ESP32 Backdoor Drama and SAML Auth Bypasses

ESP32 Backdoor Drama and SAML Auth Bypasses

From Day[0] by dayzerosec

March 17, 2025 · 1h 14m · Season 1 · Episode 277

About this episode

The episode discusses the ESP32 backdoor controversy, SAML authentication bypass techniques, and various vulnerabilities related to Linux and PHP.

Discussion this week starts with the ESP32 "backdoor" drama that circled the media, with some XML-based vulnerabilities in the mix. Finally, we cap off with a post on reviving modprobe_path for Linux exploitation, and some discussion around an attack chain against China that was attributed to the NSA. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/277.html [00:00:00] Introduction [00:00:25] The ESP32 "backdoor" that wasn't [00:14:26] Speedrunners are vulnerability researchers [00:27:58] Sign in as anyone: Bypassing SAML SSO authentication with parser differentials [00:38:47] Impossible XXE in PHP [00:52:41] Reviving the modprobe_path Technique: Overcoming search_binary_handler() Patch [01:04:15] Trigon: developing a deterministic kernel exploit for iOS [01:06:43] An inside look at NSA (Equation Group) TTPs from China’s lense Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts…

Topics covered

  • ESP32 backdoor
  • SAML authentication bypass
  • Linux exploitation
  • NSA attack chain
  • XML vulnerabilities
  • modprobe_path technique

Keywords

  • ESP32
  • backdoor
  • SAML
  • authentication
  • Linux
  • exploitation
  • NSA
  • vulnerabilities
  • XML
  • PHP

Mentioned in this episode

Organizations: NSA, Equation Group

Products: ESP32

Places: China, Linux, PHP

More episodes of Day[0]

Explore listener stats, chart rankings, contacts and more on the Day[0] podcast page.