![Felix aka [xi-tauw]](https://pbs.twimg.com/profile_images/2570315036/c30p9ihncv66teu03rmc_400x400.jpeg){kind=avatar}
![Felix aka [xi-tauw]](https://pbs.twimg.com/profile_images/2570315036/c30p9ihncv66teu03rmc.jpeg)
Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @PsiDragon
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @PsiDragon
-
cc
@enigma0x3,@tiraniddo I bet you like CVE-2019-19247Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Writeup for EOP for Windows Origin client. (CVE-2019-19247 и CVE-2019-19248) Rus - https://habr.com/ru/company/pm/blog/479704/ … Eng - https://amonitoring.ru/article/origin_lpe_disclosure/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Writeup for third Steam vulnerability.
#PublicDisclosure but not#0day this time, already patched. Rus - https://habr.com/ru/company/pm/blog/469507/ … Eng - https://amonitoring.ru/article/steam_vuln_3/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
https://store.steampowered.com/news/54236/ Third reported vulnerability has been fixed in main client. Hurray.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Unbanned on h1. So try do new report there.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Felix aka [xi-tauw] proslijedio/la je Tweet
August - Steam Client Update released. Finally a fix for the local privilege escalation vulnerability -
@general_nfs ;-)@PsiDragon@enigma0x3@steam_games#infosec#Steam#cybersecurity#Securitypic.twitter.com/643H3m5RQs
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If someone from Valve (
@steam_games) read this, please DM me. Yep, another vulnerability at Steam.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
3/3. Now it is Valve's turn to do something. Since status the same, it means Valve has do nothing for changing it. It is still Valve's work. Am I right, Matt
@enigma0x3?Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
2/3. Today I was told that Valve not take any action to dispute CVE. So, the status was set based on my article. First reason for "DISPUTED" is H1-Valve rejection of the report. I provided my position to CVE team when request the CVE.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
1/3. It seems we need some clarification about CVE-2019-14743 and status "DISPUTED". FAQ says the status means "When one party disagrees with another party's assertion that a particular issue in software is a vulnerability".
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Felix aka [xi-tauw] proslijedio/la je Tweet
Hey, you are win!) Valve was changed his political for LPE bugs.) Now LPE bugs in scope. https://hackerone.com/valve/policy_versions …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
https://steamcommunity.com/groups/SteamClientBeta#announcements/detail/1599262071399843693 … Valve is patching something. I'll wait for main client update.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Felix aka [xi-tauw] proslijedio/la je Tweet
Many have seen me criticise
@EpicGames lately, which has lead some Epic apologists call me a Steam fanboy. Well, I think it's about time the Valve apologist be angry at me, because what follows won't be pretty. In the words of@AngryJoeShow, you done fucked it up,@steam_games.Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I request CVE for the last one Steam's eop. Got two in reply: CVE-2019-15316 is mine and CVE-2019-15315 for Xiaoyin Liu's
@general_nfsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Video of exploiting: Reg: https://www.youtube.com/watch?v=ZCHrjP0cMew … FS: https://www.youtube.com/watch?v=I93aH86BUaE …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Valve banned me on their H1 program. So... I release new
#ZeroDay#PublicDisclosure EoP vulnerability at Steam. Another#0day. Rus - https://habr.com/ru/company/pm/blog/464367/ … Eng - https://amonitoring.ru/article/onemore_steam_eop_0day/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Felix aka [xi-tauw] proslijedio/la je Tweet
I found a way to bypass the fix. The bypass requires dropping a file in a nonadmin-writable location, so I think it's out-of-scope for Valve. Write-up: https://xiaoyinl.github.io/steam_EoP_bypass.html … cc
@PsiDragon@enigma0x3@steam_games#infosec#steam#bugbountyhttps://twitter.com/PsiDragon/status/1161382453283627009 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Main client got update https://store.steampowered.com/news/53319/ On first sight - all regsetsecurity has been removed. Will look in few days. cc
@enigma0x3Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Felix aka [xi-tauw] proslijedio/la je Tweet
The fix for the Steam LPE: The service now checks for registry symlinks by iterating through subkeys under the Steam key & calls RegQueryValueEx with a check for the "SymbolicLinkValue" key value.pic.twitter.com/mr5yraXtrF
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.