Luca Marcelli

@layle_ctf

aka Layle. CTFs . HackTheBox Top 10. Reverser/Pwner. Windows kernel hacker. Heap lover. Learning crypto. 🇨🇭🇮🇹

Internet
Joined February 2018

Tweets

You blocked @layle_ctf

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @layle_ctf

  1. Pinned Tweet
    Jan 26

    Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!

    Show this thread
    Undo
  2. Retweeted
    Feb 2

    Okay guys, enough with the jokes. Why are cheaters renaming themselves to "vm_call fan" 😅

    Undo
  3. Retweeted
    Feb 1

    Attention CTF players (and organizers, CTFd v2.0.0 - v2.2.2 has a serious vulnerability (CVE-2020-7245) in which an attacker could perform account takeover using a leading-trailing on the Registration form. It has been fixed in v2.2.3. Make sure to update!

    Show this thread
    Undo
  4. Retweeted
    Jan 31

    6 months' research, endless coffee and sleepless nights – that's what the CPU security vulnerability research was like when our analyst discovered it. He tells us more about it in our !

    Undo
  5. Retweeted
    Jan 31

    I spent this week working on Kali i3-gaps' ISO. Lots of changes and bugfixes happened since my last tweet. If you want to give it a try, visit: CC:

    Show this thread
    Undo
  6. Jan 30

    What's your favorite?

    Undo
  7. Retweeted
    Jan 29

    Windows Red Team Cheat Sheet 1. Recon 2. Elevation of Privileges 3. Lateral Movement 4. Golden and Silver Tickets 5. AD Attacks 6. Bypass-Evasion Techniques 7. Miscellaneous 8. Post exploitation - information gathering 9. Summary of tools

    This media may contain sensitive material. Learn more
    Undo
  8. Jan 30

    If you guys want an awesome Red Team cheatsheet check out this tweet, my friend made the linked post!

    Undo
  9. Retweeted
    Jan 29

    I made a goose that destroys your computer Download it free here:

    Show this thread
    Undo
  10. Jan 29

    Who else loves "Reversing / Pwn"? Time to vote!

    Undo
  11. Retweeted
    Jan 29

    Interesting question: On a windows machine, is it safe to call a sub-process (another executable) without absolute path as system if you know your working directory is not writable by users?

    Undo
  12. Jan 28
    Show this thread
    Undo
  13. Jan 28

    Here's my PoC for Curveball (CVE-2020-0601). Sorry for the wait! It's implemented in C so might be a little messy :)

    Show this thread
    Undo
  14. Jan 28

    I've been talking to a few professionals that are more experienced than me and I came to the conclusion that it's the best if I keep the source code private for the time being. I surely don't want to put any companies at risk!

    Show this thread
    Undo
  15. Jan 27

    Also thanks to everyone that inspired me to do what I do today (intentionally or not): .

    Show this thread
    Undo
  16. Jan 27

    Shoutout to: . I hopefully didn't forget anyone. These are the people that inspired me and helped me along the way, drop them a follow!

    Show this thread
    Undo
  17. Jan 27

    One of my secret goals for 2020 was to reach 1000 followers on Twitter.. Thanks to many people I had the chance and support to achieve double of my goal in the first month of the year! This tweet is a massive thank you to everyone that stuck with me and helped me along the way :)

    Show this thread
    Undo
  18. Retweeted
    Jan 27

    Following 's demo release, discussion of CVE-2020-0610 dominates cve talk on twitter

    Undo
  19. Jan 26

    Also, shoutout to for helping me out with my Denial of Service script and my vulnerability scanner!

    Show this thread
    Undo
  20. Jan 26

    If installing the update is not an option you should apply other measurements such as disabling UDP traffic. I'll wait a bit until people had enough time to patch before releasing this to the public :)

    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·