dragosr

@dragosr

Stop, Think, Pwn!

Vortex of Cool
Joined December 2008

Tweets

You blocked @dragosr

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @dragosr

  1. Retweeted
    21 hours ago

    Get-AzurePasswords : A Tool for Dumping Credentials from Azure Subscriptions : cc

    Undo
  2. Aug 29

    Air Canada app breached. check your mail and change that password even if they tell you that you dodged that one. (When their servers stop yoyoing. :-/)

    Undo
  3. Retweeted
    Aug 28

    Security researchers and published a JTAG activation guide for Intel TXE (Intel ME mobile) >>

    Undo
  4. Aug 28

    Weaponizong MacOS WindowServer for PWN2OWN. We’ll see what else this year in Tokyo brings round At PWN2OWN Mobile at PacSec this year on Nov. 13/14. Registration opens soon, CFP will close in a couple of weeks.

    Undo
  5. Aug 28

    ALPC Priv Esc. PoCs getting faster? <12h

    Undo
  6. Aug 26

    what's under the rf cover on a raspi 3b+, the silver chips are the cypress part and the antenna is the white component above and to the left of it - this board is all kapton wrapped for heat shielding and ready for a wifibluectomy.

    Undo
  7. Retweeted
    Aug 25

    Timeline update thread!

    Show this thread
    Undo
  8. Aug 22

    Now suppose you had remote USB access over power lines, and the Zeus-mode Konami code for USB, you would likely be tempted to be an overly aggressive cyber predator too.

    Undo
  9. Aug 18
    Undo
  10. Retweeted
    Aug 17

    I hope I'm not too late to the party, but here's my take at hypervisors - meet hvpp, the simple x64/VT-x hypervisor for Windows. Repo includes example which shows CPUID interception and hiding of user-mode hooks via EPT.

    Undo
  11. Aug 16

    RF power meters have proven to be a surprisingly useful and inexpensive tool to identify inappropriate network activity of _many_ varieties on compromised hosts once baselined. Two pictured are a couple of my favorite ones. Recommended for your toolkit.

    Undo
  12. Retweeted
    Aug 11

    At hacking conference and just learned how easy it is to physically gain admin access on a voting machine that is used in 18 states. Requires no tools and takes under 2 minutes. I’m concerned for our upcoming elections.

    Show this thread
    Undo
  13. Retweeted
    Aug 14
    Replying to

    Yep, after N iterations of fuzzing and reporting the bugs to the vendor, we finally stopped seeing any more crashes. A related, important change is the fact that Win 10 handles fonts in sandboxed ring 3 (instead of ring 0), which diminishes the value of such issues

    Undo
  14. Retweeted
    Aug 14

    Meet BrokenType – the font fuzzing toolset that helped me find 39 vulns in the Windows kernel and user-mode Uniscribe library in 2015-2017. It includes a font mutator, generator and loader. Now on GitHub:

    Undo
  15. Retweeted
    Aug 13

    I accidentally found a new presentation about Intel ME (vPro) by Intel. A review of new capabilities, a indirect proof of the relationship between SGX and Intel ME.

    Undo
  16. Aug 10

    My RFSPACE antenna showed up today. Based on some quick initial tests, I can recommend them as a cost effective wideband antenna for SDRs. Going to order one of the bigger models.

    Undo
  17. Retweeted
    Aug 9
    Undo
  18. Aug 10
    Undo
  19. Aug 7

    New attack on WPA PSK, using PMKID in Optional RSN element in management frame. Attacker can request directly from AP, no client traffic needed. With known SSID hashcat can precompute crack tables for key attack from PMKID. B00M

    Undo
  20. Aug 5

    Anyone even remotely connected with designing systemd should be banished from all open source projects and preferably not ever allowed to use a code editor again, or even better, banished to some island or asteroid so that their design stupidity never infects anyone else.

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·