ollypwn

@ollypwn

yet another security researcher

Copenhagen, Denmark
Joined March 2014

Tweets

You blocked @ollypwn

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @ollypwn

  1. Pinned Tweet
    Jan 23

    PoC (Denial-of-Service) for CVE-2020-0609 & CVE-2020-0610 Please use for research and educational purpose only.

    Undo
  2. Retweeted
    Jan 26

    Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!

    Show this thread
    Undo
  3. Jan 24
    Undo
  4. Jan 23

    CVE-2020-0609 & CVE-2020-0610 Before / After patch Pseudo-code

    Undo
  5. Jan 22

    CVE-2020-0609 & CVE-2020-0610 (RDP / RD Gateway RCE) Here are the immediate patches: Should be able to create a PoC vulnerability checker in the upcoming weeks with this info.

    Show this thread
    Undo
  6. Jan 18

    A great explanation on the recent critical vulnerabilities CVE 2020-0609 & CVE 2020-0610 (RD Gateway RCE) by on Might look into these vulnerabilities further in the coming weeks

    Undo
  7. Retweeted
    Jan 17

    Vulnerability severity levels

    Undo
  8. Retweeted
    Jan 17

    I just published a video explaining the details of CVE-2020-0601 aka Curveball: The Microsoft CryptoAPI vulnerability that was reported by the NSA.

    Undo
  9. Jan 16

    Using "ollypwn" certificate, nice. Maybe I should become a real Certificate Authority some day.

    Undo
  10. Jan 16

    SSL/TLS spoofing added to PoC Update your Windows ASAP!

    Undo
  11. Jan 16

    Updated PoC to include the root trusted CA "Microsoft ECC Product Root Certificate Authority 2018" Also included a signed and unsigned 7z.exe for you to test out. Please only use for research and education.

    Undo
  12. Retweeted
    Jan 15

    On today's webcast on CVE-2020-0601, someone asked how long it would be before a public PoC was available. I said something to the effect of "hopefully weeks" and likely around Shmoocon or RSAC. That prediction did not age well...

    Show this thread
    Undo
  13. Jan 15
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·