Roi Mallo

@rmallof

Vulnerability management & research. Reverse engineering, low-level stuff

In the wild
Vrijeme pridruživanja: kolovoz 2010.

Tweetovi

Blokirali ste korisnika/cu @rmallof

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @rmallof

  1. Prikvačeni tweet
    11. tra 2018.

    CVE-2018-1009 | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability

    Poništi
  2. proslijedio/la je Tweet
    1. velj

    99 smartphones are transported in a handcart to generate virtual traffic jam in Google Maps. Through this activity, it is possible to turn a green street red which has an impact in the physical world by navigating cars on another route!

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  4. proslijedio/la je Tweet
    30. sij

    Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure (Part II) - Check Point Research

    Poništi
  5. proslijedio/la je Tweet
    22. sij

    Earlier today we published the details of a set of vulnerabilities in Safari's Intelligent Tracking Prevention privacy mechanism: . They are... interesting. [1/9]

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    18. sij
    Poništi
  7. proslijedio/la je Tweet
    16. sij

    If you’re tired of hearing about crypto32, elliptic curves, and other CVE-2020-0601 shenanigans, have a read over our new blog post on Windows’ Intel CET implementation in the face of SetThreadContext and NtContinue. Come for the exploit mitigation, stay for the XState Internals.

    Poništi
  8. proslijedio/la je Tweet

    Nominations are now open for the top 10 new web hacking techniques of 2019:

    Poništi
  9. proslijedio/la je Tweet
    29. pro 2019.

    The talk by about building KTRW is up! Great work by an amazing guy :) This was a serious year for iOS research, a lot of non trivial gaps have been crossed by the great community :)

    Poništi
  10. proslijedio/la je Tweet
    27. pro 2019.
    Poništi
  11. proslijedio/la je Tweet
    26. pro 2019.

    There's a message you can send almost any wifi device that means "get off the network, now". And by default, it's completely unauthenticated. Among other things, this screws up home security systems. By

    Poništi
  12. proslijedio/la je Tweet

    I just published a massive guide for on using reverse image search engines for digital investigation. I test out the Big Three services, ranking them with a running scorecard, and detail some creative search strategies at the end of the guide.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    20. pro 2019.

    🔥 iOS 13.3 / 13.2.3 / 13.0 : NEW TFP0 Kernel Exploit For iPhone XS / XR / 11 (A12 / A13) VIDEO: Finally, something for A12 and A13 people :-)

    Poništi
  14. proslijedio/la je Tweet
    19. pro 2019.

    Now live! 🔺The new Apple Security Bounty! 🔺The new Apple Platform Security guide, featuring Mac for the first time! (PDF version: ) 🔺My Black Hat 2019 talk: Happy holidays! 🎄

    Poništi
  15. proslijedio/la je Tweet
    18. pro 2019.

    Fascinating, the #1 predictor of bugs is ... organizational complexity:

    Poništi
  16. proslijedio/la je Tweet
    11. pro 2019.

    One unnoticed vulnerability found by Intel STORM team: Intel IGD (integarted graphic card) can read two first dwords (unencrypted of course) of cache lines belonging to Intel SGX Enclave

    Poništi
  17. proslijedio/la je Tweet
    12. pro 2019.

    SetWindowsHookEx Leaks A Kernel Pointer – CVE-2019-1469

    Poništi
  18. proslijedio/la je Tweet
    25. stu 2019.

    It's great that people are reading this and applying it. But when you're testing a race condition on registration, there is no need to use my email address!

    Poništi
  19. proslijedio/la je Tweet
    1. pro 2019.

    I'd usually state the changes and improvements that were made when announcing a release; but this one time we shipped *many very important* changes and improvements, so check out the changelog before downloading 0.9.6 at

    Poništi
  20. proslijedio/la je Tweet
    28. stu 2019.

    If you always wanted to see our decompiler in action but were afraid to ask, you can play with it now: We offer a demo decompiler for x64, but decompilers for other processors work the same way :)

    Poništi
  21. proslijedio/la je Tweet
    21. stu 2019.

    New blog post time! This one looking at how we can use AMSI to help automate getting our payloads past AV.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·