& Stalmans

@_staaldraad

Security researcher and breaker of things

staaldraad.github.io
Vrijeme pridruživanja: ožujak 2010.
194 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @_staaldraad

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_staaldraad

  1. Prikvačeni tweet
    3. lip 2018.

    Here is my write-up of the new Git RCE vulnerability. Covers the process of discovery, stumbling, exploiting and disclosure.

    8 replies 345 proslijeđenih tweetova 533 korisnika označavaju da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    30. sij

    I work with the in helping poke fingers into the eyes of those who feel they can abuse children by using technology to hide. They are desperate for anyone who knows databases and can offer time in helping make theirs better and more efficient

    57 proslijeđenih tweetova 50 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    28. sij

    We issued a micropatch for CVE-2017-11774, a remote code execution vulnerability in Outlook that has been widely exploited and remains popular with attackers. In contrast to official patch which could be reverted by non-admins, micropatch will reliably disable Outlook Home Page.

    1 reply 13 proslijeđenih tweetova 22 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. 13. pro 2019.

    yay! Two distinct solutions from and Love things like this because you always get to learn something new from how others approach the problem 😁

    A mini challenge, can you read the file at `data/flag`?
    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  5. 12. pro 2019.

    A mini challenge, can you read the file at `data/flag`?

    13 replies 5 proslijeđenih tweetova 17 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    6. pro 2019.

    It's FRIYAY and here's Terrier, slides and a cheatsheet repo as mentioned in our EU talk. Terrier-> Slides+Cheatsheets ->

    21 proslijeđeni tweet 36 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    5. pro 2019.

    Aaaaaaannnnd now I've made it public 🤬

    Welp, I mentioned my October talk earlier so no better time to put it out there. BONUS POINTS if you spot the overdub 🤣
    1 proslijeđeni tweet 7 korisnika označava da im se sviđa
    Poništi
  8. 24. stu 2019.

    New write-up: Command injection is usually mitigated but argument injection is often overlooked. An example of an argument injection chain leading to code execution:

    72 proslijeđena tweeta 164 korisnika označavaju da im se sviđa
    Poništi
  9. 19. stu 2019.

    Excellent write-up and really fun bug.

    8 proslijeđenih tweetova 20 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    15. stu 2019.

    Hiring! We have popsicles*!! *popsicles not provided, we are a near 100% remote team, but don’t let that stop you from reaching out because the partial list below beats popsicles

    If you still aren't convinced (or just curious), here are just a few things we have worked on recently:
    Prikaži ovu nit
    10 proslijeđenih tweetova 15 korisnika označava da im se sviđa
    Poništi
  11. 15. stu 2019.

    If you still aren't convinced (or just curious), here are just a few things we have worked on recently:

    8 proslijeđenih tweetova 19 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. 14. stu 2019.

    My team at Heroku is hiring! If you want to chat about what we do, want to know what the culture of the team is like or if you have any other questions, my DMs are open.

    5 replies 44 proslijeđena tweeta 75 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. 7. stu 2019.

    Means avoiding the official Docker base images and their dodgy/weird build process and non history. See this for more context:

    Reminder that the “official” Debian and Fedora I ages on docker hub cannot be traced back to a build artifact. They get built from a force pushed git repo without a signature check. Sleep well.
    Prikaži ovu nit
    2 proslijeđena tweeta 7 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. 7. stu 2019.

    Pretty excited about this. Building a Docker “scratch” image directly from Ubuntu source (no Docker base layer). And then using that to build a CI image. Verification each step of the way and exact knowledge of what is on the image. Updates are a ‘git push’ away and full history.

    17 proslijeđenih tweetova 38 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    10. lis 2019.

    OHAI!! So turns out I’ve got an extra ticket to and would like to give that to a deserving soul...

    12 proslijeđenih tweetova 4 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. 2. lis 2019.

    With the evil genius of and

    shares real-world examples of what was identified during the assessment of various Cloud built systems at in Briefing ‘Reverse Engineering and Exploiting Builds in the Cloud.’
    6 proslijeđenih tweetova 12 korisnika označava da im se sviđa
    Poništi
  17. 27. ruj 2019.

    We've had a lot of fun with this research, and I'm really looking forward to sharing it with everyone Europe.

    Super stoked that , and myself will be sharing some cloud pwnage this year at London with our talk "Reverse Engineering and Exploiting Builds in the Cloud"!
    1 reply 1 proslijeđeni tweet 9 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    18. ruj 2019.

    Know what’s better than waking up to see what your team has been pwning while you slept? Having the engineering teams creating/releasing a fix in ~10mins, and then going the extra mile because they care. Symbiosis folks. 🤘💜

    1 reply 5 proslijeđenih tweetova 34 korisnika označavaju da im se sviđa
    Poništi
  19. 16. srp 2019.

    CVE-2019-13139 ; command injection in `docker build`:

    command execution in the docker build command
    7 replies 123 proslijeđena tweeta 203 korisnika označavaju da im se sviđa
    Poništi
  20. 11. srp 2019.

    New blog post up! Bypassing a Docker AuthZ plugin and using docker-containerd for privesc.

    45 proslijeđenih tweetova 73 korisnika označavaju da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    22. lip 2019.

    On my way to Boston to attend the first , any restaurant recommendations or just foodie places in general?

    2 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Poništi

@_staaldraad još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·