Lays

@_L4ys

Lazy Security Researcher / Focus on hunting bugs that are as useless as me

台灣
Vrijeme pridruživanja: siječanj 2015.

Tweetovi

Blokirali ste korisnika/cu @_L4ys

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_L4ys

  1. Prikvačeni tweet
    7. kol 2019.

    Ranked #42 on this year’s MSRC Most Valuable Security Researcher list. Not bad for only 3 submissions :P Also thanks to for the great bug bounty program!

    Poništi
  2. proslijedio/la je Tweet
    prije 4 sata

    Hey bug hunters! Want a look at some of the top vulnerabilities ever found on ? They just released the last blog post I wrote before leaving. Enjoy!

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    prije 6 sati

    Our first blog post of 2020 is out! Learn about how we discovered a heap overflow in the F-Secure Internet Gatekeeper, which leads to unauthenticated RCE

    Poništi
  4. proslijedio/la je Tweet

    Want to get on our annual MSRC Most Valuable Researcher list? Check out our blog to learn more about who will get recognized as the top researchers for 2020:

    Poništi
  5. proslijedio/la je Tweet
    31. sij
    Poništi
  6. proslijedio/la je Tweet
    31. sij
    Poništi
  7. proslijedio/la je Tweet
    31. sij

    Fuck it, I can't focus at all today. It's a mess, sorry.. I've also uploaded the discussed bug to github. Maybe someone can make sense of it. It's a junction bug that's a little more complicated then a simple "bait and switch". Hope it's useful to someone.

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    30. sij

    Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy!

    Poništi
  9. proslijedio/la je Tweet

    Taking a look at what we published in 2019. What was the most popular vendor? The most common ? All this and more in our 2019 retrospective.

    Poništi
  10. proslijedio/la je Tweet

    We’re excited to announce the Xbox Bounty Program, which awards up to $20,000 for vulnerabilities in the Xbox network space. Find out more information:

    Poništi
  11. proslijedio/la je Tweet
    30. sij

    In the past year, I was researching Azure Stack, which is an on-premise version of Azure Cloud. In the following blog posts, we present information on what is Azure Stack and its architecture and disclose a vulnerability in Azure App Service that allowed a sandbox escape.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    30. sij

    A quick post on why you shouldn't use SYSTEM Tokens when you sandbox a process. Part 1 of N (where I haven't decided how big N is).

    Poništi
  13. proslijedio/la je Tweet
    29. sij
    Poništi
  14. proslijedio/la je Tweet
    28. sij

    [Educational] One of the best blog posts that I ever read about going from 0 to unauth RCE in f**king Mikrotik OS step by step:

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    28. sij

    Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: PS: "Did you ever play tic-tac-toe?"

    Poništi
  16. proslijedio/la je Tweet
    27. sij

    Windows Kernel _IMAGE_DOS_HEADER::e_lfanew Denial Of Service/Memory Corruption

    Poništi
  17. proslijedio/la je Tweet
    24. sij
    Odgovor korisniku/ci

    Do not let duplicates discourage you. We all hate dupes, but when your starting out use a dupe as a way to validate what your doing. A dupe means you found a valid bug, someone else just found it first. So keep trying

    Poništi
  18. proslijedio/la je Tweet
    24. sij

    🎉 it's Chinese New Year's Eve! so we're going to release some new challenges! 8 new challenges will be unlocked on UTC 2019-01-26 04:00

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    18. sij

    RDP to RCE: When Fragmentation Goes Wrong AKA: What we know about CVE-2020-0609 and CVE-2020-0610.

    Poništi
  20. 15. sij

    didn't expect I still on the Q4 leaderboard 😅

    Poništi
  21. proslijedio/la je Tweet

    We have increased our Microsoft Edge bounty awards alongside today's general availability of the new Microsoft Edge. Find out more here:

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·