Thomas King

@ThomasKing2014

Android/Browser Vulnerability Research, Reverse Engineering.

ThomasKing2014.com
Vrijeme pridruživanja: travanj 2015.

Tweetovi

Blokirali ste korisnika/cu @ThomasKing2014

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ThomasKing2014

  1. proslijedio/la je Tweet
    prije 23 sata

    From a discussion with , I noticed that this check in was removed in the 5.x kernel. Does any kernel hacker know why? Accessing the stack belop SP remains a bug IMO.

    2 proslijeđena tweeta 9 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    prije 20 sati

    TeamViewer (all versions) keys lead to password extraction, not hashed. TeamViewer stored user passwords encrypted with AES-128-CBC with key: 0602000000a400005253413100040000 and iv of 0100010067244F436E6762F25EA8D704 - in the Windows registry.

    48 proslijeđenih tweetova 94 korisnika označavaju da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    30. sij

    Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy!

    85 proslijeđenih tweetova 212 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    27. sij

    macOS/iOS: ImageIO: heap corruption when processing malformed TIFF image

    1 reply 60 proslijeđenih tweetova 221 korisnik označava da mu se sviđa
    Poništi
  5. proslijedio/la je Tweet
    17. sij

    RT - Many Releases! HTool Beta 1 for macOS & iOS: Mach-O Helper Toolset for iOS (arm64): Libhelper for macOS, iOS & Linux: And a quick blog post summarising it all:

    32 proslijeđena tweeta 81 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    16. sij

    I'll make my tech report and poc public soon. It was a fun bug affecting most major distributions. one exploit to rule them all w/ all kernel expl mitigation bypasses - no rop chains / hardcoded crap

    36 proslijeđenih tweetova 96 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    9. sij

    WeChat: Memory corruption in CAudioJBM::InputAudioFrameToJBM

    40 proslijeđenih tweetova 124 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    9. sij

    SLOP - A Userspace PAC Workaround

    1 reply 58 proslijeđenih tweetova 161 korisnik označava da mu se sviđa
    Poništi
  9. 8. sij

    Again, more features can be abused. If someone wanna know how to R/W kernel memory directly without any syscalls. Check out my previous slide: . And the Linux kernel patch:

    New blog post. ARM hardware bug. In the specification.
    1 reply 2 proslijeđena tweeta 10 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    27. pro 2019.

    My talk on iMessage exploitation () starts in two hours. You can watch it in room Ada or on

    14 replies 144 proslijeđena tweeta 560 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    26. pro 2019.

    New blogpost: Sanitized Emulation with QEMU-AddressSanitizer I just open-sourced my QEMU patches to fuzz binaries with ASan, QASan. You can also use it with ARM targets on Linux, a thing that you can't do with LLVM ASan!

    118 proslijeđenih tweetova 273 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    19. pro 2019.

    Happy to announce that our paper “Automatic Techniques to Systematically Discover New Heap Exploitation Primitives” got accepted , ! !

    18 proslijeđenih tweetova 88 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    17. pro 2019.

    [BLOG] A Deep Dive Into Samsung's TrustZone (Part 2) by ,   and

    1 reply 66 proslijeđenih tweetova 84 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    17. pro 2019.

    Simplest and strangest sandbox escape I've found in Chrome was just derestricted

    1 reply 45 proslijeđenih tweetova 129 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    17. pro 2019.

    macOS: Kernel use-after-free due to race condition in wait_for_namespace_event()

    53 proslijeđena tweeta 165 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    16. pro 2019.

    In the 1st of our Top 5 bugs for 2019, takes a look at a sandbox escape in originally submitted to the program by . Read the details at

    1 reply 64 proslijeđena tweeta 125 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    14. pro 2019.

    I repropose my notes about x86, Linux and virtualization in a single text file (~2500 lines only) for my fellow students in Sapienza.

    69 proslijeđenih tweetova 222 korisnika označavaju da im se sviđa
    Poništi
  18. 13. pro 2019.

    The thought 😂

    I wrote a thing about JSC exploitation (including how to leak StructureID) and Safari sandbox escape.
    1 reply 1 korisnik označava da mu se sviđa
    Poništi
  19. proslijedio/la je Tweet
    13. pro 2019.

    Linux: privilege escalation via io_uring offload of sendmsg() onto kernel thread with kernel creds

    121 proslijeđeni tweet 232 korisnika označavaju da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    12. pro 2019.

    CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753 WebSQL, 3 of them were used on TFC(). 😂 Sorry due to responsible disclosure I didn't reply to some DMs a few days eariler about asking me what I used on TFC.

    1 reply 13 proslijeđenih tweetova 48 korisnika označava da im se sviđa
    Poništi

@ThomasKing2014 još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·