Saar Amar

@AmarSaar

Reversing, Exploits, Windows Internals, Virtualization, Mitigations. team member. MSRC-IL

Vrijeme pridruživanja: listopad 2016.

Tweetovi

Blokirali ste korisnika/cu @AmarSaar

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @AmarSaar

  1. proslijedio/la je Tweet
    5. velj

    Just posted my talk "Keeping Windows Secure" touching on security assurance process and vuln research in Windows from 2019:

    Prikaži ovu nit
    Poništi
  2. 5. velj

    checkra1n is a CRAZY life-changer for iOS security research. Now, (you rock man!) finished his talk with a port to Linux (and even a Windows video demo!)

    Poništi
  3. 5. velj

    Kicking off with ! Cover many of the challenges in the process of dealing with vulnerabilities in large scale

    Poništi
  4. proslijedio/la je Tweet
    3. velj

    yep, this is important to note. some early papers I read about PAC mentioned that it could be used instead of a stack canary, but that would be quite problematic

    Poništi
  5. 3. velj

    ROPs (like any indirect branch) are mitigated using PAC (sign LR with SP as a salt). But PAC isn't enough for stack protection (even setting aside the Qualcomm attack). It doesn't protect on other data on the stack, such as restore regs. So, old stack cookies...:)

    Poništi
  6. proslijedio/la je Tweet

    Can’t think of a better way to start my Tel Aviv trip than dinner with & . Tomorrow I put the finishing polish my slides for & maybe get a little drone airtime around Tel Aviv beach 😎

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    2. velj

    Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't. and I wrote about these!

    Poništi
  8. proslijedio/la je Tweet
    31. sij
    Poništi
  9. proslijedio/la je Tweet
    30. sij

    Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy!

    Poništi
  10. proslijedio/la je Tweet
    29. sij

    Linux on T8010 via PongoOS :) /cc

    Poništi
  11. proslijedio/la je Tweet
    29. sij

    Windows Server 2019 securekernel live debugging demo

    Poništi
  12. 29. sij

    Interesting vulnerability: may_create_in_sticky() was done when we already have dropped the ref to dir and thus dir (a struct dentry ptr) might be freed and reuse. One impact is a 1-bit infoleak oracle in open() (CVE-2020-8428)

    Poništi
  13. 23. sij

    Short time after the publish of the crazy design issue, contradicting XOM on EL0 && PAN (the arch can't create ---/--x, checkout 's amazing post. TL;DR )

    Prikaži ovu nit
    Poništi
  14. 23. sij

    Wow, crazy issue bypasses PAN: Part of the uaccess routines (__arch_clear_user() and __arch_copy_{in,from,to}_user()) fail to re-enable PAN if they encounter an unhandled fault while accessing userspace. Check out the patch:

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    22. sij

    Insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still isn't atomic

    Poništi
  16. 21. sij

    In those CET times: It's possible to return in unwinding to any address in the SSP, causing a "type confusion" between stack frames ;) I really like the different variants of this concept :) Type confusions are on fire! (stack frames, objc for PAC bypass)

    Poništi
  17. proslijedio/la je Tweet
    21. sij

    See you at for another round of “One Weird Trick SecureROM Hates”! I hoped to have enough material for a new talk, but my plans didn’t quite work out :X

    Poništi
  18. 20. sij

    It's finally here, guys - is back! Checkout the schedule && register now!

    Poništi
  19. proslijedio/la je Tweet

    - I’ve been waiting to announce this all month; I’ll be crossing another conference off my speaking bucket list in ~2wks when I go onstage at ! I’ve been waiting for this for 2+ years - I might be a little excited about it 🤩

    Poništi
  20. 19. sij

    Someone asked me about this . So yeah, tcache has checks for those (trivial...) incorrect behaviors now on Ubuntu. BUT - my Android 10 is still vulnerable (left is Ubuntu 19.10, right is Android 10)

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·