Pawel Wylecial

@h0wlu

Penetration Tester / Security Researcher / co-founder / Browsers & fuzzing / co-founder

Poland
Vrijeme pridruživanja: svibanj 2012.

Tweetovi

Blokirali ste korisnika/cu @h0wlu

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @h0wlu

  1. Prikvačeni tweet
    6. pro 2019.

    A while back I did a quick fuzzing exercise on Google Chrome <portal> element

    Poništi
  2. proslijedio/la je Tweet
    20. sij

    Nice collection of chrome sandbox escape POCs/exploits and methodology, go check it out !

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    18. sij

    My first blog post on browser exploitation for . I'll look at how to pop xcalc on current Linux Spidermonkey given a relative (oob) rw bug. Spidermonkey is the JavaScript Engine in Firefox. Exploit code also supplied.

    Poništi
  4. proslijedio/la je Tweet
    16. sij

    Whoever fights monsters should see to it that in the process he does not become a monster. And if you gaze long enough into an abyss, the abyss will gaze back into you. WarCon V (Pentagram Edition) scheduled for 29 & 30th May 2020 \m/

    Poništi
  5. proslijedio/la je Tweet
    9. sij
    Poništi
  6. 9. sij

    Just got rewarded for reporting another UAF in Google Chrome :)

    Poništi
  7. proslijedio/la je Tweet
    24. pro 2019.

    Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws.

    Poništi
  8. 18. pro 2019.

    Chrome 77 September release notes have just been updated with CVE-2019-13766 that I reported

    Poništi
  9. proslijedio/la je Tweet
    10. pro 2019.

    new Code Search !! Yee~

    Poništi
  10. proslijedio/la je Tweet
    6. pro 2019.

    Good thing people are looking at <portal>😊 It also introduces new way to pass data across origin (just like postMessage) where you can't tell which origin sent the data😂

    Poništi
  11. proslijedio/la je Tweet

    IE: Use-after-free in JScript arguments during toJSON callback

    Poništi
  12. proslijedio/la je Tweet

    I am starting a new thing named Research Notes, which is the open source fraction of my research notebook on systems internals, vulnerability discovery and exploit development: And the first Research Note: “iBoot address space”

    Poništi
  13. proslijedio/la je Tweet
    9. stu 2019.

    CVE-2019-1356 - Microsoft Edge (EdgeHTML) Local file disclosure + EoP write up

    Poništi
  14. proslijedio/la je Tweet
    7. stu 2019.

    Chrome: Site Isolation bypass and local file disclosure via Payment Handler API

    Poništi
  15. proslijedio/la je Tweet
    7. stu 2019.

    WebKit: Integer overflow in NodeRareData::m_connectedFrameCount can lead to UXSS and type confusion

    Poništi
  16. proslijedio/la je Tweet
    4. stu 2019.

    WebKit: Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive

    Poništi
  17. proslijedio/la je Tweet
    4. stu 2019.

    JSC: Type confusion during bailout when reconstructing arguments objects

    Poništi
  18. proslijedio/la je Tweet

    Gathered some of my proof-of-concepts and analysis notes on zero day vulnerabilities that I discovered or researched in the past few years, on my github: . Enjoy

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet

    JSC: GetterSetter type confusion during DFG compilation

    Poništi
  20. proslijedio/la je Tweet

    WebKit: Universal XSS in HTMLFrameElementBase::isURLAllowed

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·