Rick 🗸

BREAKING: Twitter says a suspected state-sponsored actor used its API to match usernames to phone numbers - Attack took place on December 24, 2019 - Twitter said attack came from IPs in Iran, Israel, and Malaysia https://www.zdnet.com/article/twitter-says-an-attacker-used-its-api-to-match-usernames-to-phone-numbers/ …pic.twitter.com/ulWUmfF5L6

Hawk's head stabilizationpic.twitter.com/ABgV0LU9Tt

[PoC] MS-Windows Local Vulnerabilities Collection cve-2019-14969 cve-2019-5701 cve-2019-1378 cve-2019-12757 cve-2019-13382 cve-2019-13142 cve-2019-19248 cve-2019-0841 cve-2018-0952 cve-2019-5674 cve-2019-19363 cve-2019-1405 cve-2019-1322 CVE-2019-12758 https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/learning_note_bookmarks.txt?fbclid=IwAR3kgEM2BRMyp4mMiDtePic2wR8MTovRxuJ4pHspdOgFVishP87T5dKiGXI …pic.twitter.com/nGlw5EvChG

Finally, the wait is over! We present CacheOut, a new speculative execution attack to leak data on Intel CPUs: https://cacheoutattack.com  #intel #cacheout @themadstephan, Andrew Kwong, Daniel Genkin and @yuvalyarompic.twitter.com/tQYerMiOHK

Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!pic.twitter.com/FekupjS6qG

Update CVE-2019-19781 You can exploit the vulnerability without the file http://newbm.pl  and only use the file http://rmbm.pl  ! You can inject your payload inside the name of the XML file and fire the command execution ! #shitrix #citrixpic.twitter.com/g2P1GAJo1R

Here's a little-known secret: Twitter has a separate web form you can use to report abusive tweets. It's more cumbersome, but it allows you to submit more context for review, and provides you with a ticket number via email. I use it when I want followup. https://help.twitter.com/forms/abusiveuser …pic.twitter.com/ofFJ4Bfs6k