Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
Thanks
@googledrive, for saving me from an evil PCAP!
pic.twitter.com/cMvwGhysTS
-
For anyone interested in my presentation on Local RPC in .NET the HITB version is now up on YouTube.https://youtu.be/2GJf8Hrxm4k
-
Interestingly simple bug and a good demonstration of the difficulty working out the security of a COM services. Although I'd be wrong not to plug http://oleview.net at this point as it'll show you the Launch Permissions + Integrity Level :-) https://twitter.com/thezdi/status/1208057507542949888 …pic.twitter.com/7CsHw47WaJ
Prikaži ovu nit -
Interesting AppLocker security feature. If you enable the default DLL rules on an up to date Win10 your users can no longer download any executable file in any common web browser. Can you guess why?pic.twitter.com/h8S9O35nce
-
Not seen these before. Token security attributes which indicate if a process has be UAC auto elevated (LUA://HdAutoAp) and whether it's decended from an auto elevated app (LUA://DecHdAutoAp). Might be useful for detecting the results of UAC bypasses in the wild.pic.twitter.com/lQZuERSS5N
-
Impressed that when Microsoft said there are no new APIs in 1909 vs 1903 they seem accurate from an RPC attack surface perspective. Only 1 new server, and one new function in the AppX Deployment Server that I could identify. Of course might be deeper changes I can't detect.pic.twitter.com/8xaBClOqkg
Prikaži ovu nit -
Have you configured symbols? You'll need a copy of DBGHELP.DLL from WinDBG to get remote symbols, see the screenshot. OVDN comes with a limited set of pre-cached symbols but everytime MS updates the COM libraries the offsets move. Also can your user open the PID?pic.twitter.com/7Vx8qS5d6R
-
You can't assign an explicit IL to a file/key which is higher than your own IL. Relabel privilege bypasses that security check. I doubt it's something that useful, most of the time it's a service token with it which already has system IL.pic.twitter.com/DmtOMimgU3
-
I wonder if it's possible for
@Waterstones in Canary Wharf to be any more condescending about comic books and the people who read them. If you believe Wikipedia the term "Graphic Novel" seems to have been around for at least 60 years, and no doubt before that.pic.twitter.com/EbNH8v9zyW
-
A quick check with Diaphora looks like it was probably a ref-counting/memory safety hazard issue. No doubt fuzzed. Think I'm off the hook
pic.twitter.com/NwDVxzKUZj
-
Of course if you proceed to install Python then the alias changes to point to the installed store package. The DesktopAppInstaller is some Store crapware which MS have pushed out, it could very easily add new 'aliases' to get you to install stuff from the Store in the future.pic.twitter.com/zUjLYZrHVY
-
It's an execution alias https://docs.microsoft.com/en-us/uwp/schemas/appxpackage/uapmanifestschema/element-uap5-appexecutionalias …. It's not _really_ a 0 byte file, it's a reparse point which is handles specially by CreateProcess. My Get-ExecutionAlias cmdlet gives you more info such as the package that gets started (Microsoft.DesktopAppInstaller).pic.twitter.com/IVHLYMxGFv
-
I thought they were hammering Linux for FAT32 patents, not exFAT. Of course those patents expired and suddenly they had a new file system ready to go.pic.twitter.com/myUVOtpb3e
-
-
Updated my presentation repo on github with
@InfiltrateCon presentations, including the latest one from 2019 on "Having Fun with COM" https://github.com/tyranid/infosec-presentations …pic.twitter.com/0uBoIE3VdA
-
Nice short list you've got there.... Sorry I couldn't resist ;-) I'm sure there's many IIDs which aren't in the registry, a merge might be useful. Also a link to the CSV if you don't want to run my tools https://drive.google.com/file/d/1Vvi-0hUmg1iDYGyAT5fM6KFq_47fSIVa/view?usp=sharing …pic.twitter.com/uBKdEQnwEU
-
@hakril FYI regarding B4537DA9-3D03-4F6B-B594-52B2874EE9D0 :-)pic.twitter.com/7nenILYvKZ
-
The first step to recovery is realizing you have a problem.pic.twitter.com/5LU8oqAy7P
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.