Sebastian Neuner

@sebastian9er

Security Engineer . Loves CTFs. Opinions are my own.

Zürich, Schweiz
Vrijeme pridruživanja: kolovoz 2009.
20 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @sebastian9er

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @sebastian9er

  1. proslijedio/la je Tweet
    22. sij

    Ouch. The Safari tracking prevention has privacy vulnerabilities allowing worse tracking than what it was trying to prevent. Privacy engineering is *hard*. Honestly, I don't see a robust way around this one, though I haven't had enough time to sit down and really chew on it.

    Apple/Safari Intelligent Tracking Prevention is a mechanism intended to improve privacy. It was found to have privacy vulnerabilities allowing sites to track the user (and fingerprint), and to stealing web browser history of a user. Incredible find.
    Prikaži ovu nit
    67 proslijeđenih tweetova 104 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    7. sij

    At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):

    5 replies 208 proslijeđenih tweetova 571 korisnik označava da mu se sviđa
    Poništi
  3. proslijedio/la je Tweet
    2. sij

    Exploiting Wi-Fi stack on Tesla Model S. Details of vulnerabilities and exploition:

    308 proslijeđenih tweetova 580 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    19. pro 2019.

    A new set of "Mac firmware security" pages are finally out, thanks to . Check it out, it's what me and my teammates at Apple had beet working on really damn hard for the last several years.

    1 reply 93 proslijeđena tweeta 221 korisnik označava da mu se sviđa
    Poništi
  5. proslijedio/la je Tweet
    17. pro 2019.

    USB bulk transfers in 100% pure bare metal Go are operational, emulated Gadget Zero working and tested for bulk/interrupt endpoints. Now off to implement USB over Ethernet driver for this thing. Drivers in Go with TamaGo rock!

    15 proslijeđenih tweetova 60 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    25. stu 2019.

    XSS is cool and all, but this is next level. You should all watch this to face the bugs that will plague us for the next few years at least.

    I presented about Site Isolation in Google's event called 🙂 / "The world of Site Isolation and compromised renderer" Slide: Video:
    Prikaži ovu nit
    1 reply 18 proslijeđenih tweetova 56 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    20. stu 2019.

    Paged Out! #2 (Nov 2019) is out! And it's free to download :) This issue has 55 articles in 11 categories: Programming OS Internals Assembly Operating Systems GameDev Electronics Security/Hacking SysAdmin Reverse Engineering Algorithms Writing Articles

    6 replies 246 proslijeđenih tweetova 474 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    8. stu 2019.

    my exploit for gomium browser 2019 Finals

    28 proslijeđenih tweetova 97 korisnika označava da im se sviđa
    Poništi
  9. 5. stu 2019.

    Excellent talk by at . I really liked the discussion on responsible disclosure (yes, I am aware of the fact that the talk was on boot security 😅 )

    1 reply 1 korisnik označava da mu se sviđa
    Poništi
  10. proslijedio/la je Tweet
    2. stu 2019.

    BlueKeep (CVE 2019-0708) exploitation spotted in the wild

    7 replies 425 proslijeđenih tweetova 819 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    10. lis 2019.

    I'd assume PE parsing in the Windows kernel would be well tested but surprisingly no, five such bugs were fixed last Patch Tuesday, all found by fuzzing. They crashed the OS as soon as they'd be written to disk or worst case viewed in Explorer. Details:

    11 replies 241 proslijeđeni tweet 507 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    8. lis 2019.

    We recently found that some email addresses and phone numbers provided for account security may have been used unintentionally for advertising purposes. This is no longer happening and we wanted to give you more clarity around the situation:

    1.581 proslijeđeni tweet 1.699 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    7. lis 2019.

    If you're planning to attend Dragon CTF 2019, you might want to take a look at this post:

    4 proslijeđena tweeta 32 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    4. lis 2019.

    Enable the microphone remotely without interaction in Signal 😮

    Signal: Incoming call can be connected without user interaction
    15 replies 390 proslijeđenih tweetova 772 korisnika označavaju da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    27. ruj 2019.

    EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

    7.400 proslijeđenih tweetova 16.478 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    19. ruj 2019.

    That was silly But I also just found 50 bugs in codebase by grepping for "type [[:alnum:]]+ error". Everybody does exactly that! Does "type Foo error" ever make sense? Casting from error doesn't Should be pointed by static analysis?

    5 proslijeđenih tweetova 12 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    15. ruj 2019.

    LastPass could leak the last used credentials due to a cache not being updated. This was because you can bypass the tab credential cache being populated by including the login form in an unexpected way!

    lastpass: bypassing do_popupregister() leaks credentials from previous site
    445 proslijeđenih tweetova 904 korisnika označavaju da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    9. ruj 2019.

    Open infinite incognito windows in Chrome OS from a webpage, PoC in a tweet!: <form action="" method="POST"><input type="submit" name="incognito" value="1" id="a" /></form><script>setInterval(function(){document.getElementById("a").click();},100);</script>

    18 proslijeđenih tweetova 53 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    6. ruj 2019.

    The dumbest of the takes going around on the iOS 0days discovered by Google: “How would Google like it if Apple did the same thing to Android?” No idea how Google would like it, but as someone who relies on these products, I think it would be awesome.

    16 replies 152 proslijeđena tweeta 1.087 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    6. ruj 2019.

    Huge thanks to PoC developers and , and to , , , , , , and , all of whose work was key in both exploit development + enhancements that will serve MSF users well beyond BlueKeep.

    19 proslijeđenih tweetova 93 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@sebastian9er još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·