stephen

@_tsuro

CTF player with Eat, Sleep, Pwn, Repeat. Security engineer at Google.

Zurich, Switzerland
Vrijeme pridruživanja: kolovoz 2011.

Tweetovi

Blokirali ste korisnika/cu @_tsuro

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_tsuro

  1. Prikvačeni tweet
    28. pro 2018.

    My latest Chrome bug just got derestricted. Did you know that floats have a minus zero? Turns out if you forget about it, that can mean RCE :).

    Poništi
  2. proslijedio/la je Tweet
    prije 5 sati
    Poništi
  3. proslijedio/la je Tweet
    prije 18 sati

    Pointer Compression in V8 (and what it means for browser exploits)

    Poništi
  4. proslijedio/la je Tweet
    27. sij

    We sent this PoC to Intel on May 16, just hours after we got access to the patches. The paper from last year already describes the issue. Media already reported about it in November: Where's the news?

    Poništi
  5. proslijedio/la je Tweet
    27. sij

    Finally, the wait is over! We present CacheOut, a new speculative execution attack to leak data on Intel CPUs: , Andrew Kwong, Daniel Genkin and

    Poništi
  6. proslijedio/la je Tweet
    21. sij

    Week has passed... If you said 20+ you were right. 30 on dashboard (open+pending) My local instance has 70(!): All reachable by unpriv users That's not all. To find more we need to fix these first, otherwise it just keep crashing

    Poništi
  7. proslijedio/la je Tweet
    15. sij

    Assert yourself on the browser playground with ’s guide to hunting Chrome IPC sandbox escapes:

    Poništi
  8. proslijedio/la je Tweet
    15. sij

    Brace yourselves, more netfilter bugs are coming! Bets on number of bugs in the first week

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    14. sij

    I'm reliably informed that the washington post don't know what they're talking about, it's not an authenticode issue, and is in fact a big deal.

    Tweet je nedostupan.
    Poništi
  10. proslijedio/la je Tweet
    13. sij

    here’s something that’s been stressing me out a lot for a while, that I should probably keep to myself, but can’t stand doing so. One of the exploit techniques in the first of the chains found ITW by p0 looks a lot like it was heavily inspired from some of my private stuff.

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    9. sij

    I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    7. sij

    Full analysis and exploit for Windows kernel ws2ifsl use-after-free (CVE-2019-1215) by our researcher

    Poništi
  13. 6. sij

    I gave a lightning talk at the on PathAuditor: The main point I tried to make is that this bug class is fun to research and easy to find. If you've watched it, I'd love some feedback:

    Poništi
  14. proslijedio/la je Tweet
    27. pro 2019.

    For all women interested in playing the - There will be a short introduction at the blckpwny tables at 21:30 today with the opportunity to join the blckpwny team.

    Poništi
  15. proslijedio/la je Tweet

    You want to play some before 2019 ends? got you covered! -> (powered by ) ->

    Poništi
  16. 27. pro 2019.

    On my way to \o/. Hit me up if you want to chat about CTFs, Chrome exploitation or any other security topics!

    Poništi
  17. proslijedio/la je Tweet
    23. pro 2019.

    Ever wondered what makes a CTF challenge good? I've asked myself that many times. I wrote this to help me answer that question based on discussions with others in the community

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    17. pro 2019.

    Simplest and strangest sandbox escape I've found in Chrome was just derestricted

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    16. pro 2019.

    Can also be used as a straight sbx escape given a Spidermonkey bug: just set a malicious WPAD script via preferences, it will be executed in the UI process.

    Poništi
  20. proslijedio/la je Tweet
    14. pro 2019.

    I repropose my notes about x86, Linux and virtualization in a single text file (~2500 lines only) for my fellow students in Sapienza.

    Poništi
  21. proslijedio/la je Tweet
    10. pro 2019.

    I see a lot of complaints in my Twitter stream about academic conferences rejecting papers. I think many somewhat miss the point - a lot of unfair rejections are a direct result of the current incentive structures that generate too many papers and focus them on too few confs.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·