Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @yngweijw
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @yngweijw
-
yngweijw proslijedio/la je Tweet
Here is the recording of my talk on the
#IntelME: https://media.ccc.de/v/36c3-149-look-at-me-intel-me-investigation … As I said, timing was bad, and this is mostly focusing on platform basics to get into the field. I will do better at@fosdem in the Open Source#Firmware devroom, I promise! https://fosdem.org/2020/schedule/track/open_source_firmware_bmc_and_bootloader/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
Analysis of a Chrome Zero Day:
#CVE-2019-5786 https://www.terabitweb.com/2019/03/20/analysis-of-a-chrome-zero-day-cve-2019-5786/ … by@terabit7Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
What I Learned from Reverse Engineering Windows Containers :https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
libFuzzer fuzzing SQLite in the browser using WebAssembly: https://jonathanmetzman.github.io/wasm-fuzzing-demo/sqlite/sqlite.html …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
https://sandboxescaper.blogspot.com/2019/12/chasing-polar-bears-part-one.html … Here is part one. Pretty sure the attack surface described has many more bugs (not just the vmware tools installer.. I doubt this bug is exploitable in the first place, just wanted something to demo that is unpatched, easier for folks to learn!)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
Our
#BHUSA talk recording "Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller" is up! https://youtu.be/g-1Y466rDaI EC issue we found has a bigger impact from what we expected in the beginning https://support.lenovo.com/us/en/product_security/len-27764 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753 WebSQL, 3 of them were used on TFC(https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html …).
Sorry due to responsible disclosure I didn't reply to some DMs a few days eariler about asking me what I used on TFC.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
My OffensiveCon talk got accepted \o/https://twitter.com/offensive_con/status/1204012467153711105 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
Full source code for our USENIX Security paper, which passed the first-ever USENIX Sec Artifact Eval, and found some cool CVEs, is available here: http://github.com/ucsb-seclab/hal-fuzz …
#RehostReuseRecycle#ArtiFactual#NeverSkipARMDayHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
https://sandboxescaper.blogspot.com/2019/10/hunting-for-filesystem-bugs.html … Here is a recent writeup that I did. It's not as indepth as I want. I'll write a definitive guide for hunting these bugs starting with 0 knowledge when I'm home in a few weeks. I'll also upload all my pocs to github, including recent bugs. I'm pissed. Bye
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
People who think that this is living the dream are stupid. I'll trade everything for a job in an office in the blink of an eye. I'm tired of seeing all the cold places in the world, I want to see if there can be happy places too.pic.twitter.com/q6qsPUM9S4
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
There is my writeup about my research on DsSvc. I finally got 4 CVEs on this service, all of them are easy to lead EoP. It is a really simple but long story lol

https://whereisk0shl.top/post/a-simple-story-of-dssvc …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
my writeup for finding bugs in Linksys Velop. 4 bugs found: 3 critical without authentication, 1 info leak.https://puzzor.github.io/Linksys-Velop-Vulneraibility-Series …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
i want to do SBX next year.. No, i will do SBX next year.https://twitter.com/TianfuCup/status/1195640358111076352 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
Hardware Security Requirements for x86 platforms. The intended goal is to enforce security of new hardware acquired by an IT department. https://www.ssi.gouv.fr/en/guide/hardware-security-requirements-for-x86-platforms/ … Tools to generate a Debian Linux distribution with chipsec to test hardware requirements: https://github.com/ANSSI-FR/chipsec-check …pic.twitter.com/9V92uH9idB
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
yngweijw proslijedio/la je Tweet
Geared up!
#TianfuCup 2019 PWN contest kicks off at 9am tomorrow (GMT+8). Stay tuned~pic.twitter.com/UyBYIMWkN1
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
Thanks to
@NCCGroupInfosec for releasing their write up on CVE-2019-1405 and CVE-2019-1322. I figured it is time for me to learn some COM stuff so I whip up a PoC. Source: https://github.com/apt69/COMahawk . Video: https://vimeo.com/373051209 Thanks to@leoloobeek and@TomahawkApt69Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
I'm still working on my writeup but in the meanwhile, here's my code:https://github.com/peterbjornx/me_sa86_exploit …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
yngweijw proslijedio/la je Tweet
Hot on the heels of the first part of my "Exploiting Intel's Management Engine" series of articles, here is part 2, porting to ME 11.x : https://kakaroto.homelinux.net/2019/11/exploiting-intels-management-engine-part-2-enabling-red-jtag-unlock-on-intel-me-11-x-intel-sa-00086/ … Includes release of the ME 11.x exploit and an MFS manipulation tool.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.