Devin Ferguson

@devinbfergy

Computer science student. I dream of being a l33t Haxor or maybe just a simple systems engineer.

Vrijeme pridruživanja: prosinac 2012.

Tweetovi

Blokirali ste korisnika/cu @devinbfergy

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @devinbfergy

  1. Prikvačeni tweet
    8. lip 2017.

    For those that follow me because we are friends I'm sorry not sorry that I retweet all the info sec stuff...

    Poništi
  2. proslijedio/la je Tweet
    6. velj

    If you are on iOS 13.3.1, you still have a chance to downgrade to iOS 13.3. If you are on iOS 13.0-13.2.3, you can update to iOS 13.3. If you are already jailbroken, save blobs and consider staying on your current version for now.

    Poništi
  3. proslijedio/la je Tweet
    3. velj

    A tool for automating cracking methodologies through Hashcat from

    Poništi
  4. proslijedio/la je Tweet
    4. velj

    I've just released new version of the iOS Security Suite 🚀 * New verbose&filterable amIJailbrokenWithFailedChecks() method 🛰 * New anti-re indicator 👽

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    4. velj

    Something I've been working on a lot, an update to infosec_getting_started! A collection of useful Infosec links separated by topic! Share this if you think it'll help someone learn more about Infosec or its sub-topics!

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    1. velj

    RE just retired from . As the creator of the box, I tried to bring phishing/macro obfuscation concepts to the initial access. The intended privescs were the WinRar ACE file exploit, and XXE in Ghidra. I'll show two unintended privescs too.

    Poništi
  7. proslijedio/la je Tweet
    31. sij

    Want to see how the red team weaponizes threat intel for R&D and TTP development? Check out some research I did with and . Also includes some new executables that can be used for DLL abuse.

    Poništi
  8. proslijedio/la je Tweet
    30. sij

    I found this article to be excellent. From building Windbg Tooling to working exploits. Its a dense and rich read. Really well done. I thought. Introduction to SpiderMonkey exploitation.

    Poništi
  9. proslijedio/la je Tweet
    28. sij

    Just published my latest blog titled (Ab)using Kerberos from Linux, which covers common Kerberos abuse vectors, as well as how to exploit them from Linux using Impacket. Check it out here:

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    28. sij

    Denying workstation to workstation communication makes lateral movement harder for attackers. Windows Firewall, FTW!

    Poništi
  11. proslijedio/la je Tweet
    14. sij

    I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell PoC exploit code:

    Poništi
  12. proslijedio/la je Tweet
    14. sij

    Blog describing how to decrypt passwords stored in Citrix Netscaler config Two likely attack paths post Netscaler compromise 1️⃣Decrypt AD service account password in ns.conf 2️⃣Steal session token & take over user’s session (similar to Heartbleed)

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    12. sij

    Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)

    Poništi
  14. proslijedio/la je Tweet
    11. sij

    Surprise: you can search GreyNoise by CVE now. Shoutout and for pulling this together these past few days at breakneck speed.

    Poništi
  15. proslijedio/la je Tweet

    New tool release for exploiting CVE-2019-19781. All for responsible disclosure and wish there had been a longer period before researchers had posted this publicly to give defenders a chance to fix. No sense in keeping private now, and hopefully this can be used to test and fix.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    9. sij

    Remember that nation states don't start hacking during moments of instability or crisis. They've been compromising systems and putting implants in place for years. You cannot just look at the parameter. You need to look in your network for existing footholds - yesterday.

    Poništi
  17. proslijedio/la je Tweet
    10. sij

    I just published "Hunting Good Bugs with only <HTML>" I hope you enjoy this post!

    Poništi
  18. proslijedio/la je Tweet
    9. sij

    People that doubt malicious actors are innovating peep this post => . Naturally, at the end of it they are serving the victim with some hot garbage implant but there is proper tradecraft in the loader.

    Poništi
  19. proslijedio/la je Tweet
    6. sij

    One of the scarier bugs I’ve found: with Microsoft’s go-ahead & after many hours spent, I’m excited to finally publish this writeup and PoC! 👩🏼‍💻

    Poništi
  20. proslijedio/la je Tweet
    6. sij

    BattlEye has for the past year been detecting unknown cheats using memory heuristics combined with a method known as stack walking:

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    2. sij

    To bring in the new year here's a new blog post about empirically testing Windows Service Hardening to see if it is really not a security boundary even on Windows 10. h/t

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·