Luca Marcelli
@layle_ctf
aka Layle. CTFs @excusemewtf_ctf. HackTheBox Top 10. Reverser/Pwner. Windows kernel hacker. Heap lover. Learning crypto. 
Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
One of my secret goals for 2020 was to reach 1000 followers on Twitter.. Thanks to many people I had the chance and support to achieve double of my goal in the first month of the year! This tweet is a massive thank you to everyone that stuck with me and helped me along the way :)pic.twitter.com/Ez2X8jVUbD
Prikaži ovu nit -
Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!pic.twitter.com/FekupjS6qG
Prikaži ovu nit -
How to crash a Remote Desktop Gateway in 21 lines of clean Python code.pic.twitter.com/rd6SGgwcTy
-
I'm patchdiffing CVE-2020-0609 and CVE-2020-0610 and my first thought is "how did this even work in the first place"pic.twitter.com/NMu5t5EkKH
-
Abusing CVE-2020-0601 to get a message across... jk, I hate Ghidra :)pic.twitter.com/DXY5zziO2N
Prikaži ovu nit -
Update on CVE-2020-0601, got the TLS interception working :) MiTM with a trusted certificate is pretty nice. It worked just fine in Edge, but had to do some debugging to get it to work in Chrome. Firefox next? Sorry for stealing your idea again
@saleemrash1dpic.twitter.com/OKaokQNvBq
-
Here's a picture of CVE-2020-0601, don't forget to patch! Took some inspiration from
@saleemrash1d :)pic.twitter.com/rr0cmLjP1b
Prikaži ovu nit -
What I did for debugging is: Spin up x64dbg with sigcheck.exe and debug your way through WinVerifyTrust (wintrust.dll).pic.twitter.com/lgdwJmMAlf
Prikaži ovu nit -
Unfortunately the event logger catches now exploitation attempts, that is on patched versions of course.pic.twitter.com/N1gq8wrALu
Prikaži ovu nit -
They imported lots of new functions and made a couple new ones.pic.twitter.com/DpEflW1c1m
Prikaži ovu nit -
The diff is really small so there's not too much too look for. Check these functions.pic.twitter.com/T69OmNqFya
Prikaži ovu nit -
That's the juicy part. It gets called from ChainGetSubjectStatus. How do you call this? Just check the signature of a binary using sigcheck for example. https://docs.microsoft.com/en-us/windows/win32/api/wintrust/nf-wintrust-winverifytrust … There's a whole bunch of other execution paths, but this should get you started ;)pic.twitter.com/tuZ8diT4Tq
Prikaži ovu nit -
CveEventWrite("[CVE-2020-0601] cert validation"); Looks like Microsoft didn't forget to feed the exploit into the EventLogger :)pic.twitter.com/zvFUQUXEu2
Prikaži ovu nit -
-
Really can recommend diaphora when patchdiffing things, like windows updates ;)pic.twitter.com/3tpl3B6oZu
Prikaži ovu nit -
Many people ask me how I learnt C. I'll tell you my secret:https://www.youtube.com/watch?v=XrFegNHpHfc …
-
-
"Please close 'Generic Hacking Tool' before you start the game"pic.twitter.com/va3Q9FiFHI
Prikaži ovu nit -
The past few months were a blast :) I've been playing CTFs almost every week and I'm super happy to be able to see some progress already. Thanks for playing along and sticking with them team ;)pic.twitter.com/gALgefodjR
Prikaži ovu nit
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.