Tavis OrmandyVerified account

@taviso

Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine.

California
taviso.decsystem.org
Joined April 2008
46 Photos and videos Photos and videos

Tweets

You blocked @taviso

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @taviso

  1. Retweeted
    Aug 24
    Replying to

    3 replies 8 retweets 48 likes
    Undo
  2. Retweeted
    Aug 23
    Replying to

    Heh, I just heard "Shell in the Ghost", that would have been a good name. 🤓

    2 replies 10 retweets 61 likes
    Undo
  3. Aug 23

    Wait... what? 🤦‍♂️

    Gnome implemented sandboxing for thumbnail parsers, but patches that out, because why not?
    4 replies 54 retweets 195 likes
    Undo
  4. Retweeted
    Aug 22

    From Nautilus file manager thumbnail to code execution via ghostscript and evince... by &

    8 replies 132 retweets 216 likes
    Show this thread
    Show this thread
    Undo
  5. Retweeted
    Aug 21

    😱 %!PS userdict /setpagedevice undef legal { null restore } stopped { pop } if legal mark /OutputFile (%pipe%id) currentdevice putdeviceprops

    This is your annual reminder to disable all the ghostscript coders in policy.xml.
    2 replies 20 retweets 36 likes
    Undo
  6. Aug 21

    This is your annual reminder to disable all the ghostscript coders in policy.xml.

    If you haven't already disabled all the ghostscript codecs in policy.xml, now would be a good time to double check.
    8 replies 165 retweets 339 likes
    Undo
  7. Retweeted
    Aug 20

    My slides on Reverse Engineering Windows Defender's Binary Emulator, as presented , , and are online. Sequel to my RE of Defender's JS engine, I think this is the best presentation I've done yet. Huge PDF - 40mb/225 slides

    10 replies 333 retweets 684 likes
    Show this thread
    Show this thread
    Undo
  8. Retweeted
    Aug 13

    We are releasing the Smartcard Fuzzer used to find bugs in OpenSC, Yubico, and Apple Smart Card Services stacks:

    2 replies 217 retweets 320 likes
    Show this thread
    Show this thread
    Undo
  9. Retweeted
    Aug 13

    REMINDER: You can block or mute anyone for any reason. It's your timeline, it's your space, it's your time and attention.

    77 replies 672 retweets 3,498 likes
    Undo
  10. Retweeted
    Aug 8

    Hi , I've been working for years to help make iOS more secure. Here's a list of all the bugs I reported which qualified for your bug bounty since its launch, could you invite me to the program so we can donate this money to ?

    100 replies 1,058 retweets 3,175 likes
    Show this thread
    Show this thread
    Undo
  11. Retweeted
    Aug 8

    Damn, the stadium is huge, and just gave an amazing keynote in front of this huge crowd. <3

    20 replies 93 retweets 605 likes
    Undo
  12. Retweeted
    Aug 8

    The data don't lie: Project Zero is making users across the industry more secure.

    4 replies 35 retweets 160 likes
    Undo
  13. Retweeted
    Aug 8

    She even made fun of blockchain in her opener. ;) Go go!

    1 reply 3 retweets 32 likes
    Show this thread
    Show this thread
    Undo
  14. Retweeted
    Aug 2

    Blog post on the exciting world of reporting vulnerabilities

    10 replies 207 retweets 396 likes
    Undo
  15. Retweeted
    Aug 1

    Hey, look. Reddit got owned up. STOP USING SMS 2FA. It doesn’t work.

    30 replies 433 retweets 568 likes
    Show this thread
    Show this thread
    Undo
  16. Retweeted
    Jul 5

    Next month and I'll be talking about Windows Defender's and releasing tooling for the emulator built on 's "loadlibrary". If you're interested, I recommend grabbing the current 32-bit Windows Defender Antivirus at

    1 reply 18 retweets 68 likes
    Show this thread
    Show this thread
    Undo
  17. Retweeted
    Jun 5

    Popping notepad as SYSTEM via F-Secure antivirus (now patched) using 7-zip flaw. Likely applies to other AVs. Don't tell

    6 replies 136 retweets 272 likes
    Undo
  18. Retweeted
    May 12
    Replying to

    Haha, here is Master Blaster, an elite hacker, doing a code review with a novice programmer. I hope this scene is going to be in the next DC universe movie 🤣

    5 replies 17 retweets 70 likes
    Undo
  19. May 12

    This person wrote to the editor complaining that they used C. /cc

    8 replies 13 retweets 110 likes
    Show this thread
    Show this thread
    Undo
  20. May 12

    No more livetweeting haha, but you all need to read this lol.

    6 replies 20 likes
    Show this thread
    Show this thread
    Undo

@taviso hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·