Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @tiraniddo
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @tiraniddo
-
Pinned Tweet
My book's finally here, just in time for Xmas. Thanks to
@billpollock and@nostarch for all their time and effort as well as my friend@k8em0 for doing the forward. Hope anyone who's bought it are seeing final copies arriving. And it's a dog on the cover BTW
pic.twitter.com/0aApanm1nL
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't.
@aionescu and I wrote about these! https://windows-internals.com/dkom-now-with-symbolic-links/ …Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
I hope my last 3 write-ups have covered the subject of filesystem bugs enough. It talks about discovery using procmon, and also poc writing now. You can just copy paste from the poc on github for a lot of bugs I guess. I hope it helps get atleast one person into the field.
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy! https://googleprojectzero.blogspot.com/2020/01/part-ii-returning-to-adobe-reader.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
A quick post on why you shouldn't use SYSTEM Tokens when you sandbox a process. Part 1 of N (where I haven't decided how big N is). https://www.tiraniddo.dev/2020/01/dont-use-system-tokens-for-sandboxing.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
Excited to start the new year with CVE-2020-3842 :) It's a fun one and unlike the other bugs I reported so far so I'm looking forward to (responsibly) disclosing it.https://support.apple.com/en-us/HT210918
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw RetweetedThanks. Twitter will use this to make your timeline better. UndoUndo
-
Whatever you do don't run the PS/NtObjectManager command '[NtApiDotNet.CreateUserProcess]::Fork("IgnoreSectionObject", 0)' on Windows 10 1909. I did and I was very sad, so just don't!
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
Just finished the writeup for my learning process to replicate the CVE-2019-19470, I also public the source code for exploit and a Masquerade-PEB C#. Hope you enjoy! https://plaintext.do/CVE-2019-19470_learning_journey/ …https://twitter.com/JulioUrena/status/1219460407653470208 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
Advance copy. Coming soon!
@nostarchpic.twitter.com/Ztp3gnEQ6l
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Interesting recent change (at least 1903) to SeTokenCanImpersonate which determines if you can impersonate an access token. The Session ID is now checked so that you can't impersonate same user session 0 tokens outside of session 0.
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
We updated the Security Servicing Criteria for Windows today clarifying a non-boundary (Hyper-V Administrator Group) & expanding the Administrator-to-Kernel non-boundary. We do this periodically in response to research trends; feedback is always welcome.https://aka.ms/windowscriteria
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
This is a bigger problem than Safari's ITP introducing far more serious privacy vulnerabilities than the kinds of tracking that it's supposed to mitigate. The cross-site search and related side-channels it exposes are also abusable security vulnerabilities.https://twitter.com/lukOlejnik/status/1219873289230856198 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I know MS is not one big joined up company but this really isn't a good look from a Security POV. Especially hypocritical considering how much obfuscation MS themselves put into Windows 10 to try and prevent user preference hijacking (unless you're Edge of course).https://twitter.com/SwiftOnSecurity/status/1220002505117065216 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
The wait is finally over! Registration & schedule for
#BlueHatIL 2020 are live. Places are limited so register NOW: http://bluehatil.com pic.twitter.com/JXXx8OQOYn
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
The 7th part of the tutorial Hypervisor From Scratch is published! In this part, I described EPT. Thanks to Petr
@PetrBenes as Hypervisor From Scratch could never have existed without his help and to Alex@aionescu for patiently answering my questions.https://rayanfam.com/topics/hypervisor-from-scratch-part-7/ …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Thanks
@googledrive, for saving me from an evil PCAP!
pic.twitter.com/cMvwGhysTS
Thanks. Twitter will use this to make your timeline better. UndoUndo -
And this is why I wrote my blog post about spoofing named pipe PIDs, no one should be using them as a security enforcement mechanism. Wonder how TinyWall fixed it? :-)https://twitter.com/codewhitesec/status/1218106830808866816 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
To clarify the Windows crypto fail: The problem isn't in signature validation. The problem is the *root store/cache*. CryptoAPI considers an (attacker-supplied) root CA to be in the trust store if its public key and serial match a cert in the root store, Ignoring curve params.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
After a lot of work and some crypto-related delays, I couldn't be more proud to publish
@aionescu's and mine latest research - The complete overview of CET internals on Windows (so far!): http://windows-internals.com/cet-on-windows/Thanks. Twitter will use this to make your timeline better. UndoUndo -
James Forshaw Retweeted
[Blog] Avira VPN Local Privilege Escalation https://enigma0x3.net/2020/01/15/avira-vpn-local-privilege-escalation-via-insecure-update-location/ … Uses some fun tricks to circumvent service DACL and integrity checks.
Thanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.