Alvaro Muñoz

@pwntester

Security Researcher with . CPO (Chief Pwning Officer) at ;) CTF . Opinions here are mine!

Madrid  
Vrijeme pridruživanja: prosinac 2008.

Tweetovi

Blokirali ste korisnika/cu @pwntester

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @pwntester

  1. proslijedio/la je Tweet
    3. velj
    Poništi
  2. proslijedio/la je Tweet
    30. sij

    Does anyone remember any explicit (or highly suspected/suspicious) bugdoor attempts in OSS history besides the = vs == uid thing in the Linux kernel?

    Poništi
  3. proslijedio/la je Tweet
    30. sij

    In my team at GitHub, we'd like to study examples of "nefarious commits" in open source, which introduce a bug on purpose. Can you point me at such commits? Could it have been detected by analysing the committer's behaviour as well as the code change itself?

    Poništi
  4. proslijedio/la je Tweet
    27. sij

    Indeed, some of the new challenges were somewhat hard, but I enjoyed them and learned new tricks. Fortunately, I solved them all fast enough, so I didn't lose my first place in the ranking. 😀 These labs are totally recommended, as always!

    Poništi
  5. 25. sij

    Nice! Glad the DotNetNuke gadget helped you win ! Feel free to contribute the new bridge gadget to if you want :)

    Tweet je nedostupan.
    Poništi
  6. proslijedio/la je Tweet
    23. sij

    And now Alvaro Muñoz is breaking SAML at the GitHub Security Meetup.

    Poništi
  7. proslijedio/la je Tweet
    21. sij

    Welcome to 2 new security researchers in the GitHub Security Lab: and !

    Poništi
  8. proslijedio/la je Tweet
    20. sij

    Once again, an app without any permission could access restricted information from the Download and TV Providers. The proof-of-concept apps and source code are public too: Fixes for all of them were released in November 2019.

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    20. sij
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    16. sij

    If you are using TLS client authentication with Java 11 or Java 13 you should patch your servers NOW.

    Poništi
  11. proslijedio/la je Tweet
    16. sij
    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    16. sij

    Thursday mini-challenge: Triage some of the bugs on and report interesting ones to the maintainers! We have pretty cool GitHub swag waiting for you.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    11. sij

    1. Never stop learning. 2. See failure as a beginning. 3. Teach others what you know. 4. Assume nothing, question everything. 5. Analyze objectively. 6. Practice humility. 7. Respect constructive criticism. 8. Love what you do. 9. Give credit where it's due. 10. Take initiative.

    Poništi
  14. proslijedio/la je Tweet
    10. sij

    Awesome line-up of speakers for the GitHub Security Meetup, January 22 in San Francisco:

    Poništi
  15. proslijedio/la je Tweet
    8. sij

    We are excited to announce that , will be presenting "Breaking SAML (.NET Edition)" at the GitHub Security Meetup, Jan 22 San Francisco.

    Prikaži ovu nit
    Poništi
  16. 10. sij

    Thank you all for the best wishes. I will be joining a team of great security researchers at . Excited to start contributing to a better and more secure OSS!

    Poništi
  17. 10. sij

    After 9 years at , its time to move on and take on new challanges. Thanks to all the amazing people I met on the way!

    Poništi
  18. proslijedio/la je Tweet
    23. pro 2019.

    a kid with a weird obsession can invest more free time into something than an adult might have in a decade a nontrivial number of people I know are living off returns on human capital they accidentally created as 14 year olds

    Prikaži ovu nit
    Poništi
  19. 5. pro 2019.
    Poništi
  20. proslijedio/la je Tweet
    5. pro 2019.

    New deserialisation attack vector discussed at which can lead to RCE, done via Jdbc uri ( usually found in fundamental classes, such as URLClassLoader) Combining this attack vector, can bypass all of the blacklists and gain Remote Code Execution.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·