Ivan Fratric

@ifsecure

Security researcher at Google Project Zero. Tweets are my own.

ifsec.blogspot.com
Vrijeme pridruživanja: kolovoz 2011.
8 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @ifsecure

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ifsecure

  1. proslijedio/la je Tweet
    30. sij

    Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy!

    85 proslijeđenih tweetova 212 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    24. sij

    Our research on Safari's Intelligent Tracking Prevention (ITP) is now available on cc

    13 proslijeđenih tweetova 28 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    9. sij

    SLOP - A Userspace PAC Workaround

    1 reply 58 proslijeđenih tweetova 161 korisnik označava da mu se sviđa
    Poništi
  4. proslijedio/la je Tweet
    9. sij

    Quick reminder that we're still updating the "0day detected in-the-wild" spreadsheet here: . The first entry for 2020 is now in the books -- CVE-2019-17026 is a type confusion issue in the JIT engine for Firefox, detected in active attacks by Qihoo 360 ATA.

    1 reply 55 proslijeđenih tweetova 138 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    9. sij

    I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:

    15 replies 542 proslijeđena tweeta 1.270 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    7. sij

    At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):

    5 replies 207 proslijeđenih tweetova 571 korisnik označava da mu se sviđa
    Poništi
  7. proslijedio/la je Tweet
    7. sij

    Kudos to the GPZ team for their willingness to explore new vulnerability disclosure policies in addition to doing great research :) At the risk of wading into a disclosure debate (plz no), I think these policy changes will help improve customer safety

    At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):
    8 proslijeđenih tweetova 48 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    4. sij

    I've recently been fuzzing the PHP interpreter, and took a UaF bug all the way from crashing-sample to weaponized code execution. Here is the first of several blog posts I plan to write about the process.

    8 replies 200 proslijeđenih tweetova 538 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    27. pro 2019.

    Slides + recording of my talk: had to omit many details, but blogpost coming soon!

    21 reply 453 proslijeđena tweeta 1.058 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    24. pro 2019.

    Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws.

    29 replies 490 proslijeđenih tweetova 1.208 korisnika označava da im se sviđa
    Poništi
  11. 16. pro 2019.

    A nice write-up on WinAFL setup for fuzzing popular image viewers resulting in quite a few bugs.

    1 reply 78 proslijeđenih tweetova 183 korisnika označavaju da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    10. pro 2019.

    Project Zero blog: "SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4" by Ned Williamson () --

    95 proslijeđenih tweetova 199 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    1. lis 2019.

    New video! I'm talking with the bug bounty hunter about a vulnerability he found in Google Cloud Shell. And the funny part is, Google even sponsored the video :D

    7 replies 127 proslijeđenih tweetova 460 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    21. stu 2019.

    IE: Use-after-free in JScript arguments during toJSON callback

    25 proslijeđenih tweetova 67 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    21. stu 2019.

    Blog post on CVE-2019-2215, the Android binder bug that was exploited in-the-wild and affected most Android devices manufactured prior to Fall 2018.

    8 replies 233 proslijeđena tweeta 451 korisnik označava da mu se sviđa
    Poništi
  16. proslijedio/la je Tweet
    19. stu 2019.

    I presented about Site Isolation in Google's event called 🙂 / "The world of Site Isolation and compromised renderer" Slide: Video:

    1 reply 101 proslijeđeni tweet 200 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    18. stu 2019.

    Here’s probably my favorite XSS of this year :) This is why we love legacy browser features like DOM Clobbering ;)

    Another write up of a bug found by in Google VRP! An XSS via Dom Clobbering in AMP4Email
    38 proslijeđenih tweetova 154 korisnika označavaju da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    15. stu 2019.

    Awesome-AFL : A curated list of different AFL forks and AFL inspired with detailed equivalent academic papers with AFL-fuzzing tutorials

    95 proslijeđenih tweetova 248 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    7. stu 2019.

    Chrome: Site Isolation bypass and local file disclosure via Payment Handler API

    43 proslijeđena tweeta 103 korisnika označavaju da im se sviđa
    Poništi
  20. 30. lis 2019.

    Oh look, dangling terrorism and pedophilia to justify what is ultimately used for human right violation. It's not like we ever heard that one before. 🙄

    This is NSO Group's response to the lawsuit:
    Prikaži ovu nit
    2 proslijeđena tweeta 13 korisnika označava da im se sviđa
    Poništi

@ifsecure još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·