1
00:00:00,00 --> 00:00:03,000
This year pwn2own will be exciting with all 
these 0-days

2
00:00:05,100 --> 00:00:07,800
What they are saying?

3
00:00:07,900 --> 00:00:11,800
They say you will pwn Netgear WAN-side

4
00:00:11,900 --> 00:00:15,600
I have two stack bof but won't be using them

5
00:00:16,000 --> 00:00:18,200
Why? No canary, it's all good!

6
00:00:18,300 --> 00:00:20,700
The router downloads the file from https

7
00:00:20,800 --> 00:00:25,600
and we can't MiTM SSL communication, ya know?

8
00:00:25,700 --> 00:00:30,500
I didn't wanted to look at crypto

9
00:00:30,600 --> 00:00:36,300
that's sad because those stack bof are pure 
gold

10
00:00:36,900 --> 00:00:38,200
they use curl -k for download

11
00:00:38,300 --> 00:00:39,200
what?

12
00:00:39,300 --> 00:00:41,100
curl -k, no certificate check!

13
00:00:41,200 --> 00:00:41,500
no way!!??

14
00:00:41,600 --> 00:00:43,600
No certificate check???!!!

15
00:00:43,700 --> 00:00:48,500
they use system("curl -k https://...")