Tweetovi

Blokirali ste korisnika/cu @henices

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @henices

  1. proslijedio/la je Tweet
    7. sij

    At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):

    Poništi
  2. proslijedio/la je Tweet
    4. pro 2019.

    安装外部模块,一定要看清楚名称。知名 Python 模块 dateutil 和 jellyfish,被曝出现了恶意仿冒品,一个叫 python3-dateutil,另一个叫 jeIlyfish,区别是第一个 l 变成了大写的 i。 如果你不小心安装了它们,你的 SSH 密钥就被盗了。

    Poništi
  3. proslijedio/la je Tweet
    1. stu 2019.
    Poništi
  4. proslijedio/la je Tweet
    8. kol 2019.

    Here are the slides from my talk on reversing Android pre-installed apps & case studies of pre-installed security issues!

    Screenshot of my title slide "Securing the System: A deep dive into Reversing Android Pre-Installed Apps"
    Poništi
  5. proslijedio/la je Tweet
    10. lis 2019.

    What is it that makes modern fuzzers successful? (Hint: It might not be what you think, and this raises questions.)

    When Results Are All That Matters: The Case of the Angora Fuzzer
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    8. lis 2019.

    A couple of users asked me to implement corpus minimization in honggfuzz. Here it is (just add -M to your cmdline flags):

    Poništi
  7. proslijedio/la je Tweet
    25. ruj 2019.

    This has bitten me twice now, so let me reiterate: if you do fuzzing on Windows with Application Verifier (PageHeap etc.), disable logging first: appverif -logtofile disable otherwise your target will start for seconds and then minutes due to linear search of a log file name 😬

    Poništi
  8. proslijedio/la je Tweet
    22. kol 2019.

    New blog post on an iMessage bug that allows files to be read off an iPhone remotely!

    Poništi
  9. proslijedio/la je Tweet
    12. kol 2019.

    Exploit vulnerabilities in Android media parsers? Stagefright decoders? That's old, everyone did that. Instead, let's attack the hardware decoders! Great work by

    Poništi
  10. proslijedio/la je Tweet
    3. kol 2019.
    Poništi
  11. proslijedio/la je Tweet
    30. srp 2019.

    "Passive income" opportunity for security researchers: submit your fuzzers to the Chrome Fuzzer Program and receive rewards for vulnerabilities found (with an extra $1K bonus for each vuln). teaches how to do it successfully

    Poništi
  12. proslijedio/la je Tweet
    25. srp 2019.

    The legendary AFL fuzzer developed by is now on GitHub:

    Poništi
  13. proslijedio/la je Tweet
    8. srp 2019.
    Poništi
  14. proslijedio/la je Tweet
    15. lip 2019.

    A quick blog post looking at how Sysmon DNS monitoring works, and how this can potentially be evaded during an engagement.

    Poništi
  15. proslijedio/la je Tweet
    28. svi 2019.
    Poništi
  16. proslijedio/la je Tweet
    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    27. svi 2019.

    The source code for Razzer - race condition fuzzer for the linux kernel was released. It's one of the most innovative fuzzers I've seen in recent years. It uses a clever static analysis to gather race candidates and a fork of syzkaller & hv to test them.

    Poništi
  18. proslijedio/la je Tweet
    27. svi 2019.

    用了好几个滚动截图的插件都不满意,后来发现 Chrome 自带截图功能,非常好用!第一步打开 Developer Tools,点三点图标选择 Run Command,第二步输入 cap 会搜到几个截图的指令。滚动截图选 full size screenshot

    Poništi
  19. proslijedio/la je Tweet
    8. tra 2019.
    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    29. ožu 2019.

    The slides about our () topic can download now! enjoy it! if you have any question, please contact us!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·