Jaroslav Lobačevski

@yarlob

Security guy

jarlob.github.io
Vrijeme pridruživanja: studeni 2017.
4 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @yarlob

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @yarlob

  1. proslijedio/la je Tweet
    24. sij

    This weekend is your last chance to vote for the Top 10 (new) Web Hacking Techniques of 2019! Voting closes Monday.

    20 proslijeđenih tweetova 48 korisnika označava da im se sviđa
    Poništi
  2. 13. sij

    So this is what it was about... Glad I could help :)

    I know that everybody is tired of me talking about but this time it's a beefy RCE vulnerability. Avast Secure Browser could be trivially taken over by any website, allowing even execution of arbitrary OS commands.
    Prikaži ovu nit
    1 korisnik označava da mu se sviđa
    Poništi
  3. proslijedio/la je Tweet
    10. stu 2019.

    Just wrote a short blog post about a win32k info leak I found earlier this year:

    58 proslijeđenih tweetova 145 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. 4. stu 2019.

    So overhyped. Not a single word in the article that is works on Win7 only (well until someone weaponized his sandbox escape). But if you look closer at the screenshot you see "Windows NT 6.1" check :)

    Poništi
  5. proslijedio/la je Tweet
    25. lis 2019.

    As I'm currently missing and so can't troll in person here's a blog about the recent changes to my .NET Remoting Exploit tool to bypass Low Type Filtering .

    58 proslijeđenih tweetova 117 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    23. lis 2019.

    We added AddressSanitizer (ASan) support to MSVC in the latest Visual Studio preview. So now you can not only use it for applications targeting Linux from VS, but Windows too, to find runtime memory issues fast:

    9 replies 144 proslijeđena tweeta 422 korisnika označavaju da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    20. lis 2019.

    So apparently NordVPN was compromised at some point. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys...

    117 replies 2.759 proslijeđenih tweetova 4.242 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    16. lis 2019.

    Our guy, , had a presentation at OWASP Poland Day about exploiting prototype pollution to RCE on the example of Kibana, by abusing environmental variables in node. The slides are here: We will also release a writeup soon so stay in touch!

    132 proslijeđena tweeta 270 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    7. lis 2019.

    Updated my tool to exploit .NET remoting services to use a new (unpatched) technique to bypass Low Type Filter to get full serialization exploitation. Abuses the lease feature present on all MBR objects. . Don't use .NET remoting in production code!

    237 proslijeđenih tweetova 437 korisnika označava da im se sviđa
    Poništi
  10. 13. lis 2019.

    SecurityCodeScan is used by now. . is a great contributor btw.

    1 proslijeđeni tweet 4 korisnika označavaju da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    25. ruj 2019.

    Windows‌ ‌Exploitation‌ ‌Tricks:‌ ‌Spoofing‌ ‌ Named‌ ‌Pipe‌ ‌Client‌ ‌PID‌

    26 proslijeđenih tweetova 60 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    5. ruj 2019.

    It has come to my attention that it is not at all clear that ’s Cryptopals Set 8 is public, and has been for awhile:

    1 reply 11 proslijeđenih tweetova 32 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    29. kol 2019.

    A very deep dive into iOS Exploit chains found in the wild

    1 reply 333 proslijeđena tweeta 592 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    27. kol 2019.

    Yea, I've got 3 hours to kill here in this airport lounge waiting for the next leg of my flight, so let's discuss the "OSI Model". There's no such thing. What they taught you is a lie, and they knew it was a lie, and they didn't care, because they are jerks.

    111 replies 919 proslijeđenih tweetova 2.320 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    17. kol 2019.

    In multiple recent disclosure discussions on Twitter, I had said I will write a longer blog post about my views. I finally found the time to jot them down. I expect almost every reader to disagree with something vehemently. Enjoy "Disclosure Rashomon":

    401 proslijeđeni tweet 735 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    16. kol 2019.

    Another great work from — A Remotely Controlled Malicious Injecting Cable for less than 10$

    10 proslijeđenih tweetova 20 korisnika označava da im se sviđa
    Poništi
  17. 13. kol 2019.

    It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed.

    I'm publishing some 🔥 research today, a major design flaw in Windows that's existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation.
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    10. kol 2019.

    With Vegas over and done with for another year, it's time to go Twitter dark for a while. But one last blog before I go for and hat tip to

    84 proslijeđena tweeta 213 korisnika označava da im se sviđa
    Poništi
  19. 8. kol 2019.

    If you have client installed on Windows, you are potentially running any program as NT AUTHORITY\SYSTEM. First they don't care they compromise your OS security model, then tries to forbid the disclosure.

    Here is a 0day in Steam. This bug has been publicly disclosed (), so I'm opening up my PoC. No blog post since covered it nicely.
    Poništi
  20. proslijedio/la je Tweet
    24. srp 2019.

    Another opening in my AppSec team :

    3 proslijeđena tweeta 1 korisnik označava da mu se sviđa
    Poništi

@yarlob još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·