Trí Chim Trích

@trichimtrich

Computer nerd / Member of / Security 1⃣0⃣1⃣

  Vietnam
Vrijeme pridruživanja: ožujak 2014.

Tweetovi

Blokirali ste korisnika/cu @trichimtrich

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @trichimtrich

  1. proslijedio/la je Tweet
    17. pro 2019.

    New blog post outlining how to use my .NET RPC Client tooling from PowerShell and C# to test and exploit local RPC security vulnerabilities. Also an early xmas present for those who enjoy long standing design flaws in UAC :-)

    Poništi
  2. proslijedio/la je Tweet
    16. pro 2019.

    Here is part one. Pretty sure the attack surface described has many more bugs (not just the vmware tools installer.. I doubt this bug is exploitable in the first place, just wanted something to demo that is unpatched, easier for folks to learn!)

    Prikaži ovu nit
    Poništi
  3. Poništi
  4. proslijedio/la je Tweet
    24. stu 2019.

    CodeQL snapshots of large open source projects

    Poništi
  5. proslijedio/la je Tweet
    25. stu 2019.
    Poništi
  6. proslijedio/la je Tweet

    My team released a white paper on the PRNG in Windows

    Poništi
  7. proslijedio/la je Tweet
    25. stu 2019.

    What? A library that wraps IDA decompiler API and makes it usable? *and* documented? We just released a thing. Blog: Github: Docs!!!:

    Poništi
  8. proslijedio/la je Tweet
    25. stu 2019.

    Announcing Haybale, a symbolic execution engine for LLVM IR written in . Haybale can analyze programs written in C/C++, Rust, or any other language which compiles to LLVM IR. Working on this has been great fun, and I'm excited to release 0.1.0!

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet

    🎉 New security blogpost 🎉 Do you know that it's pretty easy to create an HTML/JS/Wasm module polyglot? Those polyglot files are consider as valid: ✅ HTML/Javascript files ✅ WebAssembly modules Kudos to for the help ;)

    Poništi
  10. proslijedio/la je Tweet
    19. stu 2019.

    I presented about Site Isolation in Google's event called 🙂 / "The world of Site Isolation and compromised renderer" Slide: Video:

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    19. stu 2019.

    You can download the slides of here: Some slides are missing because of speakers’ requests. will be held on Nov. 12~13, 2020 in Seoul.

    Poništi
  12. proslijedio/la je Tweet
    6. stu 2019.

    I wrote the 2nd tutorial for my kernel exploit series: bypassing SMEP/KPTI via kernel ROP.

    Poništi
  13. proslijedio/la je Tweet
    4. stu 2019.
    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    1. stu 2019.

    Want to win Pwn2Own without all the hassle of having to spend time finding bugs? We finally got round to sorting out and releasing Jandroid - a tool for helping to find logic bugs in Android apps (and just in time for next week!)

    Poništi
  15. proslijedio/la je Tweet
    31. lis 2019.

    I published my slides at CODE BLUE 2019: "Let's Make Windows Defender Angry: Antivirus can be an oracle!" This presentation is a summary of works on AVOracle for these half years, and I presented a new use of Windows Defender as a file modifier. Enjoy!

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    28. lis 2019.

    I built an iOS kernel debugger called KTRW based on a KTRR bypass for the iPhone X. It is capable of patching kernel __TEXT_EXEC, loading kernel extensions, and performing single-step kernel debugging with LLDB and IDA Pro over USB:

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    24. lis 2019.

    ": The iPhone Exploit That Hackers Use to Research Apple’s Most Sensitive Code" This is what the title of this write-up would be if it was a VICE article. This is a detailed write-up of the vulnerability I found and how the exploit really works.

    Poništi
  18. proslijedio/la je Tweet
    20. lis 2019.

    2019 quals writeups from 𝚙𝚠𝚗𝙿𝙷𝙾𝚏𝚞𝚗

    Poništi
  19. proslijedio/la je Tweet
    17. lis 2019.

    I saw lots of payloads for RCE on Flask SSTI, but I really think mine is the simplest 😅 {{config.__class__.__init__.__globals__['os'].popen('ls').read()}} Have Fun 🤓

    Poništi
  20. proslijedio/la je Tweet
    16. lis 2019.

    Our guy, , had a presentation at OWASP Poland Day about exploiting prototype pollution to RCE on the example of Kibana, by abusing environmental variables in node. The slides are here: We will also release a writeup soon so stay in touch!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·