Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @_sinn3r
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_sinn3r
-
sinn3r proslijedio/la je Tweet
https://sandboxescaper.blogspot.com/2020/01/chasing-polar-bears-part-2.html … Fuck it, I can't focus at all today. It's a mess, sorry.. I've also uploaded the discussed bug to github. Maybe someone can make sense of it. It's a junction bug that's a little more complicated then a simple "bait and switch". Hope it's useful to someone.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je Tweet
Mini pro-tip for Java reversing: JD-GUI is my preferred decompiler if I want to attach a debugger since it preserves line numbers. CFR tends to provide much more reasonable code output, especially when dealing with inner classes, but doesn't fix up line numbers for debugging.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je Tweet
Here's your chance to hear
@JohnLaTwC tell the story of MS08-067 and finding exploits in crash reports :) And in case you missed the blog post he published a while ago: https://docs.microsoft.com/en-us/archive/blogs/johnla/the-inside-story-behind-ms08-067 …https://twitter.com/DarknetDiaries/status/1219646340277440513 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je Tweet
I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell https://srcincite.io/blog/2020/01/14/busting-ciscos-beans-hardcoding-your-way-to-hell.html … PoC exploit code: https://srcincite.io/pocs/cve-2019-15975.py.txt … https://srcincite.io/pocs/cve-2019-15976.py.txt … https://srcincite.io/pocs/cve-2019-15977.py.txt …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je Tweet
In 2018 i was expelled from uni coz i was unable to pay my fee ( $4000/year + $500 monthly expenses) , and had some financial problems from family.
#Bugbounty helped me alot and paid uni fee. and now i am independent
And now i can become a Doctor
#ThankYouBugBountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je Tweet
I just released my slides from
@BlueHatIL "Postscript Pat and His Black and White Hat" https://srcincite.io/assets/postscript-pat-and-his-black-and-white-hat.pdf … Still waiting on fixes from@AdobeSecurity but so far 70+ bugs have been patched. https://ghostbin.co/paste/v852ePrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Sourcetrail (free) is a fun tool that saves lots of time in vuln research. Works even better w/ an IDE connected. E.g., this is CVE-2019-14776: Casually solved in seconds vs grep + noting where things are in mins. https://www.sourcetrail.com/ pic.twitter.com/WzapHHWaMp
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
... If you have a pet and work hard, do me a favor, try to take them for a walk, play w/ them, pet them more often. One day you will never have that moment again, and there's no amount of money you've made can get that back.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
My dog Missy passed away on 8/9/19. Infosec is a tough job, and I used to spend a lot of overtime working instead of spending time with her, but she was always with me. Now when I get on my work laptop, I turn around, that familiar sight of her resting is no longer there...pic.twitter.com/L3xnAEgq1u
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je Tweet
Attacking Unmarshallers :: JNDI Injection using Getter Based Deserialization Gadgets https://srcincite.io/blog/2019/08/07/attacking-unmarshallers-jndi-injection-using-getter-based-deserialization.html … thanks to
@Doyensec for the inspiration!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je Tweet
Another good post on the technical details of the CapitalOne breach: https://blog.cloudsploit.com/a-technical-analysis-of-the-capital-one-hack-a9b43d7c8aea?gi=23db3121fc21 … I had missed the details about S3:Sync permission enabling the full download of data (I had assumed it was extra Read permissions). Subtle.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Spoiled by source code. And I love to be spoiled.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
sinn3r proslijedio/la je Tweet
Semmle is looking for full time Security researchers to help us secure open source projects. (Tambien en Latinoamerica!) https://hire.withgoogle.com/public/jobs/semmlecom/view/P_AAAAABlAAAPM2O2DqSsQ1S …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je Tweet
If you are documenting or blogging, can you PLEASE follow Wikipedia's model and add links to documentation for *every* *single* *thing* you assume the reader knows about? Going from n00b to 1337 is so much easier if one doesn't have to look things up manually.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je Tweet
Btw, as far as I can tell LFH applies also for kernel pool allocations from Win 10 v1809. Compared with v1803, there is a clear difference about how objects are allocated. Speaking from an exploit perspective that required modification because of that.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Unsure if this is how other exploit devs do it haha, but here's a Math.sin("hello world") debugging message trick for WinDBG + x64 Firefox: bu xul!js::math_sin "r $t0=poi(r8+10) & (0n140737488355328-1); .printf \"[Message] %ma\\n\", $t0+8; g"
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This is kind of silly... but I have never successfully installed WinDBG Preview.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
sinn3r proslijedio/la je Tweet
We’ll be teaching the new 2019 version of
#corelan#advanced windows heap exploit class in the US in September. Open for registration: http://www.ccsecuritytraining.com/schedule/exploit-development-registration …#grabyourseat#nevergiveupHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Heap Overflow Exploitation on Windows 10 Explained (with info leak & code execution examples): https://bit.ly/2KLrpF4
#Metasploit#WindowsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.