Tweetovi

Blokirali ste korisnika/cu @xxSiHxx

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @xxSiHxx

  1. proslijedio/la je Tweet
    26. sij

    If you're a grad student interested in security/program analysis and looking for something fun, I would love to see someone revisit the APEG problem (posed by Brumley in ). There's *at least* one entire PhD worth of problems in that area.

    Poništi
  2. proslijedio/la je Tweet
    27. sij

    If you didn't pay for it, you're the product...

    Poništi
  3. proslijedio/la je Tweet
    6. sij

    At the time, there were few legitimate career paths for hackers. We thought it would be amazing to do what we loved and actually get paid for it. It worked for a while, but the hard lessons of business and friendship still haunt me to this day...

    Poništi
  4. proslijedio/la je Tweet
    7. sij

    I'm looking to donate some hobbyist electronics gear to schools or programs for at-risk youth. Anyone have leads?

    Poništi
  5. proslijedio/la je Tweet
    3. sij

    Here is an exploit for LPE CVE-2019-1184 in case anybody else is interested in this cool bug:

    Poništi
  6. proslijedio/la je Tweet
    26. pro 2019.

    New blogpost: Sanitized Emulation with QEMU-AddressSanitizer I just open-sourced my QEMU patches to fuzz binaries with ASan, QASan. You can also use it with ARM targets on Linux, a thing that you can't do with LLVM ASan!

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    13. pro 2019.

    Finally put together a short summary video about the Badge. Better late than never!

    Poništi
  8. proslijedio/la je Tweet
    22. stu 2019.

    Pro-tip. Ever wonder what a structure _actually_ looks like in memory when it's full of unions, typedefs, etc? The `pahole` command (from the `dwarves` package) can take in an ELF with DWARF symbols and output the structures unrolled recursively. Example:

    Poništi
  9. proslijedio/la je Tweet
    22. stu 2019.

    Introducing the fzero fuzzer! A target-architecture-agnostic grammar-based fuzzer (inspired by F1). With no input size constraints, multi-thread support, and all Rust code for no corruption bugs. 5x faster than the worlds fastest grammar-based fuzzer ;D

    Poništi
  10. proslijedio/la je Tweet
    22. stu 2019.
    Poništi
  11. proslijedio/la je Tweet
    11. stu 2019.

    For non-native readers, this is a writeup of my DEVCORE Conference 2019 talk. Describe a misconfiguration that exposed a magic service on port 3097 on our country's largest ISP, and how we find RCE on that to affect more than 250,000 modems :P

    Poništi
  12. proslijedio/la je Tweet
    22. lis 2019.
    Poništi
  13. proslijedio/la je Tweet
    19. lis 2019.

    Jailbreak complete. Launch the checkra1n app and choose your package manager.

    Poništi
  14. proslijedio/la je Tweet
    11. lis 2019.

    People were asking which of our reported vulns were fixed in tcpdump 4.9.3. List below, thanks to and for the great hax! CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 CVE-2018-16301 CVE-2018-16230 CVE-2018-16452 CVE-2018-16300

    Poništi
  15. proslijedio/la je Tweet
    10. lis 2019.

    Attendees coded something just like this from scratch at arsenal, and will do it again at superconference. 50¢ attiny25, tiny PCB, and Z-tape instead of solder to hold it in place. Cheap and easy doesn't begin to describe it.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet

    Enable the microphone remotely without interaction in Signal 😮

    Poništi
  17. proslijedio/la je Tweet
    28. ruj 2019.

    This article has a great interview with on the ramifications of their BootROM exploit: Spoiler: it’s awesome work, but not as scary as most may think (because of the Secure Enclave and persistence is still hard, etc.)

    Poništi
  18. proslijedio/la je Tweet
    27. ruj 2019.
    Poništi
  19. proslijedio/la je Tweet
    27. ruj 2019.

    EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    26. ruj 2019.

    I updated my GitHub with 4 releases that I only have Tweeted out: - GCP Cloud Shell Docker escape - Getting AWS-owned AWS keys from AppStream - Hitting the AWS Lambda runtime API with SSRF - Getting credentials from the "disabled" AWS Glue metadata API

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·