Group 4 Created with Sketch.
Episode 21 of 26

Rust in the Web? A Special Guest and some Bad Crypto [Bounty Hunting]

Share
station description A weekly podcast for bounty hunters, exploit developers or anyone interesting in th... read more
Day[0] - Zero Days for Day Zero
Duration: 01:21:04
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/rust-in-the-web-a-special-guest-and-some-bad-crypto.html
We are joined by Bastian Gruber to start the episode with a discussion about Rust. Then we'll dive into a few interesting vulnerabilities this
Snippets are a new way to share audio!
You can clip a small part of any file to share, add to playlist, and transcribe automatically. Just click the to create your snippet!
Snippets: Clips of Rust in the Web? A Special Guest and some Bad Crypto [Bounty Hunting] that people like
There are currently no snippets from Rust in the Web? A Special Guest and some Bad Crypto [Bounty Hunting].
Snippets are an easy way to highlight your favorite soundbite from any piece of audio and share with friends, or make a trailer for Day[0] - Zero Days for Day Zero
Playlists that Rust in the Web? A Special Guest and some Bad Crypto [Bounty Hunting] appears on.
There are currently no playlists containing this audio.
Add this audio track to one of your playlists
Add to Playlist
Up Next
Full Description
Back to Top
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/rust-in-the-web-a-special-guest-and-some-bad-crypto.html
We are joined by Bastian Gruber to start the episode with a discussion about Rust. Then we'll dive into a few interesting vulnerabilities this week including yet another ECDSA implementation issue and some header smuggling research.
[00:00:40] Rust Discussion with Bastian Gruber (Use the code poddayzero21 for 35% off Manning books)
[00:46:29] Arbitrary Signature Forgery in Stark Bank ECDSA Libraries [CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571]
[01:02:37] Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over
[01:06:52] Private Blog Content Disclosed in Atom Feed
[01:08:29] Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
[01:17:01] IDOR through MongoDB Object IDs Prediction
[01:18:45] History of Cross-Site History Leaking
The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week:

Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.

The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Or follow us on Twitter (@dayzerosec) to know when new releases are coming.
Up Next
Add to playlist
New playlist

Embed

COPY
Embed Options
Create Playlist
Select the Station you want to upload this audio to
Station
0 / 140
0 / 2000
Playlist Icon Image:
(.jpg, .png, min size 500x500px)
Privacy
Subscribers
Your
voice
matters.
Discover & Listen to the world’s largest free collection of audio
Password reset

Enter your email address that you used to register. We'll send you an email with your username and a link to reset your password.



If you still need help, contact Vurbl Support
Password reset sent

You have been sent instructions on resetting you password to the email associated with your account. Please check your email and signing in again.


Back to Sign In
If you still need help, contact Vurbl Support
Your
voice
matters.
Discover & Listen to the world’s largest free collection of audio
Reset password

Please enter your new password below.



If you still need help, contact Vurbl Support
Your voice matters.
Discover & Listen to the world’s largest free collection of audio
Verify Email

Enter your email address that you used to register. We'll send you an email with a link to verify your email.



Cancel
Delete Profile
Are you sure? We will miss you :'(
Delete
Delete Audio
Are you sure?
Delete
Delete Playlist
Are you sure you want to delete this playlist?
Delete
Notifications
You must be signed in to view
your notifications. Please sign in
Edit Snippet
0 / 140
0 / 140

Tag a Station

Type station name to add additional tags
*Station owners will be notified when you tag them
Open this link in the Vurbl Mobile App for the full Vurbl experience.
Open in Vurbl mobile app
Continue to Vurbl website