Chuanda Ding

@FlowerCode_

Senior security researcher at . Creator of . My tweets are my own.

Vrijeme pridruživanja: travanj 2015.
3 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @FlowerCode_

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @FlowerCode_

  1. 3. velj

    Electrolux did not pay me to say this, but get a Pure i9 robotic vacuum. It has Linux on ARM Cortex A8, laser positioning system, working USB port with filesystem, unencrypted firmware, etc. Also vacuums the room for you while you're disassembling the firmware.

    Poništi
  2. 28. sij

    Meanwhile in China, everyone is self-quarantined at home. Before they are bored to death, they watch a 24-hour live footage of 2 hospital construction in , and already given name to each and every excavator & forklift on site.

    1 korisnik označava da mu se sviđa
    Poništi
  3. proslijedio/la je Tweet
    4. sij

    I've just released ccrawl (). Its a -based tool that allows to collect and query various properties of C/C++ data structures, and to translate them for example to ctypes (including on C++ class instances.)

    1 reply 49 proslijeđenih tweetova 118 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    2. sij

    To bring in the new year here's a new blog post about empirically testing Windows Service Hardening to see if it is really not a security boundary even on Windows 10. h/t

    6 replies 154 proslijeđena tweeta 298 korisnika označava da im se sviđa
    Poništi
  5. 30. pro 2019.

    TIL records every IP address & device you've used to download and update apps from App Store, and save it indefinitely. I just got my 10 years of IP address history by requesting "iTunes and App-Book Re-download and Update History.csv" from

    8 replies 178 proslijeđenih tweetova 358 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    12. stu 2019.

    NTLM reflection is back to haunt windows. Read about Ghost Potato here (this time with a fixed link):

    15 replies 347 proslijeđenih tweetova 625 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    10. stu 2019.

    CVE-2019-1322  as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!

    129 proslijeđenih tweetova 326 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    8. stu 2019.

    Released to go with my talk, a project which contains a C# client for almost every ALPC RPC server on Windows 7 through Windows 10 1909. Could be useful for EoP research, fuzzing etc.

    5 replies 220 proslijeđenih tweetova 395 korisnika označava da im se sviđa
    Poništi
  9. 8. stu 2019.

    Well nice find, but if Python allows everyone to write to a system path, that’s a Python vulnerability IMHO.

    [Blog] NVIDIA GeForce Experience Local Privilege Escalation (CVE-2019-5701)
    1 proslijeđeni tweet 4 korisnika označavaju da im se sviđa
    Poništi
  10. 2. lis 2019.

    Windows Phone Reborn? No, thanks. - A Windows Phone 7 user

    2 korisnika označavaju da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    11. ruj 2019.

    Put up a blog on Windows Execution Aliases so everyone can better understand how it works. I'd have sworn I'd done the blog already but I guess not. Includes a bonus (security?) bug if you read that far :-) /cc

    125 proslijeđenih tweetova 206 korisnika označava da im se sviđa
    Poništi
  12. 10. ruj 2019.

    I am thrilled to share with you that 's abuse of adjectives is awesome, amazing, stunning, incredible and pro, like never before. I think you are going to love it.

    1 reply 1 korisnik označava da mu se sviđa
    Poništi
  13. 22. kol 2019.

    OK I’ll wait for EX2

    Windows: SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
    1 proslijeđeni tweet 9 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    22. kol 2019.

    Are you interested in font security? I've just updated my BrokenType repository () with several new tools: font2pdf (embedding custom fonts in PDFs), a DirectWrite API testing harness and a Windows FontSub.dll loader. Enjoy :)

    82 proslijeđena tweeta 246 korisnika označava da im se sviđa
    Poništi
  15. 18. kol 2019.

    I’ve seen this many times and their argument goes like “even it is easily bypassed / reverse engineered, it at least deters the attacker a little bit”. But it just doesn’t feel right to me.

    1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. 18. kol 2019.

    If a company changes all its servers’ default port to [some secret port] to “avoid scanning and password cracking”, and they does employ other defence measures, then is it considered security by obscurity or defence in depth? Also similar tactics such as private protocols etc.

    1 reply
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    13. kol 2019.

    I'm publishing some 🔥 research today, a major design flaw in Windows that's existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation.

    77 replies 1.999 proslijeđenih tweetova 4.069 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    8. kol 2019.

    Finally!

    12 proslijeđenih tweetova 80 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    31. srp 2019.

    Project Zero Vulnerability Disclosure FAQ -

    52 proslijeđena tweeta 139 korisnika označava da im se sviđa
    Poništi
  20. 16. lip 2019.

    And yes if you restore from backups they will come back. And no this feature cannot be disabled. It's different from iCloud Keychain. Nice job Apple. (2 / 2)

    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@FlowerCode_ još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·