Hashim Jawad

@ihack4falafel

Vulnerability research and red team. OSCP, OSCE, OSEE.

Uninitialized variable
Vrijeme pridruživanja: travanj 2010.

Tweetovi

Blokirali ste korisnika/cu @ihack4falafel

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ihack4falafel

  1. Prikvačeni tweet
    15. ožu 2019.

    [Blog] Fileless UAC Bypass in Windows Store Binary

    Prikaži ovu nit
    Poništi
  2. 25. sij

    [Blog] Offensive Security - AWE/OSEE Review cc

    Poništi
  3. 14. sij

    Hi - Can you please DM me? I have something that you might be able to help with.

    Poništi
  4. 7. pro 2019.

    This should make for a good before bed read..

    Poništi
  5. 26. stu 2019.

    [Blog] Viper RGB Driver Local Privilege Escalation (CVE-2019-18845)

    Poništi
  6. 24. stu 2019.

    What a nice email from to wrap up the weekend :)

    Poništi
  7. 7. stu 2019.

    [Blog] NVIDIA GeForce Experience Local Privilege Escalation (CVE-2019-5701)

    Poništi
  8. 6. stu 2019.
    Poništi
  9. 22. ruj 2019.

    Found a Kernel driver bug and managed to BSOD the box from a low privileged user! Next step is to see how far I can go with MmMapIoSpace() code path in terms of read/write primitive which may very well lead to EoP..

    Poništi
  10. 20. kol 2019.

    [Blog] Netwrix Auditor Symbolic Link Privilege Escalation (CVE-2019-14969) cc

    Poništi
  11. 21. srp 2019.

    Spent some time today porting Capcom LPE exploit to Windows 8.1 by updating few structures offsets and whatnot, thanks to blog post. I'll probably port it to Windows 10 at some point once I figure out how to get past SMAP if any.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet

    Going live with in 15 minutes join the stream now <3 going to be fun stuff.

    Poništi
  13. 18. srp 2019.
    Poništi
  14. 18. srp 2019.

    Found yet another URI Handler Remote Command Execution vulnerability effecting software this time around. LogMeIn has released a patch for it in version 3.16.0.5505.

    Poništi
  15. 1. srp 2019.

    Pandora FMS released patch for a trivial escalation of privileges vulnerability I discovered in their monitoring software. The vulnerability can be triggered via web request to the problematic web server

    Poništi
  16. 18. lip 2019.

    Found Local Privilege Escalation bug that effected a total of 18 ManageEngine products. Zoho has released patch for it few weeks ago. See advisory link for full details

    Poništi
  17. 3. lip 2019.

    Found URI Handler Remote Command Execution bug in Viber for Desktop. Full details and PoC code can be found here

    Poništi
  18. 26. svi 2019.

    Finally got around completing / passing the AWE pre-course challenge. Good times ahead!

    Prikaži ovu nit
    Poništi
  19. 26. svi 2019.

    Put together basic ROR-13 hash generator implementation in C# along with pre-computed hash tables for Win32 APIs of commonly used DLLs such as Kernel32.dll, User32.dll, WS2_32.dll, etc.

    Prikaži ovu nit
    Poništi
  20. 23. svi 2019.

    [Update] It has been brought to my attention that MS released behavioral detection for this UAC Bypass method in Windows Defender, However it still works. The blog post has been updated accordingly. See the link for reference

    Prikaži ovu nit
    Poništi
  21. 8. svi 2019.

    Here's TCP reverse shell written in C# with the option to choose between Windows command prompt or powershell and its benign according to Windows Defender. Source code can be found here .

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·