Extracting YouTube Creator Emails and Spilling Azure Secrets

Extracting YouTube Creator Emails and Spilling Azure Secrets

From Day[0] by dayzerosec

March 24, 2025 · 44 min · Season 1 · Episode 278

About this episode

This episode discusses game exploitation, mobile security vulnerabilities, and weaknesses in Azure, including the disclosure of YouTube creator emails.

This episode features some game exploitation in Neverwinter Nights, weaknesses in mobile implementation for PassKeys, and a bug that allows disclosure of the email addresses of YouTube creators. We also cover some research on weaknesses in Azure. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/278.html [00:00:00] Introduction [00:00:35] Exploiting Neverwinter Nights [00:08:48] PassKey Account Takeover in All Mobile Browsers [CVE-2024-9956] [00:22:51] Disclosing YouTube Creator Emails for a $20k Bounty [00:31:58] Azure’s Weakest Link? How API Connections Spill Secrets [00:39:02] SAML roulette: the hacker always wins [00:40:56] Compromise of Fuse Encryption Key for Intel Security Fuses Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Topics covered

  • game exploitation
  • YouTube creator email disclosure
  • Azure weaknesses
  • mobile security
  • PassKey vulnerabilities

Keywords

  • Neverwinter Nights
  • YouTube
  • Azure
  • PassKeys
  • email disclosure
  • mobile implementation
  • CVE-2024-9956

Mentioned in this episode

Organizations: YouTube, Azure

Products: PassKeys

More episodes of Day[0]

Explore listener stats, chart rankings, contacts and more on the Day[0] podcast page.