didu

@0xdidu

Security Engineer at Google (opinions expressed here are my own). Reverse, Windows and Powershell fan. Traveler, hippie. she/her

Zürich / Paris
Vrijeme pridruživanja: srpanj 2014.

Tweetovi

Blokirali ste korisnika/cu @0xdidu

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @0xdidu

  1. Prikvačeni tweet
    19. pro 2019.

    Here is the material for my "Reverse Engineering Intel x86/x64 binaries 101" class (using IDA): Hoping to spread the RE fever :)

    Poništi
  2. proslijedio/la je Tweet
    30. sij

    Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy!

    Poništi
  3. proslijedio/la je Tweet
    25. sij

    Good whitepaper about windows 10 secure kernel: "Live forensics on the Windows 10 securekernel (2017)"

    Poništi
  4. proslijedio/la je Tweet
    26. sij
    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    27. sij

    Blackhoodie is back at Troopers 2020. Registration is open now. Check out the details and apply soon if you are interested.

    Poništi
  6. proslijedio/la je Tweet

    We updated the Security Servicing Criteria for Windows today clarifying a non-boundary (Hyper-V Administrator Group) & expanding the Administrator-to-Kernel non-boundary. We do this periodically in response to research trends; feedback is always welcome.

    Poništi
  7. proslijedio/la je Tweet
    20. sij

    The 7th part of the tutorial Hypervisor From Scratch is published! In this part, I described EPT. Thanks to Petr as Hypervisor From Scratch could never have existed without his help and to Alex for patiently answering my questions.

    Poništi
  8. proslijedio/la je Tweet
    16. sij

    After a lot of work and some crypto-related delays, I couldn't be more proud to publish 's and mine latest research - The complete overview of CET internals on Windows (so far!):

    Poništi
  9. proslijedio/la je Tweet
    15. sij

    Dernière ligne droite pour les soumissions, ouvertes jusqu'au 2 février. Le CFP: et les conseils:

    Poništi
  10. proslijedio/la je Tweet
    10. sij

    Old news, but just for fun - the fact that the XMMs registers aren't reset (by the calling convention) is quite useful for pwns in CTFs. And not only for controlled data or heap addresses, libc as well ;) (Highly depends on compilation flags and distributions, of course)

    Poništi
  11. proslijedio/la je Tweet
    7. sij

    For anyone interested in my presentation on Local RPC in .NET the HITB version is now up on YouTube.

    Poništi
  12. proslijedio/la je Tweet
    4. sij
    Poništi
  13. proslijedio/la je Tweet
    3. sij

    Here is an exploit for LPE CVE-2019-1184 in case anybody else is interested in this cool bug:

    Poništi
  14. proslijedio/la je Tweet
    27. pro 2019.
    Poništi
  15. proslijedio/la je Tweet
    25. pro 2019.

    Let's unearth my 'old' unpacking knowledge... IIRC the only doc I publicly made on the topic was Which doc/tool would you recommend checking nowadays?

    Poništi
  16. 19. pro 2019.

    Thank you all for the support :) :) :) I just shared the material

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    17. pro 2019.

    New blog post outlining how to use my .NET RPC Client tooling from PowerShell and C# to test and exploit local RPC security vulnerabilities. Also an early xmas present for those who enjoy long standing design flaws in UAC :-)

    Poništi
  18. proslijedio/la je Tweet
    17. pro 2019.

    Rappel: les soumissions sont ouvertes jusqu'au 2 février. Vous hésitez à soumettre pour la première fois ? Le comité de programme vous propose de vous aider (prolongation jusqu'au 10 janvier, mais le plus tôt le mieux) :

    Poništi
  19. proslijedio/la je Tweet
    14. pro 2019.

    I repropose my notes about x86, Linux and virtualization in a single text file (~2500 lines only) for my fellow students in Sapienza.

    Poništi
  20. proslijedio/la je Tweet

    Linux: privilege escalation via io_uring offload of sendmsg() onto kernel thread with kernel creds

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·