Twitter | Pretraživanje | |
Ori Damari
Low level developer, Reverse engineer, Windows kernel
726
Tweetovi
248
Pratim
1.318
Osobe koje vas prate
Tweetovi
Ori Damari proslijedio/la je tweet
Ryan Hausknecht 3. velj
I made a PowerShell script when researching COM objects that has like 30 foreach and if loops and will search every COM object method for a keyword, e.g. finding COM objects with a method containing 'ExecuteShell'. Maybe someone else will find it useful.
Reply Retweet Označi sa "sviđa mi se"
Ori Damari proslijedio/la je tweet
Yarden Shafir 2. velj
Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't. and I wrote about these!
Reply Retweet Označi sa "sviđa mi se"
Ori Damari proslijedio/la je tweet
FireF0X 2. velj
KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore,
Reply Retweet Označi sa "sviđa mi se"
Ori Damari proslijedio/la je tweet
Sophia d’Antoine 14. sij
INFILTRATE Training Update! Happy to announce from will be joining as a co-trainer. Come learn how to use program analysis for vulnerability research.
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 26. sij
Odgovor korisniku/ci @gsuberland
If the spinlock was a DISPATCH_LEVEL spin lock it would cause a race condition.. In this case we have to queue a DPC and wait on all processors.. Remember this is fun but you typically won't use these techniques in a real product (unless you are a rootkit developer 😉)
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 26. sij
Odgovor korisniku/ci @gsuberland
In this specific case it works because to access the DPC queue you have to raise the IRQL to HIGH_LEVEL - this IRQL cannot be interrupted by the IPI
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 26. sij
Odgovor korisniku/ci @gsuberland
Yeah.. 😊 This function may not always be useful to access locked structures - imagine the case when the IPI is sent to the second processor (Runs at IPI_LEVEL) and then the second processor is interrupted while holding the lock... Ouch
Reply Retweet Označi sa "sviđa mi se"
Ori Damari proslijedio/la je tweet
Zelda Dungeon 25. sij
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 24. sij
Odgovor korisniku/ci @PetrBenes @binitamshah
Awesome! I was not familiar with KDDEBUGGER_DATA64, Looks pretty useful 😵Thank you! I'll probably update the solutions later when I finish.. There are many updates I need to write:) For readers that want to read about KDDEBUGGER_DATA64:
Reply Retweet Označi sa "sviđa mi se"
Ori Damari proslijedio/la je tweet
Or Chechik 23. sij
and i got credit for CVE-2019-19363 - LPE in many Ricoh Printer Drivers 😎
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 22. sij
Odgovor korisniku/ci @mob__mentality @martinfowler
I think this is pretty awesome. In fact, I use it all the time!
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 22. sij
Odgovor korisniku/ci @0xrepnz
- Share your knowledge with the community - not for PR, but for the purpose of making it better. Yes, I know that sometimes PR is necessary but Ehh.. Business is shit Goodnight 💕
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 22. sij
Odgovor korisniku/ci @0xrepnz
Lessons: - Don't steal other researchers work.. If you do, (we all learn some way or another from other people's work) just give credit - Don't get too excited about finding "CVE"s and "APT"s - sometimes it's just buzzwords used for PR, Get excited about cool technical stuff >>
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 22. sij
Odgovor korisniku/ci @0xrepnz
Anyway, that's why I'm not so interested in CVEs and PR and business, pretty shitty stuff. It's just fun learning and sharing knowledge with the community... ❤️❤️❤️ Business and politics is shit guys. >>
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 22. sij
Odgovor korisniku/ci @0xrepnz
I thought about commenting in their own tweet about this, but I don't want to get in trouble with them (sounds stupid, but yeah 😑) maybe they found the vulnerability at the exact same time as my friend? Idk >>
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 22. sij
Odgovor korisniku/ci @0xrepnz
I think that after the vulnerability was found, they hired this security company to help them to fix it.. I just hate the fact that they claimed they found it and they are trying to do PR with this.. >>
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 22. sij
Odgovor korisniku/ci @0xrepnz
Their post shows a very similar POC, their timeline started *a week* after my friend reported the vulnerability and they claim they found it.. Ehh The developer has assigned the CVE to my friend and someone from this security company.. >>
Reply Retweet Označi sa "sviđa mi se"
Ori Damari 22. sij
My friend found a vuln in October.. He managed to exploit it and reported to the developers.. One month later (right now) , some security company just posted that they found this vulnerability 😮🤔 >>
Reply Retweet Označi sa "sviđa mi se"
Ori Damari proslijedio/la je tweet
Mathieu Tarral 21. sij
Just sharing this amazing guide to unikernel and immutable infrastructure cc
Reply Retweet Označi sa "sviđa mi se"
Ori Damari proslijedio/la je tweet
Gal De Leon 21. sij
Excited to speak at about logical vulnerabilities I discovered in Windows Error Reporting 😀
Reply Retweet Označi sa "sviđa mi se"