Eli Grey

@sephr

Creating software and security research • Made async/await with async.js before promises were available in JS • • Opinions are my own • they/them

Bay Area, CA
eligrey.com
Joined April 2008
45 Photos and videos Photos and videos

Tweets

You blocked @sephr

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @sephr

  1. Retweeted
    Aug 22

    From Nautilus file manager thumbnail to code execution via ghostscript and evince... by &

    8 replies 131 retweets 215 likes
    Show this thread
    Show this thread
    Undo
  2. Retweeted
    Aug 21

    When the design team loses a debate with the legal team.

    535 replies 39,758 retweets 78,668 likes
    Undo
  3. Retweeted
    Aug 23

    Gnome implemented sandboxing for thumbnail parsers, but patches that out, because why not?

    8 replies 71 retweets 147 likes
    Undo
  4. Retweeted
    Aug 21

    We just released an alpha version of WorkerDOM. An implementation of the DOM API that runs in a JavaScript thread at Slides: Github: Blog post:

    9 replies 268 retweets 670 likes
    Show this thread
    Show this thread
    Undo
  5. Retweeted
    Aug 21

    👨‍💻 Finally got around to fix the last known performance cliff with `Array#find()` and `Array#findIndex()` in . Both are now consistently fast, even with holey double arrays (8x speed-up on simple microbenchmark). 🔥 h/t 👍 🔗

    6 replies 61 retweets 280 likes
    Show this thread
    Show this thread
    Undo
  6. Retweeted
    Aug 21

    ghostscript: multiple critical vulnerabilities, including remote command execution

    95 retweets 105 likes
    Undo
  7. Aug 17

    🤯 Introducing Favioli, a Chrome extension that replaces blank tab icons with unique per-domain emoji to help you stay productive in a sea of tabs! Guest blog post by 👨🏻‍💻 Download Favioli for Chrome 🛰️

    1 reply 8 retweets 8 likes
    Undo
  8. Aug 15

    1 reply
    Undo
  9. Retweeted
    Aug 14

    Slides of my USENIX WOOT presentation are available online at It's about symbolic execution of crypto protocol implementations. See the paper at

    In our USENIX paper, we found a decryption oracle in Android's and Linux's Wi-Fi client called wpa_supplicant. Only exploitable when using TKIP on a WPA2 network (the default in 20% of networks). See section 5.4 of
    Show this thread
    27 retweets 54 likes
    Undo
  10. Retweeted
    Aug 14

    Windows Exploitation Tricks: Exploiting Arbitrary Object Directory Creation for Local Elevation of Privilege

    56 retweets 96 likes
    Undo
  11. Retweeted
    Aug 14

    Writable Files in the browser 🗄

    2 replies 29 retweets 106 likes
    Show this thread
    Show this thread
    Undo
  12. Retweeted
    Aug 14

    Blog post from providing a technical analysis of L1 Terminal Fault (L1TF) and a description of the mitigations:

    4 replies 98 retweets 130 likes
    Show this thread
    Show this thread
    Undo
  13. Retweeted
    Aug 14

    3 new Intel speculative execution CPU vulnerabilities: CVE-2018-3615 - L1 Terminal Fault: SGX CVE-2018-3620 - L1 Terminal Fault: OS/SMM CVE-2018-3646 - L1 Terminal Fault: VMM

    7 retweets 11 likes
    Undo
  14. Retweeted
    Aug 14

    Following seven months of responsible disclosure, we are happy to announce that our Foreshadow attack is now public . Work with Mark Silberstein, Daniel Genkin, Frank Piessens

    6 replies 367 retweets 398 likes
    Show this thread
    Show this thread
    Undo
  15. Aug 13

    Format plain text with

    Undo
  16. Retweeted
    Aug 10

    🚀 Electron Fiddle ✨ is here! Create, run, package, and share small experiments with – with examples, types, a decent coding experience, and a whole lot of 💖.

    4 replies 136 retweets 343 likes
    Undo
  17. Aug 10

    Text-Predicting Global Style Token (TP-GST) architecture for Tacotron: "TP-GST learns to predict stylistic renderings from text alone, requiring neither explicit labels during training, nor auxiliary inputs for inference"

    1 like
    Undo
  18. Retweeted
    Aug 7

    New attack on WPA PSK, using PMKID in Optional RSN element in management frame. Attacker can request directly from AP, no client traffic needed. With known SSID hashcat can precompute crack tables for key attack from PMKID. B00M

    12 retweets 21 likes
    Undo
  19. Retweeted
    Aug 6

    UBoat : A POC HTTP Botnet designed to replicate a full weaponised commercial botnet :

    1 reply 51 retweets 112 likes
    Undo
  20. Retweeted
    Aug 5

    Holy cow guys, this is real, I just tried it. Not only is FB censoring , they're censoring articles /about it/. Welcome to China, I guess.

    11 replies 46 retweets 69 likes
    Show this thread
    Show this thread
    Undo

@sephr hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·