mj0011

@mj0011sec

Security Researcher at Qihoo360/360Safe, Leader of team 360vulcan. Opinions are my own.

Дата регистрации: декабрь 2010 г.
8 фото или видео Фото и видео

Твиты

Вы внесли @mj0011sec в черный список

Вы уверены, что хотите видеть эти твиты? Если вы просто просмотрите твиты, @mj0011sec по-прежнему останется в черном списке.

  1. 23 мая

    In case you don’t know: it’s a stable remote code execution demo for CVE-2019-0708 on Windows 7 x64

    5 ответов 15 ретвитов 87 отметок «Нравится»
    Показать эту ветку
    Показать эту ветку
    Отменить
  2. 23 мая

    Well, too lazy to pop a calc :)

    9 ответов 217 ретвитов 690 отметок «Нравится»
    Показать эту ветку
    Показать эту ветку
    Отменить
  3. 20 мая

    CVE-2019-0708 remote scan tool by 360Vulcan team. Detect the recent RDP bug via RDP packet behavior, without trigger the final bug path(no BSOD or any side effect on the target system), ask for it to scan your network by sending mail to cert at

    7 ответов 90 ретвитов 215 отметок «Нравится»
    Отменить
  4. ретвитнул(а)
    23 янв.

    Researcher reveals details of a recently discovered remote iOS ≤ 12.1.2 on , which Apple patched yesterday with the release of iOS 12.1.3 Just visiting a specially crafted remote webpage via Safari can compromise/jailbreak your device

    , , и
    2 ответов 234 ретвитов 294 отметки «Нравится»
    Отменить
  5. 3 янв.

    Crew of 360IceSword Lab was rewarded highest MSRC bounty ever via reporting a Hyper-V vulnerability, we may release details next month.

    Zhenhao Hong from 360 IceSword Lab was rewarded $200,000 by Microsoft -V for his VM escape – one of the highest MSRC bounties ever We will release details after the patch. Congrats to and (Weibo: , @PJF_)
    3 ответов 26 ретвитов 80 отметок «Нравится»
    Отменить
  6. ретвитнул(а)
    5 дек. 2018 г.

    New attacks were discovered against a Russian polyclinic, exploiting a Flash vulnerability (CVE-2018-15982). The vul has been reported to Adobe and the patch was released already.

    71 ретвит 113 отметок «Нравится»
    Отменить
  7. 28 нояб. 2018 г.

    Surely those are not vulnerabilities, especially the last one, dll side loading for installer? Symc don’t understand/care about vuln and just waste cve numbers to keep you silent

    В ответ @artem_i_baranov
    I don't know the details, but I think I probably agree with Microsoft on this, it might be a bug but it's hard to imagine how it's a vulnerability?
    1 ответ 5 отметок «Нравится»
    Отменить
  8. ретвитнул(а)
    25 нояб. 2018 г.

    VMware fixed Workstation flaw disclosed at the Tianfu Cup PWN competition

    4 ретвитов 15 отметок «Нравится»
    Отменить
  9. ретвитнул(а)
    16 нояб. 2018 г.

    Will be release information after fix.If you want a research iPhone.Stay 12.1

    Successful exploit again! gained full access to iPhoneX through a type confusion jit bug in and a UaF bug in iOS . It's the iPhone record in pwn contest in the world, wining the highest reward of .
    110 ответов 166 ретвитов 666 отметок «Нравится»
    Отменить
  10. 16 нояб. 2018 г.

    Watching pwning iOS12 jailbreak on stage was amazing. Too bad that isn’t here with usChengdu Exhibition Center

    Successful exploit again! gained full access to iPhoneX through a type confusion jit bug in and a UaF bug in iOS . It's the iPhone record in pwn contest in the world, wining the highest reward of .
    2 ответов 4 ретвитов 27 отметок «Нравится»
    Отменить
  11. 16 нояб. 2018 г.

    The familiar smell of burning 0days😄

    A brief review of Day One Contest: 9 out of 13 targets were compromised with 20 bugs being exploited. A total amount of $748,000 was rewarded to the teams and individual players. Looking forward to Day Two already. Cya at 9am~ (GMT+8).
    3 ретвитов 17 отметок «Нравится»
    Отменить
  12. ретвитнул(а)
    16 нояб. 2018 г.

    is the second to make their exploit work on today, so they are rewarded with full points (8) and $40,000.

    1 ретвит 14 отметок «Нравится»
    Отменить
  13. ретвитнул(а)
    16 нояб. 2018 г.

    Players from has one more successful attempt. They achieved both RCE and sandbox escape, winning full points (10) and $100,000 reward.

    1 ответ 9 ретвитов 21 отметка «Нравится»
    Отменить
  14. ретвитнул(а)
    16 нояб. 2018 г.

    Another Reader was verified to be true. It's an integer overflow bug and helped gain 4 more points and $20,000 award

    6 ретвитов 14 отметок «Нравится»
    Отменить
  15. ретвитнул(а)
    16 нояб. 2018 г.

    Just now, 360Security team had successfully run a logical bug combined with a memory corruption bug on . They become the first in the world to compromise Office system in pwn contest. Bravo!

    34 ретвитов 70 отметок «Нравится»
    Отменить
  16. ретвитнул(а)
    16 нояб. 2018 г.

    team used an integer overflow bug to compromise . They earned 8 points and $80,000.

    10 ретвитов 29 отметок «Нравится»
    Отменить
  17. ретвитнул(а)
    15 нояб. 2018 г.

    Great job! nailed it! They have got their by achieving RCE successfully on Microsoft . It helped them earn 8 points and $80,000!

    14 ретвитов 27 отметок «Нравится»
    Отменить
  18. ретвитнул(а)
    15 нояб. 2018 г.

    has compromised the device with one shot. After the review, the exploit was verified to be a success on Google (RCE only) with an OOB write bug. Congrats to

    16 ретвитов 19 отметок «Нравится»
    Отменить
  19. 26 окт. 2018 г.

    Yeah, definitely, can’t understand why MSFT guys thinking such a slow movement could be “first”.

    This is great work, but I have to point out that this is not the “first complete AV solution” to have this capability. does all of its AV capabilities inside of a heavily sandboxed app container with numerous OS mitigations, PPL, Chrome-style token, and more.
    Показать эту ветку
    7 отметок «Нравится»
    Отменить
  20. 26 окт. 2018 г.

    It’s nice to see the WD engine now running inside a sandbox, but you’re not the first AV vendor that make it.

    The Windows Defender team is actively working on sandboxing. It’s a complex engineering task (perf/compat/robustness), but they’re on it :)
    Показать эту ветку
    1 ответ 3 отметки «Нравится»
    Отменить

@mj0011sec еще ничего не твитнул(а).

Загрузка может занять некоторое время.

Вероятно, серверы Твиттера перегружены или в их работе произошел кратковременный сбой. Повторите попытку или посетите страницу Статус Твиттера, чтобы узнать более подробную информацию.

    Вам также может понравиться

    ·