Tweetovi

Blokirali ste korisnika/cu @0vercl0k

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @0vercl0k

  1. Prikvačeni tweet
    6. pro 2019.

    Here is an exploit chain I wrote for Firefox that gets RCE via CVE-2019-9810 and escape the sandbox with CVE-2019-11708/CVE-2019-9810. Once compromised, it drops a payload and injects privileged JS code in already/newly created tabs.

    Poništi
  2. 31. sij

    Yearly reminder that by is awesome sauce 👌

    Poništi
  3. proslijedio/la je Tweet
    22. sij

    ISC-DHCP 4.4.2 released today which fixes ~30 reference count leaks I found whilst looking for variants of CVE-2018-5733. Good bug type for static analysis - I used to look for inter-function paths that could return instead of releasing references

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    20. sij

    Been waiting to announce: I'll be presenting "Forget the Sandbox Escape: Abusing Browsers from Code Execution" at this year's BluehatIL This talk will look at what attacks you can pull off in browsers without needing a sandbox escape I will also be demoing a POC of persistence

    Poništi
  5. proslijedio/la je Tweet
    10. sij

    Recent Firefox zero-day (used in targeted attacks in the wild) (CVE-2019-17026) mercurial changeset fix:

    Poništi
  6. proslijedio/la je Tweet
    9. sij

    My team is once more hiring vulnerability researchers for our Redmond WA office. This is for low-level OS/platform security research work on Windows and Azure. More details on what we do at . Apply directly at or DM me if interested!

    Poništi
  7. proslijedio/la je Tweet
    7. sij

    Full analysis and exploit for Windows kernel ws2ifsl use-after-free (CVE-2019-1215) by our researcher

    Poništi
  8. proslijedio/la je Tweet
    6. sij

    Old stuff, new blogpost: Breaking PHP mt_rand() with math

    Poništi
  9. proslijedio/la je Tweet
    4. sij

    I've just released ccrawl (). Its a -based tool that allows to collect and query various properties of C/C++ data structures, and to translate them for example to ctypes (including on C++ class instances.)

    Poništi
  10. 3. sij

    Here is an exploit for LPE CVE-2019-1184 in case anybody else is interested in this cool bug:

    Poništi
  11. proslijedio/la je Tweet
    2. sij

    Starting 2020 with a major website update @ and 3 new pwn challenges from & ! Enjoy!

    Poništi
  12. proslijedio/la je Tweet
    13. pro 2019.
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    13. pro 2019.

    libFuzzer fuzzing SQLite in the browser using WebAssembly:

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    12. pro 2019.

    The video from my talk on structure-aware fuzzing at Black Hat was posted: I mostly cover libprotobuf-mutator but also discuss libFuzzer custom mutators.

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    12. pro 2019.

    New WinDbg Preview rolling out! Biggest addition - a new timelines window for visualizing when things like exceptions, memory accesses, breakpoints, and function calls occur in your trace. Also quick at-a-glance tooltips for each event just by hovering!

    Poništi
  16. proslijedio/la je Tweet
    12. pro 2019.

    You can now install Miasm using "pip install miasm" ! See

    Poništi
  17. proslijedio/la je Tweet
    10. pro 2019.

    Project Zero blog: "SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4" by Ned Williamson () --

    Poništi
  18. proslijedio/la je Tweet
    9. pro 2019.

    We open sourced PathAuditor: a tool for Linux that and I worked on this summer. Tl;dr: you can use it to instrument root daemons and find insecure file access patterns like CVE-2019-3461. Check out the code: Blog post:

    Poništi
  19. proslijedio/la je Tweet
    9. pro 2019.

    Hey there, I'm currently looking for a new Senior or role! Preferably in Edinburgh, or UK Remote. If you're currently looking for new people, or know someone looking I'd love to hear from you :) Some details in this thread👇

    Prikaži ovu nit
    Poništi
  20. 8. pro 2019.

    Sounds like the Terminal app finally ships with split panes and default keybindings (alt+shift+- / alt+shift++) 👌

    Poništi
  21. proslijedio/la je Tweet
    7. pro 2019.

    The scathing absence of Python 3 support in libptrace has been resolved as of now with the release of 1.0-rc2 Time to rest. I'm convinced that dealing with NSIS scripting past midnight would mortify even the hardiest of Flagellants.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·