Maxim Goryachy

@h0t_max

Hardware/Software/Firmware/IntelME Researcher. Opinions are my own and not the views of my employer.

Vrijeme pridruživanja: rujan 2016.

Tweetovi

Blokirali ste korisnika/cu @h0t_max

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @h0t_max

  1. Prikvačeni tweet
    1. tra 2019.

    We've updated our IntelTXE-POC. Now it allows you to bring up the main CPU and use all the amazing features of the Intel VISA technology.

    Poništi
  2. proslijedio/la je Tweet
    27. sij

    [Мастер-класс] DMA-атаки на практике. Эксплоит через прямой доступ к памяти. Практическое занятие по эксплуатации уязвимостей низкоуровневого доступа к оперативной памяти (Direct Memory Access). Дата: суббота 1 февраля 2020

    Poništi
  3. proslijedio/la je Tweet
    22. sij

    We've found a bug in CSME on-die ROM!💥 Intel says it's already targeted by CVE-2019-0090 (). Security Fuses can be extracted! 🔥 Mehlow and Cannon Point chipsets are affected. Stay tuned!

    Poništi
  4. proslijedio/la je Tweet
    21. sij
    Poništi
  5. proslijedio/la je Tweet
    20. sij

    Intel Cannon Point chipset (300 series) as well as Apollo Lake and Gemini Lake SoCs have very dangerous Delayed Authentication Mode (DAM) vulnerability allowing arbitrary code execution and the root key prediction. Detailed write-up is coming. Stay tuned.

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    9. sij

    Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass

    Poništi
  7. proslijedio/la je Tweet
    7. sij

    SHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust: G Leurent, T Peyrin

    Poništi
  8. proslijedio/la je Tweet
    10. pro 2019.

    Embargo ends - is public: It allows to induce faults into computations in SGX, breaking crypto and corrupting memory. Great collaboration with Kit Murdock, , , , Frank Piessens!!

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    3. pro 2019.

    MemProcFS v3.0 finally released 🔥 Super fast memory analysis in convenient file system or C/Python API. Now support Threads, Handles, VADs! Completely rewritten memory core -> way better memory&file recovery rates 😀

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    23. stu 2019.

    This very pictorial scheme proves a link between IOSF Side Band segments of CPU complex and PCH in modern platforms (Cannon Lake, Ice Lake). So, the question is whether now Intel CSME has an access to MEE of Intel SGX which is certainly connected to IOSF SB

    Poništi
  11. proslijedio/la je Tweet
    Poništi
  12. proslijedio/la je Tweet
    23. lis 2019.

    OFFZONE 2020 — April 16-17, Moscow, Russia. Save the date! 🗓 📝Call for Papers is now officially open — get your talk proposals submitted 📜👉🏻 Make sure to check out Speaker Benefits and CFP Principles ➡️ See you at OFFZONE 2020!

    Poništi
  13. proslijedio/la je Tweet

    Happy to see more usages of Credential Guard protection in Windows 10 (enterprise/business), with persistance across reboots. * BCryptIsoKeyData for CNG private keys ; * Credential for domain_password credentials ; * LsaIsoAsymmetricKeyBlob for MachineBoundCertificate.

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    12. stu 2019.

    Intel discloses remote 'privileges escalation' vulnerability in CSME for non-vPro systems (not having AMT module). That's a precedent breaking well recognized assumptions about remote attacks on CSME (CVE-2019-0169):

    Poništi
  15. 12. stu 2019.

    Perfect keynote "Hardware Security is Hard: How Hardware Boundaries Define Platform Security" by on 2019

    Poništi
  16. proslijedio/la je Tweet
    9. stu 2019.

    A very interesting work proposing a use of Intel CSME as basis for system integrity check (of hypervisor, smram, os):

    Poništi
  17. proslijedio/la je Tweet
    2. stu 2019.

    I just did the full disclosure of the exploitable bugs in the 'vivid' driver of the Linux kernel:

    Poništi
  18. proslijedio/la je Tweet
    24. lis 2019.

    ": The iPhone Exploit That Hackers Use to Research Apple’s Most Sensitive Code" This is what the title of this write-up would be if it was a VICE article. This is a detailed write-up of the vulnerability I found and how the exploit really works.

    Poništi
  19. 22. lis 2019.

    Today is my last working day at , I want to say thanks to , , and for pleasant atmosphere, amazing researches, perfect time and discussions.

    Poništi
  20. proslijedio/la je Tweet
    16. lis 2019.

    Just uploaded the slides for the talk "Building High Performance Security Research Teams" in - Due to logistics problems the talk did not happen. Thanks for replacing me last minute: You are super!

    Poništi
  21. 12. lis 2019.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·