Radio and PodcastLive Radio & PodcastsOpening Radio and Podcast...
Radio and PodcastLive Radio & PodcastsFetching podcast shows and categories...
Radio and PodcastLive Radio & PodcastsFetching podcast episodes...
![Day[0] cover](https://s3.ap-southeast-2.amazonaws.com/radioandpodcast.com/podcast_images/130240.jpg)
A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.
After 283 episodes, this will be the final episode of the DAY[0] podcast. We started the podcast on a hopeful note in the days following Ghi...
A quick episode this week, which includes attacking VS Code with ASCII control characters, as well as a referrer leak and SCIM hunting. Link...
A special episode this week, featuring an interview with John Carse, Chief Information Security Officer (CISO) of SquareX. John speaks about...
A long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Window...
API hacking and bypassing Ubuntu's user namespace restrictions feature in this week's episode, as well as a bug in CimFS for Windows and rev...
This episode features some game exploitation in Neverwinter Nights, weaknesses in mobile implementation for PassKeys, and a bug that allows...
Discussion this week starts with the ESP32 "backdoor" drama that circled the media, with some XML-based vulnerabilities in the mix. Finally,...
A very technical episode this week, featuring some posts on hacking the xbox 360 hypervisor as well as AMD microcode hacking. Links and vuln...
This week's episode features a variety of vulnerabilities, including a warning on mixing up public and private keys in OpenID Connect deploy...
We discuss an 0day that was dropped on Parallels after 7 months of no fix from the vendor, as well as ZDI's troubles with responses to resea...
We cover a comical saga of vulnerabilities and variants from incomplete fixes in macOS, as well as a bypass of Chrome's miraclePtr mitigatio...
In this episode, we discuss the US government discloses how many 0ds were reported to vendors in a first-ever report. We also cover PortSwig...
On the web side, we cover a portswigger post on ways of abusing unicode mishandling to bypass firewalls and a doyensec guide to OAuth vulner...
Zero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a techniqu...
This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excav...
Specter and zi discuss their winter break, cover some interesting CCC talks, and discuss the summary judgement in the WhatsApp vs. NSO Group...
In our last episode of 2024, we delve into some operating system bugs in both Windows and Linux, as well as some bugs that are not bugs but...
This week's episode contains some LLM hacking and attacks on classifiers, as well as the renewal of DMA attacks with SD Express and the ever...
A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypas...
Linux userspace is still a mess and has some bad bugs in root utilities, and Vaultwarden has an interesting auth bypass attack. Links and vu...
This week, we dive into some changes to V8CTF, the FortiJump Higher bug in Fortinet's FortiManager, as well as some coverage instrumentation...
Methodology is the theme of this week's episode. We cover posts about static analysis via CodeQL, as well as a novel blackbox binary queryin...
In this week's episode, we talk a little bit about LLMs and how they can be used with static analysis. We also cover GitHub Security Blog's...
In this week's episode, Specter recaps his experiences at Hardwear.IO and a PS5 hypervisor exploit chain presented there. We also cover some...
In this week's episode, we cover the fiasco of a vulnerability in Zendesk that could allow intrusion into multiple fortune 500 companies. We...
In our summer recap, we discuss Phrack's latest issue and talks from the new Off-by-One conference. We also cover some interesting bugs, suc...
In this week's episode, we cover an attack utilizing HSTS for exploiting Android WebViews and abusing YouTube embeds in Google Slides for cl...
In this week's episode, we discuss Microsoft's summit with vendors on their intention to lock down the Windows kernel from endpoint security...
We are back and testing out a new episode format focusing more on discussion than summaries. We start talking a bit about the value of learn...
Memory corruption is a difficult problem to solve, but many such as CISA are pushing for moves to memory safe languages. How viable is rewri...
Change is in the air for the DAY[0] podcast! In this episode, we go into some behind the scenes info on the history of the podcast, how it's...
Bit of a lighter episode this week with a Linux Kernel ASLR bypass and a clever exploit to RCE FortiGate SSL VPN. Links and vulnerability su...
In this week's bounty episode, an attack takes an XSS to RCE on Mailspring, a simple MFA bypass is covered, and a .NET CRLF injection is det...
In the 250th episode, we have a follow-up discussion to our "Future of Exploit Development" video from 2020. Memory safety and the impacts o...
In this episode we have an libXPC root privilege escalation, a run-as debuggability check bypass in Android, and digital lockpicking on smar...
In this week's binary episode, Binary Ninja Free releases along with Binja 4.0, automated infoleak exploit generation for the Linux kernel i...
A shorter episode this week, featuring some vulnerabilities impacting Google's AI and a SAML auth bypass. Links and vulnerability summaries...
VirtualBox has a very buggy driver, PostgreSQL has an Out of Bounds Access, and lifetime issues are demonstrated in Rust in "safe" code. Lin...
This week's episode features a cache deception issue, Joomla inherits a PHP bug, and a DOM clobbering exploit. Also covered is a race condit...
Linux becomes a CNA and takes a stance on managing CVEs for themselves, and underutilized fuzzing strategies are discussed. Links and vulner...
In this bounty episode, some straightforward bugs were disclosed in GhostCMS and ClamAV, and Portswigger publishes their top 10 list of web...
Google makes some changes to their kCTF competition, and a few kernel bugs shake out of the LogMeIn and wlan VFS drivers. Links and vulnerab...
DEF CON moves venues, the Canadian government moves to ban Flipper Zero, and some XSS issues affect Microsoft Whiteboard and Meta's Excalidr...
Libfuzzer goes into maintenance-only mode and syslog vulnerabilities plague some vendors in this week's episode. Links and vulnerability sum...
This week we have a crazy crypto fail where some Android devices had updates signed by publicly available private keys, as well as some Dock...
This week's binary episode features a range of topics from discussion on Pwn2Own's first automotive competition to an insane bug that broke...
A packed episode this week as we cover recent vulnerabilities from the last two weeks, including some IDORs, auth bypasses, and a HackerOne...
A bit of a game special this week, with a Counter-Strike: Global Offensive vulnerability and an exploit for Factorio. We also have a Linux k...
A short bounty episode featuring some logical bugs in Apache OFBiz, a GitLab Account Takeover, and an unauthenticated RCE in Adobe Coldfusio...
This week's highly technical episode has discussion around the exploitation of a libwebp vulnerability we covered previously, memory tagging...