical episode this week, featuring some posts on hacking the xbox 360 hypervisor as well as AMD microcode hacking.Links and vulnerability summaries for this episode are available at:…
S1E275 Path Confusion and Mixing Public/Private Keys
This week's episode features a variety of vulnerabilities, including a warning on mixing up public and private keys in OpenID Connect deployments, as well as path confusion with an nginx+apache…
S1E274 ZDI's Triaging Troubles and LibreOffice Exploits
We discuss an 0day that was dropped on Parallels after 7 months of no fix from the vendor, as well as ZDI's troubles with responses to researchers and reproducing bugs. Also included are a bunch of…
S1E273 Recycling Exploits in MacOS and Pirating Audiobooks
We cover a comical saga of vulnerabilities and variants from incomplete fixes in macOS, as well as a bypass of Chrome's miraclePtr mitigation against Use-After-Frees (UAFs). We also discuss an attack…
S1E272 Top 10 Web Hacking Techniques and Windows Shadow Stacks
In this episode, we discuss the US government discloses how many 0ds were reported to vendors in a first-ever report. We also cover PortSwigger's top 10 web hacking techniques of 2024, as well as a…
S1E271 Unicode Troubles, Bypassing CFG, and Racey Pointer Updates
On the web side, we cover a portswigger post on ways of abusing unicode mishandling to bypass firewalls and a doyensec guide to OAuth vulnerabilities. We also get into a Windows exploit for a…
S1E270 Deanonymization with CloudFlare and Subaru's Security Woes
Zero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a technique leverages CloudFlare to deanonymize users on messaging…
S1E269 Excavating Exploits and PHP Footguns
This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excavating an exploit strategy from crash logs of an In-The-Wild…
S1E268 WhatsApp vs. NSO and CCC Talks
Specter and zi discuss their winter break, cover some interesting CCC talks, and discuss the summary judgement in the WhatsApp vs. NSO Group case. Links and vulnerability summaries for this episode…
S1E267 Buggy Operating Systems Are Coming to Town
In our last episode of 2024, we delve into some operating system bugs in both Windows and Linux, as well as some bugs that are not bugs but rather AI slop. Links and vulnerability summaries for this…
S1E266 Machine Learning Attacks and Tricky Null Bytes
This week's episode contains some LLM hacking and attacks on classifiers, as well as the renewal of DMA attacks with SD Express and the everlasting problems of null bytes. Links and vulnerability…
S1E265 A Windows Keyhole and Buggy OAuth
A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypass. Links and vulnerability summaries for this episode are…
S1E264 Linux Is Still a Mess and Vaultwarden Auth Issues
Linux userspace is still a mess and has some bad bugs in root utilities, and Vaultwarden has an interesting auth bypass attack. Links and vulnerability summaries for this episode are available at:…
Frequently Asked Questions
Day[0] has published 283 episodes since March 2019, covering topics in Technology.
Day[0] is currently sporadic with new episodes weekly. Average episode length is 1h 4m.
Sign up on Grep.FM to access contact details for Day[0], including email and social media links.
