So proud to talk for the first time at @offensive_con about how fun it is to escape the Safari sandbox!
Escaping the Safari Sandbox: A Tour of Webkit IPC by @0xdagger offensivecon.org/speakers/20…
1
5
65
10,405
The slides of my Hexacon talk « Attacking Safari in 2022 » are available there: synacktiv.com/sites/default/…
61
176
Slides of my @offensive_con talk are available: synacktiv.com/sites/default/…
2
29
121
19,387
I solved this chall ~3 minutes before the end of the CTF! And looks like i'm the only one who solved it. Nice chall! :-)
Interested in JSC pwn? Go check out my challenge "b3typer" at bi0sCTF!
3
3
62
15,724
Very proud to talk at #BHEU on pwning the PS4 with @abu_y0ussef !
This is for the Pwners: exploiting a WebKit 0-day in PlayStation 4! We are happy to announce that @0xdagger and @abu_y0ussef will present their work on breaking the PS4 at #BHEU @BlackHatEvents ! blackhat.com/eu-20/briefings…
3
3
47
Replying to @sleirsgoevy
Nice job ! Feel free to ping me if you need any help while porting the exploit. Would be a pleasure to give you some help ! :-)
1
1
38
Very proud to talk at the first edition of @hexacon_fr about Safari exploitation!
🧭 Attacking Safari in 2022 by Quentin Meffre (@0xdagger )
3
34
The slides of our talk "This is for the pwners" are available!
A nice addition to our blogpost, #BlackHat has released the slides of @abu_y0ussef and @0xdagger "This is for the pwners - exploiting a webkit 0-day in Playstation 4" i.blackhat.com/eu-20/Thursda…
7
25
My first @MISCRedac article is out ! Go check it if you like browser vulnerability that lead to code execution ! :-) (only in french)
Nous consacrons notre nouveau dossier à la sécurité des navigateurs web => RDV en kiosque & sur boutique.ed-diamond.com/en-k… pour le découvrir !
5
22
Short post about the Fast bin attack using the babyheap challenge from 0ctf Quals 2017 as demo ! #exploit quentinmeffre.fr/exploit/hea…
8
19
Write-up about the "Yet Another HR Management Framework" exploit challenge from the Ritsec CTF 2k18. Use After Free on a binary compiled from Go lang source code! #exploit pwntera.fr/write-up/2018/11/…
5
9
My Write-Up about the pwn challenge "Exploitation Class" from the P.W.N. CTF. An Out Of Bound compiled with Full protection. #PWNctf2k18 #Pwntera , pwntera.fr/write-up/2018/10/…
1
7
If you want to get into iOS security this training is definitely what you are looking for!
Take advantage of finding 🍏 iOS vulnerabilities while you can, in 30 years there won't be any. Bootstrap your iOS research at #HEXACON2024 thanks to @0xdagger and Etienne Helluy-Lafont: ➡️hexacon.fr/trainer/meffre_he… 📆 30/09-03/10 2024 📍Espace Vinci, Rue des Jeuneurs, Paris
7
1,031
I will release the slides few weeks after the conference
1
3
222
No, the vulnerability has been patched in firmware 8.00
2
3
Little write-up on the "Old school hack" pwn challenge of the #PragyanCTF quentinmeffre.fr/write-up/20…
1
Of course, code execution could be reached by corrupting a JSFunction but we just highligthed what we already had. We steel had an HTMLTextAreaElement leak. This object can be used to leak binary address and control RIP. The result would be the same with both objects I think :-)
1
2
Replying to @InterACEcyber
"You successfully solved the reverse engineering puzzle." :)
1
Don’t know. Last year they were released about 1 month after the conference
1
70
Replying to @anhnlq
No needed to dump the whole binary to get the password. The address of the password was on the stack. By the way, my goal was to get a shell and not to simply get the password / flag 😉
1
1
Yes, the video should be released in a few months.
1
How to exploit a format-strings without having access to the binary on an AMD64 Linux system. (Blind format-strings) Write-UP on the "Bad-auth" SEC-IT challenge. quentinmeffre.fr/write-up/20…
1