Andrea Fioraldi

@andreafioraldi

Msc CE @ CTF with & . malweisse on IRC. Binary stuffs, programming languages and fuzzing.

Italy
Vrijeme pridruživanja: lipanj 2017.

Tweetovi

Blokirali ste korisnika/cu @andreafioraldi

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @andreafioraldi

  1. This can't happen with Motherfucking CTF () cause there isn't password recovery. If you lose a password while playing a CTF, you deserve to loose 😂

    Poništi
  2. proslijedio/la je Tweet
    prije 23 sata

    VSCode x * VSCode based GUI * Interactive terminal * Remote file browser (Yes!) * Open source Not on market yet. But you can built it from the source:

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet

    ~~~~ Update ~~~~ The slides of this Friday's meeting are now online. Download them from the website or from GitHub () /cc

    Poništi
  4. 31. sij

    This afternoon don't miss our talks about and the recent work on MDS for CPU instrospection. 👉

    Poništi
  5. 30. sij

    Happy to announce a new LLVM instrumentation for AFL++ called CmpLog that feeds the fuzzer with comparisons operands extracted with SanCov. I used it to build the Redqueen mutator in AFL++!

    Poništi
  6. 30. sij

    So now we have also the power metal edition of mhackeroni/sourcloud.

    Poništi
  7. proslijedio/la je Tweet
    30. sij

    Do you know ? It brings interesting add-ons to AFL. used it during his fuzzing research to create custom instrumentation whitelists, increasing AFL code coverage

    Poništi
  8. proslijedio/la je Tweet
    27. sij

    Next meeting schedule is out! 31 Jan, 5 p.m. - Breaking the walls: CPU introspection through micro-architectural data sampling, by - Breaking apps from the inside: an introduction to the FRIDA binary instrumentation framework, by Radamanth

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    27. sij

    Can't wait to present the progress we've made since at ! tfp0, full disk mounts with our own block device driver, most of the iOS services running, ssh and a textual framebuffer.

    Poništi
  10. 25. sij

    This opens a landscape of possibilities in the sanitization of IOT firmwares, maybe also "Sanitized Re-hosting". I have to patch compiler-rt to have meaningful error reports, but this shit seems promising.

    Prikaži ovu nit
    Poništi
  11. 25. sij

    This morning I decided to experiment a bit with QASan in full system mode. It works with a small firmware and now I'm trying to boot a patched SerenityOS. You can find my attempts here:

    Prikaži ovu nit
    Poništi
  12. 22. sij

    Does anyone know if there is a fast and thread-safe allocator consisting of a single C file?

    Poništi
  13. proslijedio/la je Tweet
    19. sij
    Poništi
  14. 14. sij

    Strange things happen when you read advisories while drinking in a pub, . Btw I just downloaded KolibriOS to be safe, checkmate NSA.

    Prikaži ovu nit
    Poništi
  15. 14. sij

    Suppose that with CVE-2020-0601 a state-actor can insert malicious code in win updates. Now suppose that NSA is backdooring the patch using the vuln itself and it disclosed the vuln to force all to install the backdoored patch. Can we call it vuln-inception?

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    14. sij

    If anyone wants to use unicorn afl with good ol' C, here's how to do it

    Poništi
  17. 7. sij

    I saw your tweet, enjoy Superion.

    Prikaži ovu nit
    Poništi
  18. 7. sij

    Today the Superion fuzzer is not anymore open-source on GitHub () so I created an organization called Fuzzers-Archive that aims to collect unmaintained fuzzers to prevent this situation. Open an issue to ask for additions:

    Prikaži ovu nit
    Poništi
  19. 7. sij

    The dream team was dpstart lucaferrera

    Prikaži ovu nit
    Poništi
  20. 7. sij

    It uses an abstraction of VEX (register juice, CFG info and other stuffs) to produce shingles for minhash and then query the top-k similar routines. The hashes are maintained in MySQL and each lookup costs 8 queries on an index (so 8*log(M) that is juicy).

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·