Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @galdeleon
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @galdeleon
-
Gal De Leon proslijedio/la je Tweet
Privilege escalations with WER and
@galdeleon by exploiting file overwritespic.twitter.com/bLbc55MhrI
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
The quote's missing the first part of the sentence: "like
@0xcharlie used to say.." :)https://twitter.com/BlueHatIL/status/1225081134876413952 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
This is what I've been working on recently. Together with the hardlink mitigation, they will mitigate >100 vulnerabilities we've received in the past year. Stay tuned. https://twitter.com/dwizzzleMSFT/status/1225048404298027008 …pic.twitter.com/kmPqfhJvhb
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
Hardlink/Junction mitigations, finally!https://twitter.com/DannyOdler/status/1224989571303251968 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Excited to speak at
@BlueHatIL about logical vulnerabilities I discovered in Windows Error Reporting
https://twitter.com/BlueHatIL/status/1219306208554889216 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Gal De Leon proslijedio/la je Tweet
First blog post in a short series about some vulnerabilities that I found in Ubuntu's crash reporter earlier this year. I learned a lot from working on the exploits, so I am going to share some of the tips and tricks that I learned. https://securitylab.github.com/research/ubuntu-whoopsie-daisy-overview …pic.twitter.com/hqNAm8Bnzn
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
From dropbox(updater) to NT AUTHORITY\SYSTEM http://decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/ …pic.twitter.com/oE18Y62hn3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
I really think the hardlink protection in windows needs back porting to all supported OSes. Surely cheaper than paying all the bounties. Make it happen
@epakskape
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
New blog post outlining how to use my .NET RPC Client tooling from PowerShell and C# to test and exploit local RPC security vulnerabilities. Also an early xmas present for those who enjoy long standing design flaws in UAC :-) https://googleprojectzero.blogspot.com/2019/12/calling-local-windows-rpc-servers-from.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
Day 2 of our Top 5 bugs for 2019 is an LPE in win32k.sys through indexed color palettes. The deep and thorough analysis is provided by Marcin Wiązowski, who reported the bug. http://bit.ly/38O65s0
#ZDITop5Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
In the 1st of our Top 5 bugs for 2019,
@hosselot takes a look at a sandbox escape in#Firefox originally submitted to the program by@_niklasb. Read the details at http://bit.ly/2M0XatD#ZDITop5Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
https://sandboxescaper.blogspot.com/2019/12/chasing-polar-bears-part-one.html … Here is part one. Pretty sure the attack surface described has many more bugs (not just the vmware tools installer.. I doubt this bug is exploitable in the first place, just wanted something to demo that is unpatched, easier for folks to learn!)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
Released to go with my
#POC2019 talk, a project which contains a C# client for almost every ALPC RPC server on Windows 7 through Windows 10 1909. Could be useful for EoP research, fuzzing etc.https://github.com/tyranid/WindowsRpcClients …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
Hey people I just wrote a short post on another kernel info leak I found and a bit about how I approached this research. Hopefully you will find it interesting. Feedback is welcome.https://www.ragestorm.net/blogs/?p=486
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
The slides of our talk "Pool Fengshui in Windows
#RDP Vulnerability Exploitation" at#bluehatseattle are available. https://github.com/ga1ois/BlueHat-2019-Seattle … Three ways for Pool Feng Shui with RDP PDU, two new methods to exploit CVE-2019-0708#bluekeep.pic.twitter.com/4ny08Ba4TL
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
I wrote up my comments on the technical aspect of the WhatsApp Vs NSO lawsuit herehttps://acepace.net/security/history/2019/11/29/NSO_whatsapp.html …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
There is my writeup about my research on DsSvc. I finally got 4 CVEs on this service, all of them are easy to lead EoP. It is a really simple but long story lol

https://whereisk0shl.top/post/a-simple-story-of-dssvc …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gal De Leon proslijedio/la je Tweet
Blog post on CVE-2019-2215, the Android binder bug that was exploited in-the-wild and affected most Android devices manufactured prior to Fall 2018. https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
fg