Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @ahpaleus
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ahpaleus
-
ahpaleus proslijedio/la je Tweet
I found this article to be excellent. From building Windbg Tooling to working exploits. Its a dense and rich read. Really well done. I thought. Introduction to SpiderMonkey exploitation. https://doar-e.github.io/blog/2018/11/19/introduction-to-spidermonkey-exploitation/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
What a start of the year. We have finished at 5th position in
@1ns0mn1h4ck Teaser 2020!
pic.twitter.com/enOEvWCQ9m
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
After a lot of work and some crypto-related delays, I couldn't be more proud to publish
@aionescu's and mine latest research - The complete overview of CET internals on Windows (so far!): http://windows-internals.com/cet-on-windows/Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell https://srcincite.io/blog/2020/01/14/busting-ciscos-beans-hardcoding-your-way-to-hell.html … PoC exploit code: https://srcincite.io/pocs/cve-2019-15975.py.txt … https://srcincite.io/pocs/cve-2019-15976.py.txt … https://srcincite.io/pocs/cve-2019-15977.py.txt …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
If you are interested in cryptography this free book is a must-read. https://toc.cryptobook.us/
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
Here is the first post of my planned fuzzing (file parsers) series: https://foxhex0ne.blogspot.com/2020/01/lets-get-things-going-with-basics-of.html … As promised it is foundation level and mainly targeted to people starting with fuzzing. The next post will continue from it and will cover my approach to collecting files for mutating.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
Slides + recording of my
#36c3 talk: https://saelo.github.io/presentations/36c3_messenger_hacking.pdf … https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage … had to omit many details, but blogpost coming soon!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
Public the exploit code for cve-2019-8038 and cve-2019-8039. Two UAF bug in Adobe reader DC. It could pop a calc after disable ASLR. More details will be described after my final exam....https://github.com/redogwu/pdf/tree/master/adobe …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
My "simple" XSS challenge is over! Once again congratz to
@shafigullin@SecurityMB@BenHayak@element14_23 and@insertScript for solving it! But also to everyone else that tried their best. Have you found all 11 vulnerabilities?
https://medium.com/@terjanq/clobbering-the-clobbered-vol-2-fb199ad7ec41 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
New writeup, one of my favorite bugs
-
Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty
https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/ …
Featuring...
@d0nutptr@0xacb@Regala_@JLLiS@Yassineaboukir@plmaltaispic.twitter.com/RomLgdCcSC
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
If you're a hiring manager in infosec, here's your 2020 goal : hire at least 1 person with no experience in infosec at all. Let them challenge everything. Every damn thing.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
Using request smuggling to increase the severity of an otherwise-harmless IDOR, by
@_hipotermia_https://hipotermia.pw/bb/http-desync-idor …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
Just in case someone wonders: bcrypt.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
Hey! We are organizing justCTF just before the end of the year. https://ctftime.org/event/943 Are you ready to compete for big prizes?
If the answer is YES - RT!
Thanks to @trailofbits and@wirtualnapolska for sponsoring the event!
#capturetheflag#ctfpic.twitter.com/E2PHoobGVP
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
Here is an exploit chain I wrote for Firefox that gets RCE via CVE-2019-9810 and escape the sandbox with CVE-2019-11708/CVE-2019-9810. Once compromised, it drops a payload and injects privileged JS code in already/newly created tabs. https://github.com/0vercl0k/CVE-2019-11708 …pic.twitter.com/LeAOCgqpMG
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
This turned out to be a real vulnerability!
The certificate was issued by @digicert, who are now required to revoke it. It was issued before mandatory CT, so didn't show up in http://crt.sh . See https://twitter.com/sleevi_/status/1202046844240572416 … for context.https://twitter.com/SwiftOnSecurity/status/1202034106495832067 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je Tweet
https://sandboxescaper.blogspot.com/2019/10/hunting-for-filesystem-bugs.html … Here is a recent writeup that I did. It's not as indepth as I want. I'll write a definitive guide for hunting these bugs starting with 0 knowledge when I'm home in a few weeks. I'll also upload all my pocs to github, including recent bugs. I'm pissed. Bye
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
ahpaleus proslijedio/la je Tweet
Coolest thing I did on a real server was turning a JSONP endpoint into XSS:
$add_header('Content-Type','text/html') Given the right misconfiguration, you could probably upload a profile pic with embedded tags and have it come back as text/html.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ahpaleus proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.