maxpl0it

@maxpl0it

Cyber security researcher focusing on low-level exploitation and world domination. Resident pwn tutor at and researcher at

England, United Kingdom
Vrijeme pridruživanja: ožujak 2017.

Medijski sadržaj

  1. prije 49 minuta

    Remember, there are no compiler protections against data segment buffer overflows except reordering variables to place higher risk variables (such as pointers) before arrays.

    Prikaži ovu nit
  2. prije 54 minute

    Also re-discovered my old paper from 2015 which was a primer on data segment buffer overflows. Unfortunately it got ignored when attempting to share it so it's only been seen by a few. Might tweak it and re-publish.

    Prikaži ovu nit
  3. 22. pro 2019.

    JavaScript fuzzer built and working well. Constantly adding new features.

  4. 30. stu 2019.

    Dove head first into WebKit internals. Found a patched bug without a public exploit and wrote the addrof and fakeobj primitives, as well as the arbitrary R/W primitives. Time to experiment with this in Safari!

  5. 7. stu 2019.

    For anyone that didn’t catch the Snake exploit at pwn2own, here it is in full

  6. 4. stu 2019.
  7. 22. ožu 2019.

    The Wavefront OBJ file format spec has some concerning features...

  8. 12. ožu 2019.

    Interesting technique for a phishing email to prevent you copying and pasting the link directly instead of clicking on it.

  9. 29. pro 2018.

    Fantastic talk on Chakra by - Well worth the watch

  10. 18. pro 2018.

    Quick and hacky way to detect a CONNECT port scan (Nmap's default for unprivileged users) against a machine: while true; do ncat -vl 21 2>/tmp/a;ip=$(grep Connection /tmp/a|head -n1|cut -d" " -f4);osascript -e"display notification\"CONNECT port scan by \"";echo>/tmp/a; done;

  11. 11. pro 2018.

    Little bit of analysis on the bots identified so far, breaking the bots down into their providers. GoDaddy appears to be a prime target.

  12. 10. pro 2018.

    Decided to start a research project I've had in mind for a long time but only recently had the time and resources to do: Identifying the bots behind the booters. Slow and steady progress!

  13. 3. lis 2017.

    Always a fun day in the office

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·