Ben Hawkes

@benhawkes

Project Zero team lead

Vrijeme pridruživanja: kolovoz 2008.

Tweetovi

Blokirali ste korisnika/cu @benhawkes

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @benhawkes

  1. prije 52 minute

    We're excited to welcome Felix Wilhelm () to Project Zero today!

    Poništi
  2. proslijedio/la je Tweet
    30. sij

    Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy!

    Poništi
  3. 9. sij

    Quick reminder that we're still updating the "0day detected in-the-wild" spreadsheet here: . The first entry for 2020 is now in the books -- CVE-2019-17026 is a type confusion issue in the JIT engine for Firefox, detected in active attacks by Qihoo 360 ATA.

    Poništi
  4. 9. sij

    Project Zero blog: "Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution" by Samuel Groß () --

    Poništi
  5. 9. sij

    Project Zero blog: "Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass" by Samuel Groß () --

    Poništi
  6. proslijedio/la je Tweet
    9. sij

    I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:

    Prikaži ovu nit
    Poništi
  7. 9. sij

    Project Zero blog: "Remote‌ ‌iPhone‌ ‌Exploitation‌ ‌Part‌ ‌1:‌ ‌Poking‌ ‌Memory‌ ‌via‌ ‌iMessage‌ ‌and‌ ‌CVE-2019-8641‌" by Samuel Groß () --

    Poništi
  8. proslijedio/la je Tweet
    7. sij

    Kudos to the GPZ team for their willingness to explore new vulnerability disclosure policies in addition to doing great research :) At the risk of wading into a disclosure debate (plz no), I think these policy changes will help improve customer safety

    Poništi
  9. proslijedio/la je Tweet
    7. sij

    At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):

    Poništi
  10. 7. sij
    Poništi
  11. proslijedio/la je Tweet
    17. pro 2019.

    New blog post outlining how to use my .NET RPC Client tooling from PowerShell and C# to test and exploit local RPC security vulnerabilities. Also an early xmas present for those who enjoy long standing design flaws in UAC :-)

    Poništi
  12. 11. pro 2019.

    New guidance on Linux-stable Merges for Android: -- looks positive, reducing the patch gap for upstream kernel security bugs is really important. The window of exposure for publicly known issues is too long at the moment.

    Poništi
  13. proslijedio/la je Tweet
    10. pro 2019.

    I'm really excited about this video. It has been in the making for a long time. It's a video with about his SockPuppet vulnerability in the XNU (iOS/Mac) Kernel and was used for jailbreaking. Haxember #10

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    10. pro 2019.

    Learn how found and exploited SockPuppet for iOS 12.4, featuring a bonus collaboration with LiveOverflow!

    Poništi
  15. 10. pro 2019.

    Project Zero blog: "SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4" by Ned Williamson () --

    Poništi
  16. proslijedio/la je Tweet

    Blog post about the work Google's Threat Analysis Group (TAG) does. Targeted phishing stats, Sandworm campaign details and disinfo campaign takedowns. We plan to do more of these.

    Poništi
  17. proslijedio/la je Tweet
    21. stu 2019.

    Blog post on CVE-2019-2215, the Android binder bug that was exploited in-the-wild and affected most Android devices manufactured prior to Fall 2018.

    Poništi
  18. 21. stu 2019.

    Project Zero blog: "Bad Binder: Android In-The-Wild Exploit" by Maddie Stone () - 

    Poništi
  19. proslijedio/la je Tweet
    28. lis 2019.

    KTRW was motivated by the desire to see better and more open tooling for security research on iPhones. Read about the journey to find the KTRR bypass:

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    28. lis 2019.

    I built an iOS kernel debugger called KTRW based on a KTRR bypass for the iPhone X. It is capable of patching kernel __TEXT_EXEC, loading kernel extensions, and performing single-step kernel debugging with LLDB and IDA Pro over USB:

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·