Hossein Lotfi

@hosselot

Vulnerability researcher at Zero Day Initiative. 'A machine never faults. It reflects human faults... An engine shall never return.'

North
linkedin.com/in/holotfi
Vrijeme pridruživanja: listopad 2012.
19 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @hosselot

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @hosselot

  1. Prikvačeni tweet
    1. srp 2019.

    My new blog: Mozilla Firefox (versions 29 through 63) Select Element Use-after-free Vulnerability Details+Line by line PoC Analysis:

    UAF bugs exist all over and understanding how they occur is crucial. dives into a UAF in and provides details on the root cause and patch to fix it.
    33 proslijeđena tweeta 111 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    16. sij

    To get set for Miami, exploits a SCADA bug submitted by and shows how you can too. See how he pops calc at

    25 proslijeđenih tweetova 53 korisnika označavaju da im se sviđa
    Poništi
  3. 14. sij

    This Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) is too good to be killed by someone like NSA. There should be a good reason they killed it. Maybe they noticed it is used by other players. Patch it if not late already:

    2 proslijeđena tweeta 14 korisnika označava da im se sviđa
    Poništi
  4. 13. sij

    Browser jit exploitation quick start: Phrack paper is the base: well-described video series: presentation in SSTIC 2019: Also:

    Odgovor korisniku/ci @hosselot
    Any post-mortem paper article for intermediate about how it could be exploited ? And how they mitigated it?
    129 proslijeđenih tweetova 359 korisnika označava da im se sviđa
    Poništi
  5. 10. sij

    The fix removes overridden getAliasSet method to use the default behaviour (AliasSet::Any). This reminds me of fix for CVE-2019-9810, which used in Pwn2Own 2019. Refer to great blog for more information if interested:

    Recent Firefox zero-day (used in targeted attacks in the wild) (CVE-2019-17026) mercurial changeset fix:
    6 proslijeđenih tweetova 15 korisnika označava da im se sviđa
    Poništi
  6. 10. sij

    Recent Firefox zero-day (used in targeted attacks in the wild) (CVE-2019-17026) mercurial changeset fix:

    1 reply 12 proslijeđenih tweetova 38 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    9. sij

    We're excited to announce Vancouver 2020 with new categories and returning partners, & along with sponsor . More than $1,000,000 USD available - plus a Model 3! Details at

    59 proslijeđenih tweetova 115 korisnika označava da im se sviđa
    Poništi
  8. 2. sij

    Good start of 2020 with an unpatched information disclosure vulnerability in Windows Media Player (ZDI-20-001):

    3 proslijeđena tweeta 25 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    1. sij

    2020 is 0% complete.

    1.499 replies 77.188 proslijeđenih tweetova 271.010 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    1. sij

    2019 is 100% complete! Thank you for following. Have a nice 2020!

    830 replies 59.304 proslijeđena tweeta 216.090 korisnika označava da im se sviđa
    Poništi
  11. 31. pro 2019.

    Happy 2020 you all. It is going to be a good year.

    6 korisnika označava da im se sviđa
    Poništi
  12. 23. pro 2019.

    Dear governments, do not spy on people directly: 1- Make vulnerable apps. 2- Compromise your target's device and spy. 3- If people find out about your campaign, patch exploited vulnerability. 4- Hype about how much you care about your users security. 5- Go to 1 or 2.

    1 reply 1 proslijeđeni tweet 10 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    20. pro 2019.

    In the final blog of our Top 5 bugs of 2019, details a privilege escalation via the core shell COM registrar object in .

    1 reply 47 proslijeđenih tweetova 67 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    19. pro 2019.

    For Day 4 of our Top 5 bugs of 2019, details how the duo used a RegExp vuln in the infotainment system to win a Model 3 at this year.

    1 reply 28 proslijeđenih tweetova 62 korisnika označavaju da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    18. pro 2019.

    Day 3 of our Top 5 bugs of 2019 is a RCE we detailed back in March (CVE-2019-0604). Today, we look at the impact of that bug and the attacks seen in the wild.

    30 proslijeđenih tweetova 62 korisnika označavaju da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    17. pro 2019.

    Day 2 of our Top 5 bugs for 2019 is an LPE in win32k.sys through indexed color palettes. The deep and thorough analysis is provided by Marcin Wiązowski, who reported the bug.

    58 proslijeđenih tweetova 121 korisnik označava da mu se sviđa
    Poništi
  17. proslijedio/la je Tweet
    16. pro 2019.

    In the 1st of our Top 5 bugs for 2019, takes a look at a sandbox escape in originally submitted to the program by . Read the details at

    1 reply 64 proslijeđena tweeta 125 korisnika označava da im se sviđa
    Poništi
  18. 11. pro 2019.

    Bah, apparently the November 2019 patch Tuesday fixed one extra vulnerability reported by me: CVE-2019-1441: Microsoft Windows GDI EMF Parsing Integer Truncation Remote Code Execution Vulnerability

    A bit more information about my recent Windows font processing research (Moved to userland in Windows 10): CVE-2019-1419: out-of-bounds write in Windows Kernel. CVE-2019-1456: stack-based buffer overflow in Windows Kernel. CVE-2019-1412: out-of-bounds read in Windows Kernel.
    1 proslijeđeni tweet 11 korisnika označava da im se sviđa
    Poništi
  19. 10. pro 2019.

    God bless Windows GDI for always being such a giver. And long time no see "Windows Media Player".

    Well, the last patch Tuesday of 2019 fixed some more vulnerabilities reported by me: * 2 Windows GDI information disclosure vulnerabilities (CVE-2019-1465 and CVE-2019-1466) * 2 Windows Media Player information disclosure vulnerabilities (CVE-2019-1480 and CVE-2019-1481)
    1 proslijeđeni tweet 9 korisnika označava da im se sviđa
    Poništi
  20. 10. pro 2019.

    Well, the last patch Tuesday of 2019 fixed some more vulnerabilities reported by me: * 2 Windows GDI information disclosure vulnerabilities (CVE-2019-1465 and CVE-2019-1466) * 2 Windows Media Player information disclosure vulnerabilities (CVE-2019-1480 and CVE-2019-1481)

    1 reply 4 proslijeđena tweeta 45 korisnika označava da im se sviđa
    Poništi
  21. 6. pro 2019.

    It is hard to believe that the "Terminator 2: Judgment Day" movie is almost 30 years old (made in 1991). It is still a great joy to watch it.

    1 proslijeđeni tweet 8 korisnika označava da im se sviđa
    Poništi

@hosselot još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·