Roman

@romanwagnr

iOS/Android Penetration Tester.

Deutschland
Vrijeme pridruživanja: listopad 2018.

Tweetovi

Blokirali ste korisnika/cu @romanwagnr

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @romanwagnr

  1. proslijedio/la je Tweet
    9. sij

    I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    27. pro 2019.
    Poništi
  3. Poništi
  4. proslijedio/la je Tweet
    26. pro 2019.

    New blogpost: Sanitized Emulation with QEMU-AddressSanitizer I just open-sourced my QEMU patches to fuzz binaries with ASan, QASan. You can also use it with ARM targets on Linux, a thing that you can't do with LLVM ASan!

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    10. pro 2019.

    I'm really excited about this video. It has been in the making for a long time. It's a video with about his SockPuppet vulnerability in the XNU (iOS/Mac) Kernel and was used for jailbreaking. Haxember #10

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    5. pro 2019.

    🌟v2 of my free Intro to Android App Reverse Engineering workshop is here! 🌟 I've added 3 new exercises, walk-through videos for all 7 exercises, a new module on obfuscation, & exercises on vuln hunting rather than just malware. I hope it helps!

    Screenshot of the table of contents at maddiestone.github.io/AndroidAppRE
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    7. pro 2019.

    Here are the slides for the talk by me on DeStroid in automatically deobfuscate encrypted strings in Android malware. Including some bonus slides:)

    Poništi
  8. proslijedio/la je Tweet
    27. ruj 2019.

    EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    20. kol 2019.

    Writeup for VM Escape found by our team member : In the writeup, Vishnu describes how he found and exploited CVE-2019-14378 that was a pointer miscalculation bug in network backend of QEMU to get code execution!

    Poništi
  10. proslijedio/la je Tweet
    15. svi 2019.

    Project Zero's tracking sheet for zero-day exploits that were detected "in the wild":

    Poništi
  11. proslijedio/la je Tweet
    30. tra 2019.

    Pentesting Cheatsheets - Convenient commands for your pentesting / red-teaming engagements, OSCP and CTFs : cc @kondencuotas

    Poništi
  12. proslijedio/la je Tweet
    1. tra 2019.

    Announcing my very own free, open source and online course: "Reverse Engineer iOS Applications" 📱 My favourite personal project yet. It was a lot of fun and hard work but I hope it'll help drive more researchers to mobile security. Feedback always welcome

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet

    I never thought I would experience a XSS on Google Search. But blew my mind! This is a video going over the difficulties of sanitizing HTML in JavaScript.

    Poništi
  14. proslijedio/la je Tweet
    15. ožu 2019.

    RCE on Steam Client via buffer overflow in Server Info by and vinnievan. Full report here: ($18,000 bounty)

    Poništi
  15. proslijedio/la je Tweet
    7. ožu 2019.

    Translating: mmap_min_addr bypass means that hundreds of NULL-derefs in Linux kernel that usually treated as "local DoS in Linux, who cares?" now suddenly become easily exploitable So if you don't have the fix your kernel is subject to 100s of exploits eg:

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    21. velj 2019.

    For your enjoyment, here are 242 Linux kernel crashes from the Syzkaller crash database reproduced and recorded in PANDA (165GB):

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    15. velj 2019.
    Poništi
  18. proslijedio/la je Tweet
    10. velj 2019.

    Here is my obfuscated payload. It bypasses lots of WAF, including CloudFlare iirc. <iframe src="%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A%3Aalert(0)"> iFrame with javascript URI payload. Line feeds [CRLF] obfuscate it.

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    7. velj 2019.

    ClusterFuzz, an infrastructure used for fuzzing Chrome and OSS-Fuzz, is open source now! Enjoy responsibly :) Blog: Code:

    Poništi
  20. proslijedio/la je Tweet
    5. velj 2019.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·