Twitter | Search | |
netcat
Cato the Fako of Information Security. CTFing with LC↯BC, MSLC. Managing cyberz by day, pwning stuff by night. SecTalks organizer. Cogito, ergo sum, ergo pwn.
4,793
Tweets
2,245
Following
562
Followers
Tweets
netcat retweeted
Brandon Azad Jul 31
The core of Apple is PPL: Attacking the XNU kernel's kernel. How to use an out-of-bounds read in PPL (Apple's kernel-within-the-kernel) to get a stale TLB entry for a page, allowing you to bypass PPL and map arbitrary physical addresses accessible at EL0.
Reply Retweet Like
netcat retweeted
K0shl Jul 30
I open an out-of-bound read vulnerability(CVE-2020-0781) PoC I reported to MSRC and writeup on my github:
Reply Retweet Like
netcat retweeted
Pavel Novikov Jul 31
Reply Retweet Like
netcat Aug 1
Replying to @intigriti
Zoom
Reply Retweet Like
netcat retweeted
Ruchi Shah Jul 29
Join us for Google’s virtual 0x0G lounge! We’ll be hosting a day of tech talks, panels and a capture the flag challenge on Tuesday, Aug 4, and I’ll be sharing more about how we secure acquisitions/alphabets. For details, and to register, visit
Reply Retweet Like
netcat retweeted
Max Moroz Jul 20
Exploiting an Envoy heap vulnerability by
Reply Retweet Like
netcat retweeted
the_storm May 16
Just finished the webinar about "CTFs, BugBounty and their relation to career" The is recorded on and it is in (English) Shoutout to multiple folks from bug bounty world and CTFs whom I mentioned as the top researchers/players 1/2
Reply Retweet Like
netcat retweeted
foone Jul 24
finally we can boot windows 95 inside minecraft
Reply Retweet Like
netcat retweeted
Jonas L Jul 14
Replying to @linux_choice
No matter what I will still be first to break full bitlocker hd encryption. Escape hyper-v file system. Bypass lock screen etc. And you will all get to see that soon maybe This is how it looks when bypassing password without desktop:
Reply Retweet Like
netcat retweeted
Olivier Beg Jul 13
Inspired by 's "Improve Your Hacking Skills Using Devtools" Youtube video I've written a Node.js script that headlessly extracts relative URL's from a heap snapshot. Definitely not perfect (yet?) tho.
Reply Retweet Like
netcat retweeted
MicrosVuln Jul 15
ParmeSan: Sanitizer-guided Greybox Fuzzing Code released
Reply Retweet Like
netcat retweeted
Sharif Shameem Jul 17
Replying to @Samhanknr
I was curious so I tried it, and apparently you can fix bugs by just explaining what you want in more detail!
Reply Retweet Like
netcat retweeted
zhiniang peng Jul 17
Exploiting an Elevation of Privilege bug in Windows (Our writeup and POC of CVE-2020-1362 )
Reply Retweet Like
netcat retweeted
Code Intelligence Jul 1
It's finally happening! 🙌 We are happy to invite you to this year's . The conference will take place completely online and will be free of charge. Save your free ticket today! 🎟️
Reply Retweet Like
netcat retweeted
Matrix May 21
We’re incredibly excited to welcome , creators of , to the Matrix ecosystem with a strategic investment of ~$5M into to support Matrix development and embrace decentralisation! Read all about it at 🎉🎊😱🚀
Reply Retweet Like
netcat retweeted
IEEE S&P May 19
Congratulations to the winners of the test of time awards at . Twelve great papers including 10 catch up awards (1995–2006) and two awards for papers from 2010. Congrats to all the authors!
Reply Retweet Like
netcat retweeted
HOPE Conference Jul 15
Participants will have five days to team up, brainstorm, write, produce, edit, polish and upload their finished films to the submission portal by the deadline on July 30. Tune into HOPE’s talks, panel discussions & workshops for inspiration. Post 3.
Reply Retweet Like
netcat Jul 12
For vulnerabilities, per se, "likelihood" is just not a meaningful property. Risk assessment is quite different from scoring vulnerabilities.
Reply Retweet Like
netcat Jul 12
Can't even recall when the last time I didn't have to "massage" CVSS into producing the "right" severity. Time for an improved standard (that'll possibly include privacy implications too, chaining factor, architectural flaws, other modernities)?
Reply Retweet Like
netcat Jul 12
True, not just XSS though (SSRF, etc). I've been traditionally using CVSS only as approximation that tries to find a common ground with reporter. Then, the score would map into P1-Pn internally, subject to analyst's understanding of the severity in a particular context.
Reply Retweet Like