I co-host with Specter (and sometimes Anti, a friend who works in threat intelligence) and we both do vulnerability research and exploit development. Neither of us are world-renown security experts or anything but we do get our hands dirty at a technical level, a perspective we think has been missing in other security podcasts. Specter's best known for his work in the PS4 scene, whereas I've been quietly working in appsec doing manual security assessments for most of the last decade, and was a magician turned developer before that.
I'd be the first to admit that there are some individuals where who on HN that have forgotten more about this than I've ever known. None-the-less we thought there would be some interest at least within our little niche in hearing the thoughts and discussion from a couple of guys who are in the weeds of exploit dev. We make mistakes and are open to being corrected.
Most episodes have three rough sections, we start off talking about news and some soft-topics. This week, a bit about a ransomware campaign, a "$500k" Zoom vuln and Binary Ninja's new decompiler/HLIL. Then we move into talking about exploits released or detailed in the past week, this week included some stupid issues like an OTP disclosure ("the request which sends the OTP also returns the OTP in the network response"), and some lower-level privilege escalations impacting Linux, Windows, and Solaris (whodo/w buffer overflow).
Ending with some research, often fuzzing or exploit mitigation related but really on a whole we just talk about things we find interesting.
We are available on all the major podcast platforms if you search for dayzerosec, but we also stream it live on Twitch (@dayzerosec), Mondays starting at 3 pm Eastern and take questions from the chat as we go.
I'd love feedback on all levels from content to distribution and quality issues.