Hector Cuesta

@HectorCuesta

Fuzzing my way into security H3ku

London
Vrijeme pridruživanja: svibanj 2011.
368 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @HectorCuesta

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @HectorCuesta

  1. Prikvačeni tweet
    12. ožu 2019.

    After analysing the root cause of CVE-2019-0547 I discover a new issue in the Windows DHCP client, this was assigned CVE-2019-0726 and fixed in the latest Path Tuesday, happy to bugcollide with multiple good researchers :)

    6 replies 26 proslijeđenih tweetova 69 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    28. sij

    Check out ' tips on Fuzzing, to overcome known challenges and maximize results:

    47 proslijeđenih tweetova 99 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    15. sij

    Assert yourself on the browser playground with ’s guide to hunting Chrome IPC sandbox escapes:

    42 proslijeđena tweeta 81 korisnik označava da mu se sviđa
    Poništi
  4. proslijedio/la je Tweet
    15. sij

    CVE-2020-0601

    1.172 proslijeđena tweeta 2.590 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    9. sij

    I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:

    15 replies 542 proslijeđena tweeta 1.270 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    17. pro 2019.

    Simplest and strangest sandbox escape I've found in Chrome was just derestricted

    1 reply 45 proslijeđenih tweetova 129 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    16. pro 2019.

    In the 1st of our Top 5 bugs for 2019, takes a look at a sandbox escape in originally submitted to the program by . Read the details at

    1 reply 64 proslijeđena tweeta 125 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    13. pro 2019.

    As I've recently gotten into browser exploitation, I thought I'd solve and do a writeup for a CTF challenge from earlier this year that really doesn't have any detailed writeups. Hope someone finds my writeup for *CTF 2019 oob-v8 useful! DMs are open.

    73 proslijeđena tweeta 197 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    13. pro 2019.

    I wrote a thing about JSC exploitation (including how to leak StructureID) and Safari sandbox escape.

    161 proslijeđeni tweet 365 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    12. pro 2019.

    First blog post in a short series about some vulnerabilities that I found in Ubuntu's crash reporter earlier this year. I learned a lot from working on the exploits, so I am going to share some of the tips and tricks that I learned.

    47 proslijeđenih tweetova 104 korisnika označavaju da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    5. pro 2019.

    Thinking Outside the JIT Compiler: Understanding and Bypassing StructureID Randomization with Generic and Old-School Methods [SLIDES] by

    1 reply 34 proslijeđena tweeta 116 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    6. pro 2019.

    Here is an exploit chain I wrote for Firefox that gets RCE via CVE-2019-9810 and escape the sandbox with CVE-2019-11708/CVE-2019-9810. Once compromised, it drops a payload and injects privileged JS code in already/newly created tabs.

    7 replies 492 proslijeđena tweeta 1.055 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    22. stu 2019.

    Introducing the fzero fuzzer! A target-architecture-agnostic grammar-based fuzzer (inspired by F1). With no input size constraints, multi-thread support, and all Rust code for no corruption bugs. 5x faster than the worlds fastest grammar-based fuzzer ;D

    127 proslijeđenih tweetova 380 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    19. stu 2019.

    Windows isn't a favorite feature, but details a bug submitted by Eduardo Braun Prado that shows how you can use it to escalate from guest to SYSTEM (includes video)

    8 replies 382 proslijeđena tweeta 728 korisnika označava da im se sviđa
    Poništi
  15. 14. stu 2019.

    From now on you can run CodeQL queries using Visual Studio Code, Eclipse is no longer needed 🎉🎉🎉

    5 proslijeđenih tweetova 21 korisnik označava da mu se sviđa
    Poništi
  16. proslijedio/la je Tweet
    12. stu 2019.

    A primer on from Including how he used it to find CVE-2019-15937/8 in the barebox bootloader & a t-shirt challenge.

    33 proslijeđena tweeta 64 korisnika označavaju da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    12. stu 2019.

    Wonderful example and nice intro to variant analysis by :

    7 proslijeđenih tweetova 13 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    6. stu 2019.

    In the next installment of our series on using Semmle QL for vulnerability hunting, shows how to research DOM-based XSS by finding sources and sinks.

    57 proslijeđenih tweetova 113 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    27. lis 2019.

    Today is the 3rd anniversary of "Attacking JavaScript Engines". Not a lot has changed, but I tried to briefly summarize the things that did: It's been a few month since my last interactions with JSC though, so any corrections/additions are very welcome :)

    1 reply 222 proslijeđena tweeta 562 korisnika označavaju da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    23. lis 2019.

    We added AddressSanitizer (ASan) support to MSVC in the latest Visual Studio preview. So now you can not only use it for applications targeting Linux from VS, but Windows too, to find runtime memory issues fast:

    9 replies 144 proslijeđena tweeta 422 korisnika označavaju da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    2. lis 2019.

    How a double-free bug in WhatsApp turns to RCE

    254 proslijeđena tweeta 569 korisnika označava da im se sviđa
    Poništi

@HectorCuesta još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·