Episode #2022-04

Posted on
github qbot safari uxss websockets zero-trust

Github presented how they built static analysis at scale. 1

Safari has a universal XSS that allows attacker to gain unauthorized camera access. 2

DFIR-report presented a detail analysis about QBot. 3

Maya Kaczorowski talked about the practical challenge of BeyondCorp. 4

Germano Gabbianelli discussed the attacks on WebSockets and how Server-Sent Events can be used as an alternative. 5


Footnotes
1. Static Analysis at GitHub | February 2022 | Communications of the ACM (cacm.acm.org)
2. Webcam Hacking (again) - Safari UXSS | Ryan Pickren (www.ryanpickren.com)

See also:

3. Qbot Likes to Move It, Move It (thedfirreport.com)

See also:

4. BeyondCorp is dead, long live BeyondCorp (mayakaczorowski.com)

See also:

5. Server-Sent Events: the alternative to WebSockets you should be using - germano.dev (germano.dev)

See also: