
Pulling Gemini Secrets and Windows HVPT
From Day[0] by dayzerosec
April 16, 2025 · 1h 33m · Season 1 · Episode 280
About this episode
This episode discusses vulnerabilities in Gemini's Python sandbox, misuse of private iOS APIs by banks, and Windows' new HVPT technology.
A long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Windows new Hypervisor-enforced Paging Translation (HVPT). Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/280.html [00:00:00] Introduction [00:00:18] Doing the Due Diligence - Analyzing the Next.js Middleware Bypass [CVE-2025-29927] [00:29:20] We hacked Google’s A.I Gemini and leaked its source code (at least some part) [00:44:40] Improper Use of Private iOS APIs in some Vietnamese Banking Apps [00:55:03] Protecting linear address translations with Hypervisor-enforced Paging Translation (HVPT) [01:06:57] Code reuse in the age of kCET and HVCI [01:13:02] GhidraMCP: LLM Assisted RE [01:31:45] Emulating iOS 14 with qemu Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can…
Topics covered
- cybersecurity
- vulnerability analysis
- iOS APIs
- banking security
- hypervisor technology
- AI security
Keywords
- Gemini
- iOS
- HVPT
- Next.js
- CVE-2025-29927
- GhidraMCP
- qemu
- cybersecurity
- vulnerabilities
Mentioned in this episode
Organizations: Gemini, iOS, Google, Vietnamese Banking Apps
Products: Hypervisor-enforced Paging Translation (HVPT), Next.js, GhidraMCP, qemu
More episodes of Day[0]
- The Future · April 10, 2026 · 1h 20m
- Exploiting VS Code with Control Characters · May 12, 2025 · 30 min
- Mitigating Browser Hacking - Interview with John Carse (SquareX Field CISO) · April 22, 2025 · 1h 47m
- Session-ception and User Namespaces Strike Again · April 1, 2025 · 50 min
- Extracting YouTube Creator Emails and Spilling Azure Secrets · March 24, 2025 · 44 min
- ESP32 Backdoor Drama and SAML Auth Bypasses · March 17, 2025 · 1h 14m
Explore listener stats, chart rankings, contacts and more on the Day[0] podcast page.