PWNI

@pwnii

Pwnoholic, Cybersec enthusiastic

Vrijeme pridruživanja: travanj 2018.

Tweetovi

Blokirali ste korisnika/cu @pwnii

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @pwnii

  1. proslijedio/la je Tweet
    2. velj

    Fun fact: That job screening company that scans Twitter accounts for bad words has developers that commit plaintext passwords on GitHub. ... Maybe they're scanning the wrong website.

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    1. velj

    Here is my massive lib db (for ctfs/wargames/blind pwns etc.). It consists of thousands of libs across over a dozen Linux distributions and architectures spanning the last 20 years. It indexes symbols & gadgets (including one gadgets AKA magic gadgets).

    Poništi
  3. proslijedio/la je Tweet
    2. velj

    This is cyberpunk. Changing the physical changes the digital which changes the physical. Power held by governments and corporate powers can be subverted and redirected by regular people who understand how the system feeds upon itself.

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet

    Radios do, however, frequently implement the bit of the spec where a multiplex can transmit station art as a JPEG or PNG. This is fun because some DAB receivers, particularly modern head units in cars, run libpng to decode these. Which has an exploitable RCE in older versions.

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    28. sij

    Me explaining the execution order of my Jupyter notebook cells.

    Poništi
  6. proslijedio/la je Tweet

    Proof of Concept scanner for CVE-2020-0609 & CVE-2020-0610.

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    26. sij

    Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    26. sij

    A bit analysis on and operations against European energy sector (December 2019), the domains used are the same that used by the operations energy, government, and technology sectors in Saudi Arabia in 2017.

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    25. sij

    Arcana is looking for ELF binary experts; adept in reverse engineering and software engineering in C. Linux kernel internal knowledge a huge plus. Email resumes to engineering,

    Poništi
  10. proslijedio/la je Tweet
    19. sij

    Periodic reminder that you should NEVER use MD5 or SHA1 in any new project/system. What to use: - Password hashing: argon2i - Cryptographically secure hashes (most usecases): BLAKE2 (fastest) or SHA3 (if needed for compatibility) - Non-CS hashes: xxhash (faster than MD5)

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    19. sij
    Poništi
  12. proslijedio/la je Tweet
    18. sij

    RDP to RCE: When Fragmentation Goes Wrong AKA: What we know about CVE-2020-0609 and CVE-2020-0610.

    Poništi
  13. proslijedio/la je Tweet
    15. sij

    CVE-2020-5504 SQLI in phpMyAdmin: A malicious user could inject custom SQL in place of their own username when creating queries to this page fix:

    Poništi
  14. proslijedio/la je Tweet
    16. sij

    After a lot of work and some crypto-related delays, I couldn't be more proud to publish 's and mine latest research - The complete overview of CET internals on Windows (so far!):

    Poništi
  15. proslijedio/la je Tweet
    16. sij

    If you’re tired of hearing about crypto32, elliptic curves, and other CVE-2020-0601 shenanigans, have a read over our new blog post on Windows’ Intel CET implementation in the face of SetThreadContext and NtContinue. Come for the exploit mitigation, stay for the XState Internals.

    Poništi
  16. proslijedio/la je Tweet
    16. sij

    A testing site for by (has some availability issues) Results for Chrome on an unpatched win10 vs non-vuln Mac (when you boldly move past warning messages)

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    14. sij

    Today my Head of Department emailed me about something. It sounded urgent, though it's odd he switched to using a Gmail address [thread]

    Are you available at the moment,




Best Regards,
Head of department,
Steve.
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    13. sij

    So my company cut the position I was filling and I'm in need of employment. Remote preferred. Otherwise MD/DC area. GREM, GNFA, GCTI, GCIA, GCIH, GSEC, CISSP. Would be happy doing threat intel, and am just learning forensics/malware RE. Anything really.

    Poništi
  19. proslijedio/la je Tweet
    13. sij

    Released a little tool to perform lateral movement that hide the command you are executing by registering a protocol handler. The protocol handler is executed over WMI by simply running start customhandler:// ❤

    Poništi
  20. proslijedio/la je Tweet
    13. sij

    Hi everyone, I'm searching a job as / Threat Analyst, worldwide or remote. If you or someone you know hired, it will be a pleasure to discuss 😁 DMs are open 😁

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·