Eli Grey

@sephr

Creating software and security research • Made async/await with async.js before promises were available in JS • • Opinions are my own • they/them

Bay Area, CA
Joined April 2008

Tweets

You blocked @sephr

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @sephr

  1. Retweeted
    Aug 22

    From Nautilus file manager thumbnail to code execution via ghostscript and evince... by &

    Show this thread
    Undo
  2. Retweeted
    Aug 21

    When the design team loses a debate with the legal team.

    Undo
  3. Retweeted
    Aug 23

    Gnome implemented sandboxing for thumbnail parsers, but patches that out, because why not?

    Undo
  4. Retweeted

    We just released an alpha version of WorkerDOM. An implementation of the DOM API that runs in a JavaScript thread at Slides: Github: Blog post:

    Show this thread
    Undo
  5. Retweeted
    Aug 21

    👨‍💻 Finally got around to fix the last known performance cliff with `Array#find()` and `Array#findIndex()` in . Both are now consistently fast, even with holey double arrays (8x speed-up on simple microbenchmark). 🔥 h/t 👍 🔗

    Show this thread
    Undo
  6. Retweeted
    Aug 21

    ghostscript: multiple critical vulnerabilities, including remote command execution

    Undo
  7. Aug 17

    🤯 Introducing Favioli, a Chrome extension that replaces blank tab icons with unique per-domain emoji to help you stay productive in a sea of tabs! Guest blog post by 👨🏻‍💻 Download Favioli for Chrome 🛰️

    Undo
  8. Aug 15
    Undo
  9. Retweeted
    Aug 14

    Slides of my USENIX WOOT presentation are available online at It's about symbolic execution of crypto protocol implementations. See the paper at

    Undo
  10. Retweeted
    Aug 14

    Windows Exploitation Tricks: Exploiting Arbitrary Object Directory Creation for Local Elevation of Privilege

    Undo
  11. Retweeted
    Aug 14
    Show this thread
    Undo
  12. Retweeted
    Aug 14

    Blog post from providing a technical analysis of L1 Terminal Fault (L1TF) and a description of the mitigations:

    Show this thread
    Undo
  13. Retweeted
    Aug 14

    3 new Intel speculative execution CPU vulnerabilities: CVE-2018-3615 - L1 Terminal Fault: SGX CVE-2018-3620 - L1 Terminal Fault: OS/SMM CVE-2018-3646 - L1 Terminal Fault: VMM

    Undo
  14. Retweeted
    Aug 14

    Following seven months of responsible disclosure, we are happy to announce that our Foreshadow attack is now public . Work with Mark Silberstein, Daniel Genkin, Frank Piessens

    Show this thread
    Undo
  15. Aug 13

    Format plain text with

    Undo
  16. Retweeted
    Aug 10

    🚀 Electron Fiddle ✨ is here! Create, run, package, and share small experiments with – with examples, types, a decent coding experience, and a whole lot of 💖.

    Undo
  17. Aug 10

    Text-Predicting Global Style Token (TP-GST) architecture for Tacotron: "TP-GST learns to predict stylistic renderings from text alone, requiring neither explicit labels during training, nor auxiliary inputs for inference"

    Undo
  18. Retweeted
    Aug 7

    New attack on WPA PSK, using PMKID in Optional RSN element in management frame. Attacker can request directly from AP, no client traffic needed. With known SSID hashcat can precompute crack tables for key attack from PMKID. B00M

    Undo
  19. Retweeted
    Aug 6

    UBoat : A POC HTTP Botnet designed to replicate a full weaponised commercial botnet :

    Undo
  20. Retweeted
    Aug 5

    Holy cow guys, this is real, I just tried it. Not only is FB censoring , they're censoring articles /about it/. Welcome to China, I guess.

    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·