Specter

@SpecterDev

Interested in Security and Exploit Development. Nano is the one true text editor.

  Ontario
Beigetreten August 2015

Tweets

Du hast @SpecterDev blockiert

Bist du sicher, dass du diese Tweets sehen willst? Das Ansehen von Tweets wird @SpecterDev nicht entblocken.

  1. Angehefteter Tweet
    11. Mai 2020

    The PS4 toolchain BETA has dropped! Massive thanks to all the effort by everyone. Shouts and anyone else I may have missed! This took months of effort from all and it's awesome to be able to finally share it.

    Rückgängig machen
  2. hat retweetet
    12. Apr.

    Binary episode goes live in 10 minutes. Today we have a P0 post on an iOS ASN.1 parsing bug, a PHP use-after-free/type confusion, and a discussion around the future of security.

    Rückgängig machen
  3. hat retweetet
    2. Apr.

    Happy to finally publish my work on the two vulnerabilities in the Linux kernel I've found: CVE-2022-1015 and CVE-2022-1016! I'll be talking some background, a deeper look into nf_tables, and a local privilege escalation PoC! (code on my github)

    Diesen Thread anzeigen
    Rückgängig machen
  4. hat retweetet
    30. März

    My new blog post, "Betabot in the Rearview Mirror" is out. It is a comprehensive dive into the notorious 2016 malware, Betabot aka Neurevt.

    Rückgängig machen
  5. hat retweetet
    15. März

    We'll be live in 10 minutes with the binary episode. Sorry for being an hour late :( Live on Twitch:

    Rückgängig machen
  6. hat retweetet
    15. Feb.

    In 10 minutes we go live with the binary episode of the week. Today we have a post about taint analysis from ZDI, another kernel TIPC bug, and buggy Go code that Rust would have prevented.

    Rückgängig machen
  7. 10. Feb.

    If I got one wish it'd be for everyone to stop using medium for their writeups and articles. Why does anyone use this awful platform?

    Rückgängig machen
  8. hat retweetet
    8. Feb.

    Binary episode goes live in 10 minutes. Today features an infoleak that affects Fastly in H2O webserver, a Samba bug, and a meme of a macOS bug.

    Rückgängig machen
  9. hat retweetet
    31. Jan.

    Bounty podcast starts in 10 minutes, featuring a bogus bug, a Zoho auth bypass, and an IDOR (sort of) that leaks info from Microsoft bounties.

    Diesen Thread anzeigen
    Rückgängig machen
  10. 27. Jan.

    Was hoping to get exfat bug working but the exploit scenario on PS5 is much tougher than PS4. Might still be possible to find a way but a lot of work will need to be put into finding a viable path. But at least the userland portion is out there so it can be attempted/tested :P

    Rückgängig machen
  11. hat retweetet
    27. Jan.

    We've released a small writeup and some code for userland exec on PS5. DNS redirection to https works.

    Rückgängig machen
  12. hat retweetet
    24. Jan.

    Bounty episode for this week will be live in 10 minutes. Today features a VMware Workspace One SSRF, insecure AES key generation in Telenot Complex, an MFA Bypass in Box, and more. Tune in live:

    Rückgängig machen
  13. hat retweetet
    3. Jan.

    PS4GDB finally made it into Mira develop branch

    Diesen Thread anzeigen
    Rückgängig machen
  14. 18. Dez. 2021

    Thing is, even if you could dump the keyslots that hold keys for decrypting fw/kernel/whatever (which you can't with this), these are *decryption* keys, you can't use them to sign your own stuff anyway.

    Diesen Thread anzeigen
    Rückgängig machen
  15. 18. Dez. 2021

    I feel like it's easy to fall into the trap of seeing "keys" and assume that all keys are equal. PFS keys != signing keys for firmwares. There's a lot of nuance to PS4 crypto / SBL that people leave out or aren't aware of.

    Diesen Thread anzeigen
    Rückgängig machen
  16. hat retweetet
    18. Dez. 2021

    so, PS4 Crypto Coprocessor (CCP) interface in secure kernel had a bug that allowed us to dump (or better saying, bruteforce) key slots from SAMU, that's how AES/HMAC keys from PFS, portability keys, VTRM keys, etc could be retrieved on unpatched firmware:

    Diesen Thread anzeigen
    Rückgängig machen
  17. 15. Dez. 2021

    If you wanna know why the toolchain doesn't work with later LLVM builds, shit like this is why

    Diesen Thread anzeigen
    Rückgängig machen
  18. 15. Dez. 2021

    LLVM 13, what the fuck is this

    Diesen Thread anzeigen
    Rückgängig machen
  19. hat retweetet
    14. Dez. 2021

    Our final binary episode before the winter break will be going live in 10 minutes. A good mix of bugs this week + HexRays drama.

    Rückgängig machen
  20. hat retweetet
    14. Dez. 2021

    Guess now is a good time to remind ppl about open orbis, now that the floodgates are open. Any keen devs wanting to dip their toes into ps4 now can. Help 9.00 be more than just piracy 😉

    Rückgängig machen
  21. 14. Dez. 2021

    Creative cloud for reversing. Gross.

    Rückgängig machen

Das Laden scheint etwas zu dauern.

Twitter ist möglicherweise überlastet oder hat einen vorübergehenden Schluckauf. Probiere es erneut oder besuche Twitter Status für weitere Informationen.

    Vielleicht gefällt dir auch

    ·