Alexey Stoletny

How to build a TCP proxy (Part 1) : Intro : https://robertheaton.com/2018/08/31/how-to-build-a-tcp-proxy-1/ … Fake DNS Server (Part 2) : https://robertheaton.com/2018/08/31/how-to-build-a-tcp-proxy-2/ … Proxy Server (Part 3) : https://robertheaton.com/2018/08/31/how-to-build-a-tcp-proxy-3/ … Fake Certificate Authority (Part 4) : https://robertheaton.com/2018/08/31/how-to-build-a-tcp-proxy-4/ … cc @RobJHeaton

Slides + recording of my #36c3 talk: https://saelo.github.io/presentations/36c3_messenger_hacking.pdf … https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage … had to omit many details, but blogpost coming soon!

JavaScript fuzzing with libFuzzerhttps://github.com/guidovranken/libfuzzer-js …

I wrote a thing about JSC exploitation (including how to leak StructureID) and Safari sandbox escape.https://gts3.org/2019/Real-World-CTF-2019-Safari.html …

In case you missed @natashenka's talk at @BlackHatEvents this week, here is a video showing a remote exploit for one of the iMessage bugs we found: https://youtu.be/E_9kBFKNx54  Be sure to read https://googleprojectzero.blogspot.com/2019/08/the-fully-remote-attack-surface-of.html … if you are interested in these kinds of attacks!

No info leak, no ROP, no shellcode? No problem! @HexKitchen describes his no shellcode exploit of a write-what-where vulnerability in #IE. Details athttp://bit.ly/2VVPdNh