Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @trichimtrich
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @trichimtrich
-
Trí Chim Trích proslijedio/la je Tweet
New blog post outlining how to use my .NET RPC Client tooling from PowerShell and C# to test and exploit local RPC security vulnerabilities. Also an early xmas present for those who enjoy long standing design flaws in UAC :-) https://googleprojectzero.blogspot.com/2019/12/calling-local-windows-rpc-servers-from.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
https://sandboxescaper.blogspot.com/2019/12/chasing-polar-bears-part-one.html … Here is part one. Pretty sure the attack surface described has many more bugs (not just the vmware tools installer.. I doubt this bug is exploitable in the first place, just wanted something to demo that is unpatched, easier for folks to learn!)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
Re-Published my series about debugging the Samsung Android Kernel! https://medium.com/@alex91ar/debugging-the-samsung-android-kernel-part-1-91b55b79d955?source=friends_link&sk=ff27cd2d6ca94bc35fea08c847f6227d … https://medium.com/@alex91ar/debugging-the-samsung-android-kernel-part-2-eab0bbdd6f19?source=friends_link&sk=d76dd15a418d8b2bdb20917b797f1960 … https://medium.com/@alex91ar/debugging-the-samsung-android-kernel-part-3-a6a7f762fcd6?source=friends_link&sk=635b789114be318db3b28e454b4069d7 …
#samsung#debug#kernel Code is also public again! https://github.com/alex91ar/samsung-debug … Enjoy! :)Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
CodeQL snapshots of large open source projects https://semmle.com/large-oss-projects …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
If you miss AngularJS sandbox, I have a new toy for you
WorkerDOM/AMP JS
https://github.com/ampproject/worker-dom#amp-distribution-for-amp-script …
https://github.com/ampproject/worker-dom/issues/721 …pic.twitter.com/LuUvbUBRjs
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
My team released a white paper on the PRNG in Windowshttps://twitter.com/MsftSecIntel/status/1199068992985587714 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
What? A library that wraps IDA decompiler API and makes it usable? *and* documented? We just released a thing. Blog: https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html … Github: https://github.com/fireeye/FIDL Docs!!!: https://fidl.readthedocs.io/en/latest/
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
Announcing Haybale, a symbolic execution engine for LLVM IR written in
@rustlang. Haybale can analyze programs written in C/C++, Rust, or any other language which compiles to LLVM IR. Working on this has been great fun, and I'm excited to release 0.1.0! https://crates.io/crates/haybalePrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
New #WebAssembly security blogpost
Do you know that it's pretty easy to create an HTML/JS/Wasm module polyglot?
Those polyglot files are consider as valid:
HTML/Javascript files
WebAssembly modules
https://webassembly-security.com/polyglot-webassembly-module-html-js-wasm/ …
Kudos to @angealbertini for the help ;)Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
I presented about Site Isolation in Google's event called
#bugSWAT
/ "The world of Site Isolation and compromised renderer"
Slide: https://speakerdeck.com/shhnjk/the-world-of-site-isolation-and-compromised-renderer …
Video:https://youtu.be/ppW_soCb6wM Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
You can download the slides of
#POC2019 here: http://powerofcommunity.net/2019.htm Some slides are missing because of speakers’ requests.#POC2020 will be held on Nov. 12~13, 2020 in Seoul.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
I wrote the 2nd tutorial for my kernel exploit series: bypassing SMEP/KPTI via kernel ROP.https://github.com/pr0cf5/kernel-exploit-practice/tree/master/bypass-smep …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
Getting Arbitrary Code Execution from fopen's 2nd Argument http://hugeh0ge.github.io/2019/11/04/Getting-Arbitrary-Code-Execution-from-fopen-s-2nd-Argument/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
Want to win Pwn2Own without all the hassle of having to spend time finding bugs? We finally got round to sorting out and releasing Jandroid - a tool for helping to find logic bugs in Android apps (and just in time for next week!) https://labs.f-secure.com/blog/automating-pwn2own-with-jandroid …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
I published my slides at CODE BLUE 2019: "Let's Make Windows Defender Angry: Antivirus can be an oracle!" This presentation is a summary of works on AVOracle for these half years, and I presented a new use of Windows Defender as a file modifier. Enjoy!https://speakerdeck.com/icchy/lets-make-windows-defender-angry-antivirus-can-be-an-oracle …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
I built an iOS kernel debugger called KTRW based on a KTRR bypass for the iPhone X. It is capable of patching kernel __TEXT_EXEC, loading kernel extensions, and performing single-step kernel debugging with LLDB and IDA Pro over USB:https://github.com/googleprojectzero/ktrw …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
"
#checkm8: The iPhone Exploit That Hackers Use to Research Apple’s Most Sensitive Code" This is what the title of this write-up would be if it was a VICE article. This is a detailed write-up of the vulnerability I found and how the exploit really works.https://habr.com/en/company/dsec/blog/472762/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
#HITCONCTF 2019 quals writeups from 𝚙𝚠𝚗𝙿𝙷𝙾𝚏𝚞𝚗 http://pwnpho.fun/ctf-writeups/hitcon/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
I saw lots of payloads for RCE on Flask SSTI, but I really think mine is the simplest
{{config.__class__.__init__.__globals__['os'].popen('ls').read()}}
Have Fun
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Trí Chim Trích proslijedio/la je Tweet
Our guy,
@SecurityMB, had a presentation at OWASP Poland Day about exploiting prototype pollution to RCE on the example of Kibana, by abusing environmental variables in node. The slides are here: https://slides.com/securitymb/prototype-pollution-in-kibana/#/ … We will also release a writeup soon so stay in touch!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

