When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.

Europe
Pinned Tweet
It finally happened… I’ve been published on #Phrack! After more than five years since the last issue, #Phrack70 is out, featuring my article “Exploiting a Format String Bug in Solaris CDE”! I guess I can retire now 🐛 phrack.org/issues/70/13.html…
6
65
323
CVE-2022-26766: the CoreTrust bug "For years, macOS allowed any root certificate when checking code signatures, making code signing completely useless." // bug discovered by @LinusHenze // writeup by @zhuowei worthdoingbadly.com/coretrus…
12
423
1,287
“unprivileged users with UID > INT_MAX can successfully execute any systemctl command” 😱 github.com/systemd/systemd/i…
19
605
868
Sniffing SSH passwords TL;DR # pgrep -l sshd 6235 sshd # strace -f -p 6235 -e trace=write -o capture networklogician.com/2021/04/…
12
216
804
Automating binary vulnerability discovery with Ghidra and @Semgrep, by yours truly 💚 security.humanativaspa.it/au…
7
243
790
"The SQL injection is mitigated client-side" @vendorexcuses @Hackerfessions @thegrugq @SwiftOnSecurity @owasp
8
507
697
Command line Russian roulette #donttrythisathome
5
289
530
As it turns out, a non-negligible number of people in infosec don’t know what L0phtCrack is and, I assume by extension, what L0pht is. I suppose it’s somewhat normal but it shouldn’t be. Our roots are important. We should not forget them. I think.
42
57
500
The upcoming #Ghidra version 10 is full of new juicy features! Including the much anticipated debugger… github.com/NationalSecurityA…
4
156
478
Good primer on #windows access token abuse by @defte_ @sensepost @orangecyberdef Abusing Windows’ tokens to compromise #activedirectory without touching LSASS sensepost.com/blog/2022/abus… Tool release: github.com/sensepost/imperso…
6
123
492
53,280
👆
4
102
417
This remains a pretty accurate definition of hacking 🤟
Sometimes, hacking is just someone spending more time on something than anyone else might reasonably expect.
5
82
440
Always a great read: dolosgroup.io/blog/2021/7/9/… “We took a locked down FDE laptop, sniffed the BitLocker decryption key coming out of the TPM, backdoored a virtualized image, and used its VPN auto-connect feature to attack the internal corporate network.”
7
126
443
This is fascinating… 🦠 Reverse Engineering the source code of the BioNTech/Pfizer SARS-CoV-2 Vaccine berthub.eu/articles/posts/re…
4
150
375
CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability 😱 portal.msrc.microsoft.com/en…
4
182
375
Nice little tool to “search across a half million git repos” grep.app/
3
82
340
A cool vulnerability in FreeBSD ftpd thezdi.com/blog/2020/12/21/c…
5
129
309
My unsolicited advice to young hackers: don’t get stuck for too long with CTFs, don’t be afraid to move to real-world stuff. It’s more fulfilling and interesting than you think. Chances are that real-world challenges are even easier than CTFs (for some definitions of “easier”).
12
47
316
By the way, if you're into x86-64 assembly and you like riddles and/or poetry, I highly recommend "xchg rax, rax" by @realXorpd.
6
38
311
L0phtCrack is Now Open Source l0phtcrack.gitlab.io/
5
72
306
For all the people out there learning to hack their way through @offsectraining #OSCP and other #CTF-style challenges, I’m gonna tweet a few high quality resources. Here we go…
5
167
310
Wow
6
61
277
WordPress 5.0.0 Remote Code Execution “This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to RCE in the WordPress core. The vulnerability remained uncovered for over 6 years.” blog.ripstech.com/2019/wordp…
4
199
297
The @qualys team is back at it! pwnkit: Local Privilege Escalation in polkit’s pkexec (CVE-2021-4034) openwall.com/lists/oss-secur…
94
281
CVE-2022-43995 is really something. Sudo 1.8.0 through 1.9.12 contains an array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by local users with access to Sudo by entering a password of 7 chars or fewer. github.com/sudo-project/sudo…
3
88
289
“AD is a system where any time you hack any computer on the network, you can become the domain controller, and own the whole company. That’s just how it works.” —@daveaitel
2
57
281
This is a bit dated, but it's a very well written article on the vulnerability research process, from setting up the environment to target selection, and from bug hunting via fuzzing to exploitation. Very recommended reading. medium.com/@maxi./finding-an…
1
55
262
Windows TCP/IP Remote Code Execution Vulnerability (CVE-2022-34718) 🤨 msrc.microsoft.com/update-gu…
1
78
233
Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG connormcgarr.github.io/hvci/
1
82
221
I was investigating another 0day, when I noticed that Solaris 11 is also affected by the recent Xorg local privilege escalation vulnerability (CVE-2018-14665). Here’s my fresh exploit: github.com/0xdea/exploits/bl… Please read comments carefully before running it.
4
124
201
This writeup is amazing… How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit blog.polybdenum.com/2021/05/…
73
209
Awesome Linux kernel vuln-dev writeup from a few months ago 👏 CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google’s KCTF Containers willsroot.io/2022/01/cve-202…
70
212
And here we are, finally! 🐛🚿 CVE-2019-3010 - Local privilege escalation on Solaris 11.x via xscreensaver techblog.mediaservice.net/20…
6
102
203
I’ve just got my #oscp certificate from @offsectraining It’s been a fun ride! 🥂
17
10
190
My fav Bucky Fuller’s quote
3
31
157
Bypass CrowdStrike Falcon EDR protection against process dump like lsass.exe 🧐 medium.com/@balqurneh/bypass…
4
69
190
Fixing the Unfixable: Story of a Google Cloud SSRF < well-written writeup with a couple of final twists 😅 bugs.xdavidhu.me/google/2021…
1
56
191
Very well written #Windows #patchdiffing and #nday #exploitation walkthrough ✊ Dissecting and Exploiting TCP/IP RCE #Vulnerability EvilESP (CVE-2022-34718) // by Valentina Palmiotti securityintelligence.com/pos…
1
59
186
23,012
Shufflecake is a tool for Linux that allows to create multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes. research.kudelskisecurity.co…
2
57
179
CVE-2023–26604: "[...] This presents a substantial security risk when running systemctl from Sudo, because #less executes as root when the terminal size is too small to show the complete systemctl output." medium.com/@zenmoviefornotif…
5
54
167
33,072
Magellan: remote code execution vulnerability in SQLite (affecting many applications and most notably Chromium): blade.tencent.com/magellan/i… Detailed bug description: news.ycombinator.com/item?id… PoC: worthdoingbadly.com/sqlitebu…
118
166
This is pretty cool: github.com/0xsobky/HackVault… jaVasCript:/*-/*`/*\`/*‘/*“/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/—!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
62
175
The Discovery and Exploitation of CVE-2022-25636 (a heap out of bounds write in the Linux kernel) nickgregory.me/linux/securit…
54
155
And here’s the original article that applied a similar methodology, by @wcbowling GitHub - RCE via git option injection (almost) - $20,000 Bounty devcraft.io/2020/10/18/githu…
1
37
160
It took just one Sunday morning of work to go from zero to 0day on a Solaris 11.4 box! I guess I haven’t lost my swing 🐛🚿
4
34
157
RCE in Intel AMT for all current CPUs intel.com/content/www/us/en/…
4
133
154
LibSSH Authentication Bypass 😱 libssh.org/2018/10/16/libssh…
1
129
150
Nice argument injection in vscode, discovered by @SonarSource blog.sonarsource.com/securin…
3
38
153
Today I realized young hackers don’t know about THC/ADM/teso/etc. I also realized there are no modern hacking crews, except perhaps for CTF teams. That’s probably to be expected but it’s also kinda sad, dunno…
18
26
141
Search for open Amazon S3 Buckets and their contents  buckets.grayhatwarfare.com/
60
141
IBM trying to censor researchers in 2016 deserves to be publicly shamed 🙊
13
161
135
Excellent Linux kernel vuln-dev writeup by @kallsyms The Discovery and Exploitation of CVE-2022-25636 nickgregory.me/linux/securit…
1
52
144
So Long, and Thanks for All the Shells #Solaris github.com/0xdea/exploits/tr…
3
67
137
From open redirect to RCE in one week << cool writeup 👏 medium.com/@byq/from-open-re…
1
31
141
Periodic reminder: if you’re a reverse engineering buff, you should check out the ASM poetry book at xorpd.net/pages/xchg_rax/sni…
2
69
133
Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370) Tested on a fully patched 2019 Domain Controller Execute malicious DLL’s remotely or locally github.com/cube0x0/CVE-2021-…
1
46
134
Introducing the New Universal Android SSL Pinning Bypass (and more!) by my coworker Mattia Vinci, based on @fridadotre 🤟 techblog.mediaservice.net/20… @mobilesecurity_
5
63
134
Awesome #linux #kernel #vulnerability #research and #exploitation writeup by @ky1ebot [CVE-2022-1786] A Journey To The Dawn blog.kylebot.net/2022/10/16/…
37
131
18,649
Looking at patch gap vulnerabilities in the VMware ESXi TCP/IP stack, by @thezdi thezdi.com/blog/2022/7/25/lo…
41
122
You gotta love this W^X JIT bypass 💚 thezdi.com/blog/2022/8/17/bu…
1
30
126
The new @OnionBrowser app version 2 looks nice 👍 #tor @torproject
36
106
unCaptcha: A Low-resource Defeat of reCaptcha’s Audio Challenge uncaptcha.cs.umd.edu/ Defeating the latest version of reCaptcha with 91% accuracy github.com/ecthros/uncaptcha…
47
118
Remote Deserialization Bug in Microsoft’s RDP Client through Smart Card Extension (CVE-2021-38666) 🤩 thalium.github.io/blog/posts…
50
118
Great intro to type confusion bugs in C++ by @gannimo 👍 media.ccc.de/v/34c3-8848-typ…
29
122
I've converted most of my C/C++ #Semgrep rules into weggli patterns. In this new article on the @hnsec blog I provide some guidance on how to integrate this small yet powerful tool in your #bug #hunting workflow. security.humanativaspa.it/a-… infosec.exchange/@raptor/111…
1
32
122
16,690
Qualys does it again! #regreSSHion: #RCE in #OpenSSH's server, on glibc-based #Linux systems (CVE-2024-6387) qualys.com/2024/07/01/cve-20…
1
45
124
17,445
My take on CVE-2018-14665: OpenBSD 6.3 and 6.4 local root privilege escalation via cron. github.com/0xdea/exploits/bl… Thanks to @hackerfantastic and @info_dox for the inspiration! @HackwithGithub @ExploitDB
2
80
120
Old-ish but fundamental #Linux and #Unix knowledge False Boundaries and Arbitrary Code Execution by @grsecurity: forums.grsecurity.net/viewto… /proc/self/mem: offlinemark.com/2021/05/12/a… Hacker’s Hut: win.tue.nl/~aeb/linux/hh/hh-… win.tue.nl/~aeb/linux/hh/hh-… win.tue.nl/~aeb/linux/hh/hh-…
1
32
126
In praise of tactical exploitation: techblog.mediaservice.net/20… 6 new PoC tools released: github.com/0xdea/tactical-ex… No bugs were harmed 🐜👍
1
73
116
Be Careful with Python's New-Style String Format // h/t @ret2bed lucumr.pocoo.org/2016/12/29/…
4
33
114
I’ve just published my exploit for the LPE and RCE in OpenBSD’s OpenSMTPD recently disclosed by @qualys You can find it here: github.com/0xdea/exploits/bl… #opensmtpd_too_open
59
109
“A lot of us have built lives, careers, and considerable material comfort on top of something that people told us to stop doing for most of our youth.” — @halvarflake
26
105
Periodic reminder that eaphammer by @s0lst1c3 is perfect for all your WPA2-Enterprise evil twin attack needs 😈 and more… github.com/s0lst1c3/eaphamme…
1
49
113