Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @silviocesare
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @silviocesare
-
Prikvačeni tweet
Train with me and
@infosectcbr to find bugs and vulnerabilities in C systems software https://blackhat.com/us-20/training/schedule/index.html#code-review-19126 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Silvio Cesare proslijedio/la je Tweet
Well given that you have an exploitable vulnerability, yes. Pointer compression is less of a security oriented change and more of a performance oriented change. But as its a change regardless, you have to make some tiny modifications to the techniques you use for exploitation.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Silvio Cesare proslijedio/la je Tweet
Just made a short blog post for
@infosectcbr on how pointer compression has been implemented in V8, and what it means from the perspective of an exploit developer. It's a fairly recent change that's only been mentioned in a chromium design document as far as I can see.https://twitter.com/infosectcbr/status/1223898851943149568 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
.
@farazsth98 has done some great work on Chrome and he explains this more recent V8 code change. It requires some changes to previous techniques, but Chome/V8 is still reliably exploitable.https://twitter.com/infosectcbr/status/1223898851943149568 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Latest Firefox popping xcalc. Note that sandbox is disabled and I've used the blazefox patch which injects a relative (oob) rw bug.pic.twitter.com/eA4f1g2Y0A
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Popping xcalc in Firefox very reliably on latest version with the blazefox CTF-style vuln/patch.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ok.. that was easier to implement than I thought.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Well now it seems I have to code an in memory ELF export symbol resolver in JS since Firefox doesn't put the symbols I want in the GOT.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A state of emergency has been declared in my state of ACT due to the bush fires.
@kylieengineer is currently at home in Canberra but I am still in QLD away from the fires. I return next week.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Silvio Cesare proslijedio/la je Tweet
Now excuse my fanboi moment but WE HAVE SILVIO https://www.blackhat.com/us-20/training/schedule/#code-review-19126 … If you are going to learn how to find vulns, there are very few in this world who do it like Mr
@silviocesarepic.twitter.com/or4LjGwKexPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
.
@farazsth98 pointed out that the Firefox team have publicly stated that they think constant blinding used in Chrome is a superficial mitigation and trivial to bypass - which is why they don't implement it. Does anyone have more details? To me, this mitigation seems useful..Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ignoring that I can just create my own jit gadgets in Firefox. I'm trying to find an existing one in the code/libraries.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trying to find a stack pivot gadget in Firefox and Chrome turns out to be surprisingly hard.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Silvio Cesare proslijedio/la je Tweet
Looking forwards to heading back to Canberra to talk about designing electronics at
@BSidesCbr! Was a great event last year so keen to see what this year brings.https://twitter.com/BSidesCbr/status/1222027362595831808 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Silvio Cesare proslijedio/la je Tweet
Flames now coming over multiple hills. Current view from Davidson’s Trigg with
#canberra region of Woden in foreground.#orroralvalleyfire#canberrafires@canberratimes@abccanberrapic.twitter.com/seLnKE5ro3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
You do not, I repeat, you do not want to miss this year.https://twitter.com/kylieengineer/status/1222094437125259264 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pretty happy to use Unicorn engine/x64 emulator to help me find appropriate gadgets to use in browser exploitation. It seems I'm stealing
@rankstar591's ideas where he did the same for a mobile problem.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Come join me and
@infosectcbr for “Linux Heap Exploitation” - a 4-day training at@HITBSecConf Singaporehttps://conference.hitb.org/hitbsecconf2020sin/sessions/4-day-training-1-linux-heap-exploitation/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Silvio Cesare proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
A note for
@infosectcbr social night that was scheduled for tonight. We cancelled due to the fires sorry :(Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
