Eloi Sanfelix

@esanfelix

Security researcher with experience in embedded system security from chip design to software vulnerabilities and exploitation. CTF player.

NL
limited-entropy.com
Vrijeme pridruživanja: rujan 2009.
23 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @esanfelix

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @esanfelix

  1. proslijedio/la je Tweet
    20. stu 2019.

    CFP is ending 2nd of December. Don't forget to submit your talk!

    1 reply 17 proslijeđenih tweetova 14 korisnika označava da im se sviđa
    Poništi
  2. 20. lis 2019.

    I've just pushed a write-up describing the code, my original solution using modprobe_path and an alternative with a KASLR bypass and credential modification to . I'd love to hear if anyone used a different approach (or bugs!)

    I added the challenge source code. There is at least 1 (intended) security bug and 2 unintended functional bugs in there. Can you find them all? Can you exploit the security issue? I know of at least 3 people who did after the CTF. Let me know if you do too!
    1 reply 24 proslijeđena tweeta 40 korisnika označava da im se sviđa
    Poništi
  3. 4. lis 2019.

    I added the challenge source code. There is at least 1 (intended) security bug and 2 unintended functional bugs in there. Can you find them all? Can you exploit the security issue? I know of at least 3 people who did after the CTF. Let me know if you do too!

    I contributed a kernel pwnable challenge to the r2con 2019 CTF organized by and . Unfortunately it went unsolved... I've pushed it to , and will later update source code and [even later] exploit. Let me know if you give it a try!
    5 proslijeđenih tweetova 20 korisnika označava da im se sviđa
    Poništi
  4. 27. ruj 2019.

    I contributed a kernel pwnable challenge to the r2con 2019 CTF organized by and . Unfortunately it went unsolved... I've pushed it to , and will later update source code and [even later] exploit. Let me know if you give it a try!

    35 proslijeđenih tweetova 80 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    6. ruj 2019.

    CfP is now open! You know what to do :)

    1 reply 48 proslijeđenih tweetova 90 korisnika označava da im se sviđa
    Poništi
  6. 18. kol 2019.

    Big shout out to and everyone involved in organization of . And thanks to all attendees for maintaining the great atmosphere!

    1 reply 1 proslijeđeni tweet 16 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    13. kol 2019.

    I'm publishing some 🔥 research today, a major design flaw in Windows that's existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation.

    77 replies 1.999 proslijeđenih tweetova 4.069 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    8. kol 2019.

    Stuck in the sandbox? We've got your back! Deep dive analysis and full exploit of a Chrome IndexedDB race condition by and :

    85 proslijeđenih tweetova 130 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    29. svi 2019.

    We have published some vulnerabilities we found during an internal research. Further news will come soon, stay tuned! - Technical Advisory: Multiple Vulnerabilities in Lexmark Printers /cc

    37 proslijeđenih tweetova 52 korisnika označavaju da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    27. svi 2019.

    We just published the slides for the TEE presentation gave at and , and kicking off part 1/4 of a blog post series about this research.

    1 reply 98 proslijeđenih tweetova 158 korisnika označava da im se sviđa
    Poništi
  11. 10. tra 2019.

    Made it to seoul for , will be arriving at the venue in about an hour. Ping me if you're around and like to meet up.

    1 proslijeđeni tweet 12 korisnika označava da im se sviđa
    Poništi
  12. 25. ožu 2019.

    : keep your webex window in sight so you can notice if your connection drops XD Despite that hiccup, and the lack of visual feedback (am I being clear enough or is everyone confused right now?), I enjoyed it and got useful feedback. Looking forward to

    I learned so much in so short a time! That said, EVEN AN ALREADY GREAT TALK will get lots of feedback at an INFILTRATE dry run. Often just because there were some random confusions that one of us had that can be cleared up with some additional detail.
    1 proslijeđeni tweet 9 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    22. ožu 2019.

    Use whatever tool you want, I do use both IDA and Ghidra. But stop being a fucking dick and acting like it's holy war insulting , , Arnaud and all the other people making a living by coding the tool we all have been using for fucking decades.

    23 proslijeđena tweeta 120 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    20. ožu 2019.

    BFS Ski Seminar in Seefeld and Axamer Lizum!

    7 proslijeđenih tweetova 18 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    14. velj 2019.

    "White-Box Cryptography: Don’t Forget About Grey-Box Attacks" in Journal of Cryptology ヽ(^o^)ノ Courtesy link: (requires js)

    10 proslijeđenih tweetova 24 korisnika označavaju da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    5. velj 2019.

    If you liked the blog post I published about how I discovered and exploited a vulnerability in Android (), you shouldn't miss my talk at , where I'll disclose three similar vulnerabilities, but much more interesting in terms of impact.

    30 proslijeđenih tweetova 61 korisnik označava da mu se sviđa
    Poništi
  17. proslijedio/la je Tweet
    1. velj 2019.

    Interested to learn more about Trusted Execution Environment security? In a few weeks I will present my work on fuzzing TEEs. I will discuss the challenges of fuzzing these isolated environments and show a prototype fuzzer for OP-TEE using AFL

    14 proslijeđenih tweetova 26 korisnika označava da im se sviđa
    Poništi
  18. 31. sij 2019.

    And if you miss both Infiltrate and zer0con, stay tuned for the blog posts and materials on the blog after the talks ;)

    5 proslijeđenih tweetova 18 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. 31. sij 2019.

    Happy to announce I'll also be presenting at !

    1) Speaker of Zer0Con: Eloi Sanfelix() Topic: TEE Exploitation by example: exploiting Trusted Apps in Samsung's TEE Presenting the API between TAs and TDs and zoom into how we exploited SVE-2018-12881 to compromise the Linux kernel and the RKP hypervisor.
    8 proslijeđenih tweetova 28 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. 28. sij 2019.

    Yeah, that's right, I'll talk about TEE exploitation at Infiltrate. Excited and honored to be part of such an amazing speaker line up!

    Congrats to for receiving a 140k bounty from Samsung. Details will be presented at this year.
    18 replies 32 proslijeđena tweeta 107 korisnika označava da im se sviđa
    Poništi

@esanfelix još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·