Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @AmarSaar
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @AmarSaar
-
Saar Amar Retweeted
Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't.
@aionescu and I wrote about these! https://windows-internals.com/dkom-now-with-symbolic-links/ …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Saar Amar RetweetedThanks. Twitter will use this to make your timeline better. UndoUndo
-
Saar Amar Retweeted
Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy! https://googleprojectzero.blogspot.com/2020/01/part-ii-returning-to-adobe-reader.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Saar Amar Retweeted
Linux on T8010 via PongoOS :) /cc
@CorelliumHQ@never_releasedpic.twitter.com/YnGvdYDik6
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Saar Amar Retweeted
Windows Server 2019 securekernel live debugging demohttps://youtu.be/tRLQwsJQ-hU
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Interesting vulnerability: may_create_in_sticky() was done when we already have dropped the ref to dir and thus dir (a struct dentry ptr) might be freed and reuse. One impact is a 1-bit infoleak oracle in open() (CVE-2020-8428) https://seclists.org/oss-sec/2020/q1/39?utm_source=dlvr.it …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Short time after the publish of the crazy design issue, contradicting XOM on EL0 && PAN (the arch can't create ---/--x, checkout
@s1guza's amazing post. TL;DR https://twitter.com/AmarSaar/status/1214414716140998656?s=19 …)Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Wow, crazy issue bypasses PAN: Part of the uaccess routines (__arch_clear_user() and __arch_copy_{in,from,to}_user()) fail to re-enable PAN if they encounter an unhandled fault while accessing userspace. Check out the patch: https://lore.kernel.org/patchwork/patch/1157641/ …
@Liran_AlonShow this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Saar Amar Retweeted
Insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still isn't atomic https://bugs.chromium.org/p/project-zero/issues/detail?id=1951 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
In those CET times: It's possible to return in unwinding to any address in the SSP, causing a "type confusion" between stack frames ;) I really like the different variants of this concept https://twitter.com/AmarSaar/status/1211565530286632960 …:) Type confusions are on fire! (stack frames, objc for PAC bypass)https://twitter.com/yarden_shafir/status/1217728223355817986 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Saar Amar Retweeted
See you at
@BlueHatIL for another round of “One Weird Trick SecureROM Hates”! I hoped to have enough material for a new talk, but my plans didn’t quite work out :XThanks. Twitter will use this to make your timeline better. UndoUndo -
It's finally here, guys -
@BlueHatIL is back! Checkout the schedule && register now! https://www.bluehatil.com/Thanks. Twitter will use this to make your timeline better. UndoUndo -
Saar Amar Retweeted
https://www.bluehatil.com/speakers - I’ve been waiting to announce this all month; I’ll be crossing another conference off my speaking bucket list in ~2wks when I go onstage at
@BlueHatIL! I’ve been waiting for this for 2+ years - I might be a little excited about it
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Someone asked me about this https://twitter.com/AmarSaar/status/977116492226494464 …. So yeah, tcache has checks for those (trivial...) incorrect behaviors now on Ubuntu. BUT - my Android 10 is still vulnerable (left is Ubuntu 19.10, right is Android 10)pic.twitter.com/KW8SEubh87
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Saar Amar Retweeted
Actually, this also made me wonder on Intel CET forward-edge protection: It only verifies that indirect branch target ends with ENDBR64. i.e. Only validates it's some valid target and not considering context/prototype-hash as RAP/XFG. Doesn't this make ENDBR64 mechanism useless?
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Saar Amar Retweeted
New blog post: cuck00 A XNU/IOKit info leak 1day killed in iOS 13.3.1 beta 2. https://siguza.github.io/cuck00/
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Saar Amar Retweeted
Great in-depth analysis of many of the changes that have been made thus far to support CET on Windows Looking forward to the future of CET capable CPUs :)https://twitter.com/yarden_shafir/status/1217728223355817986 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
SLOP approach is *outstanding*. Calling arbitrary objc methods is known for some time (isa not signed), but
@5aelo showed here a script lang. That's HIGHLY powerful, and that's exactly what I'm looking for while exploiting. Having a script lang makes the exploit much more stableThanks. Twitter will use this to make your timeline better. UndoUndo -
Checkout
@Oranav's great writeup on md15 from#36C3 CTF (@hxpctf - you rock!) - https://github.com/oranav/ctf-writeups/tree/master/36c3/md15 …. Interesting point: if we run this on WSLv1, it's immediately fail (due to different behavior in the loader) on the whole point of the chg, revealing everything ;)pic.twitter.com/8sjSUQYosb
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Saar Amar Retweeted
Android: ashmem readonly bypasses via remap_file_pages() and ASHMEM_UNPIN https://bugs.chromium.org/p/project-zero/issues/detail?id=1949 …
Thanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.