Max Moroz

@Dor3s

security team, . (& LC↯BC) CTF team. Hopefully all tweets are mine.

Joined September 2010

Tweets

You blocked @Dor3s

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @Dor3s

  1. Pinned Tweet
    30 Jul 2019

    "Passive income" opportunity for security researchers: submit your fuzzers to the Chrome Fuzzer Program and receive rewards for vulnerabilities found (with an extra $1K bonus for each vuln). teaches how to do it successfully

    Undo
  2. Retweeted

    Today I learned Google recently hit 50% fuzzing coverage in Chrome. Wow.

    Undo
  3. Retweeted
    Jan 30

    HWASAN (think of it as ASAN v2) has become available to developers on Android outside of Google. If you use C or C++ on Android, please give it a try. HWASAN is also available on Aarch64 Linux with a recent kernel.

    Undo
  4. Retweeted
    Jan 28
    Undo
  5. Retweeted
    Jan 14

    We shared an update today on our plans to phase out 3P tracking from the Web over the next two years.

    Show this thread
    Undo
  6. Jan 11

    According to , Chromium had the most commits in 2019 among open source projects: 109K. On average, a new commit was landed every 5 minutes. Quite a challenge for any continuous process, given the size of the codebase and the variety of supported platforms.

    Undo
  7. Jan 2

    Awesome work, but also a very sad reminder that we're still suffering from dumb integer overflows, unchecked memcpy arguments, and (believe it or not) lack of the NX bit! It's 2020 already and stuff doesn't get less scary.

    Undo
  8. 14 Dec 2019

    Thanks for the awesome content and fun presentations!

    Show this thread
    Undo
  9. 14 Dec 2019
    Show this thread
    Undo
  10. 13 Dec 2019
    Undo
  11. Retweeted
    13 Dec 2019

    Please be aware of the new called "Batching Attack"

    Undo
  12. Retweeted
    12 Dec 2019

    The video from my talk on structure-aware fuzzing at Black Hat was posted: I mostly cover libprotobuf-mutator but also discuss libFuzzer custom mutators.

    Show this thread
    Undo
  13. Retweeted
    11 Dec 2019

    Fuzzing always scale with developers and this is a small token of appreciation for their awesome efforts!

    Undo
  14. Retweeted
    10 Dec 2019

    Learn how found and exploited SockPuppet for iOS 12.4, featuring a bonus collaboration with LiveOverflow!

    Undo
  15. Retweeted
    8 Dec 2019

    Last day to RSVP to attend the second Bay Area Fuzzer Meetup. Come hear my talk on fuzzing native code in-browser using WebAssembly!

    Undo
  16. Retweeted
    8 Dec 2019

    Shoutout to programmers in Sweden: Is there any interest in arranging a meetup? There is one in the Bay area, far far away... Please RT for reach.

    Undo
  17. Retweeted
    5 Dec 2019

    OpenSSL CVE-2019-1551: Incorrect consttime modular exponentation, found after 1.5 years of bignum fuzzing at OSS-Fuzz

    Undo
  18. 5 Dec 2019

    The registration closes this Sunday. Make sure to RSVP if you're in the Bay Area on Dec 12th and want to talk / listen about fuzzing! SPOILER: besides great content, there'll be swag, food, and drinks -- all free of charge :)

    Undo
  19. Retweeted
    3 Dec 2019

    Join software security experts and industry leaders on Feb 25th for 2020, a education and community building event. Follow the link here for more info:

    Undo
  20. Retweeted
    4 Dec 2019

    Great talk by and on fuzzing at scale with ClusterFuzz.

    Undo
  21. Retweeted

    Interesting idea from Google: integrate the security practice of fuzzing in the ordinary software development lifecycle. Now that's a way to articulate devsecops. But what are the chances that the average developer outside Silicon Valley can (or has time to) write fuzzers?

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·