yngweijw

@yngweijw

Firmware and Browser Security Researcher / NESE Pwner

Vrijeme pridruživanja: rujan 2018.

Tweetovi

Blokirali ste korisnika/cu @yngweijw

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @yngweijw

  1. proslijedio/la je Tweet
    31. pro 2019.

    Here is the recording of my talk on the : As I said, timing was bad, and this is mostly focusing on platform basics to get into the field. I will do better at in the Open Source devroom, I promise!

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    29. pro 2019.
    Poništi
  3. proslijedio/la je Tweet
    26. pro 2019.
    Poništi
  4. proslijedio/la je Tweet
    13. pro 2019.

    libFuzzer fuzzing SQLite in the browser using WebAssembly:

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    16. pro 2019.

    Here is part one. Pretty sure the attack surface described has many more bugs (not just the vmware tools installer.. I doubt this bug is exploitable in the first place, just wanted something to demo that is unpatched, easier for folks to learn!)

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    12. pro 2019.

    Our talk recording "Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller" is up! EC issue we found has a bigger impact from what we expected in the beginning

    Poništi
  7. proslijedio/la je Tweet
    12. pro 2019.

    CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753 WebSQL, 3 of them were used on TFC(). 😂 Sorry due to responsible disclosure I didn't reply to some DMs a few days eariler about asking me what I used on TFC.

    Poništi
  8. proslijedio/la je Tweet
    9. pro 2019.
    Poništi
  9. proslijedio/la je Tweet

    Full source code for our USENIX Security paper, which passed the first-ever USENIX Sec Artifact Eval, and found some cool CVEs, is available here:

    Poništi
  10. proslijedio/la je Tweet
    30. stu 2019.

    Here is a recent writeup that I did. It's not as indepth as I want. I'll write a definitive guide for hunting these bugs starting with 0 knowledge when I'm home in a few weeks. I'll also upload all my pocs to github, including recent bugs. I'm pissed. Bye

    Poništi
  11. proslijedio/la je Tweet
    24. stu 2019.

    People who think that this is living the dream are stupid. I'll trade everything for a job in an office in the blink of an eye. I'm tired of seeing all the cold places in the world, I want to see if there can be happy places too.

    Poništi
  12. proslijedio/la je Tweet
    21. stu 2019.

    There is my writeup about my research on DsSvc. I finally got 4 CVEs on this service, all of them are easy to lead EoP. It is a really simple but long story lol😃😃

    Poništi
  13. proslijedio/la je Tweet
    22. stu 2019.

    my writeup for finding bugs in Linksys Velop. 4 bugs found: 3 critical without authentication, 1 info leak.

    Poništi
  14. proslijedio/la je Tweet
    16. stu 2019.

    i want to do SBX next year.. No, i will do SBX next year.

    Poništi
  15. proslijedio/la je Tweet
    15. stu 2019.

    Hardware Security Requirements for x86 platforms. The intended goal is to enforce security of new hardware acquired by an IT department. Tools to generate a Debian Linux distribution with chipsec to test hardware requirements:

    Table des matières
    Poništi
  16. proslijedio/la je Tweet
    15. stu 2019.
    Poništi
  17. proslijedio/la je Tweet
    15. stu 2019.

    Geared up! 2019 PWN contest kicks off at 9am tomorrow (GMT+8). Stay tuned~

    Poništi
  18. proslijedio/la je Tweet
    14. stu 2019.

    Thanks to for releasing their write up on CVE-2019-1405 and CVE-2019-1322. I figured it is time for me to learn some COM stuff so I whip up a PoC. Source: . Video: Thanks to and

    Poništi
  19. proslijedio/la je Tweet
    14. stu 2019.

    I'm still working on my writeup but in the meanwhile, here's my code:

    Poništi
  20. proslijedio/la je Tweet
    14. stu 2019.

    Hot on the heels of the first part of my "Exploiting Intel's Management Engine" series of articles, here is part 2, porting to ME 11.x : Includes release of the ME 11.x exploit and an MFS manipulation tool.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·