Justin Kennedy

@jstnkndy

Infosec professional & beverage snob. Principal Research Consultant @ Atredis Partners.

Boston
Vrijeme pridruživanja: svibanj 2010.

Tweetovi

Blokirali ste korisnika/cu @jstnkndy

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @jstnkndy

  1. proslijedio/la je Tweet
    prije 16 sati

    There are still some seats left for our late February class in Columbia, MD. Time is running out: Learn the art of source code review for high impact vulnerabilities!

    Poništi
  2. 4. velj

    Paying for Uber XL really should not result in being picked up in a minivan. 😐

    Poništi
  3. 3. velj

    I've just learned how the Iowa caucus takes place... What the fuck is wrong with this country? Just fucking vote. Stop making it weird and difficult.

    Poništi
  4. proslijedio/la je Tweet
    3. velj

    Hey bug hunters! Want a look at some of the top vulnerabilities ever found on ? They just released the last blog post I wrote before leaving. Enjoy!

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    3. velj

    In January, the Bug Bounty Program on : - Closed 109 reports vs 156 in Dec - Awarded $3,500 vs $4,500 in Dec - Got reports from 84 hackers vs 97 in Dec - First responded within 28, triaged within 52, bounty within 90 hours

    Prikaži ovu nit
    Poništi
  6. 3. velj

    The superbowl should ban political ads

    Poništi
  7. proslijedio/la je Tweet
    29. sij

    Excited to share an early look at a macOS app that and I have been writing for the past month now. It allows anyone to easily decrypt applications released for iPhone/iPadOS.

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    28. sij

    Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: PS: "Did you ever play tic-tac-toe?"

    Poništi
  9. proslijedio/la je Tweet
    28. sij

    Shot in the dark, and I'm to blame. Anyone have a spare Shmoo ticket I can buy?

    Poništi
  10. proslijedio/la je Tweet

    The final count is in, and with 92.5 points total, and are crowned Master of Pwn! Congratulations to everyone who participated. We'll have a full wrap video with all the results available tomorrow morning. We'll see you in Vancouver.

    Poništi
  11. proslijedio/la je Tweet
    23. sij

    I found a Freemarker template injection bug in Artifactory a few months ago, but I couldn't create new objects because the ?new and ?api built-ins were disabled. I ended up reusing existing objects within scope and found a way to read/write files:

    Poništi
  12. proslijedio/la je Tweet

    Confirmed! and used a deserialization bug to get code execution (w/ continuation) on the Iconics Genesis64. That's another $25K and 25 Master of Pwn points. That puts them in a commanding lead for Master of Pwn.

    Poništi
  13. proslijedio/la je Tweet

    Confirmed! The drama was worth it. Finishing with only 5 seconds left on the clock, and used a combination of bugs to gain RCE on the Rockwell Automation Studio 5000. They earn $20K and 20 Master of Pwn points.

    Poništi
  14. proslijedio/la je Tweet
    18. sij

    The long-awaited Black Hat Go is releasing on 2/4/20! If your shipping address has changed since you ordered the book, please email info@nostarch.com. And if you haven't ordered the book yet, there's still time to get 30% off a preorder at !

    Poništi
  15. proslijedio/la je Tweet
    14. sij

    I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell PoC exploit code:

    Poništi
  16. proslijedio/la je Tweet
    Poništi
  17. proslijedio/la je Tweet
    6. sij

    Old stuff, new blogpost: Breaking PHP mt_rand() with math

    Poništi
  18. proslijedio/la je Tweet
    3. sij

    Whew! It only took 5 years! Our 1000th vulnerability has been published with :->

    Poništi
  19. proslijedio/la je Tweet
    26. pro 2019.

    Please help me spread this with a RT. I've been working with this person and can attest to their ability to learn, skills, drive and some fantastic instincts. I'd hire in a heartbeat if I could do remote.

    Poništi
  20. proslijedio/la je Tweet
    26. pro 2019.

    Don’t tolerate 80hr, double-booked, holiday schedules as a security consultant. We have open positions that leave ample time for R&D.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·