|
Gil Dabah
@
_arkon
Tel Aviv, Israel
|
|
Just a geek who loves to build and break bits.
|
|
|
2.132
Tweetovi
|
248
Pratim
|
1.271
Osobe koje vas prate
|
| Tweetovi |
| Gil Dabah proslijedio/la je tweet | ||
|
Gal De Leon
@galdeleon
|
3 h |
|
Here are the slides for the talk I gave yesterday at @BlueHatIL - "Exploiting Errors in Windows Error Reporting".
I discuss the bug class, explain how WER works, and show 3 vulnerabilities I discovered and how I exploited them #BlueHatIL
github.com/galdeleon/Conf…
|
||
|
|
||
|
Gil Dabah
@_arkon
|
11 h |
|
Oh yeah? Do you remember a 64 bit pointer in windbg? 😂😂
|
||
|
|
||
|
Gil Dabah
@_arkon
|
5. velj |
|
Holy shit. Only after you’re a defender you can only try to begin to appreciate this huge effort. twitter.com/dwizzzlemsft/s…
|
||
|
|
||
| Gil Dabah proslijedio/la je tweet | ||
|
Evan DeSimone
@Smorgasboredom
|
2. velj |
|
Everything is terrible except this video. pic.twitter.com/AN7KfOlE9S
|
||
|
|
||
|
Gil Dabah
@_arkon
|
30. sij |
|
How about that if you introduce some new fuzzing tools, say how it found some serious bugs at the same time? Kthxbye
|
||
|
|
||
| Gil Dabah proslijedio/la je tweet | ||
|
Yaniv Balmas
@ynvb
|
30. sij |
|
We at @_CPResearch_ have just released a great research paper on vulnerabilities in Azure Cloud, practically breaking the isolation of Azure Functions (MS Lambda equivalent). Kudos to @ronenshh for an amazing work!
research.checkpoint.com/2020/remote-cl…
|
||
|
|
||
|
Gil Dabah
@_arkon
|
27. sij |
|
Interesting, not sure they skip it.
|
||
|
|
||
|
Gil Dabah
@_arkon
|
27. sij |
|
So it would crash without CI either?
I wonder why it wasn’t found before. And a few months ago msft fixed many bugs in PE parsing.
|
||
|
|
||
|
Gil Dabah
@_arkon
|
27. sij |
|
At least since CI was added. Probably vista. Fuzzing?
|
||
|
|
||
|
Gil Dabah
@_arkon
|
27. sij |
|
Awesome!! How long it’s been lying there for?
|
||
|
|
||
|
Gil Dabah
@_arkon
|
27. sij |
|
I LOVE #GITHUB!!!
Thanks everyone for contributing code to distorm :))
|
||
|
|
||
|
Gil Dabah
@_arkon
|
25. sij |
|
Bozo
|
||
|
|
||
|
Gil Dabah
@_arkon
|
25. sij |
|
Can you “hear” music? Like imagine any type of music you want?
|
||
|
|
||
|
Gil Dabah
@_arkon
|
25. sij |
|
True. Interesting shit!
|
||
|
|
||
|
Gil Dabah
@_arkon
|
25. sij |
|
Holy shit, fist time I hear of this phenomenon and I am like, it’s me it’s me! #Aphantasia. That’s why I can talk about anything when I am eating cause I can’t visualize things as-is so easily. But hey wtf my brain found 30 0d’s last year. I wonder if there’s some correlation.
|
||
|
|
||
| Gil Dabah proslijedio/la je tweet | ||
|
Peter Bindels
@dascandy42
|
3. velj 2017. |
|
static const char function[] = { 0xB8, 0x2A, 0x00, 0x00, 0x00, 0xC3 };
int main() {
return ((int(*)())function)();
}
// Does not crash!
|
||
|
|
||
|
Gil Dabah
@_arkon
|
23. sij |
|
That’s the difference of a bug or nug (not a useful bug)
|
||
|
|
||
|
Gil Dabah
@_arkon
|
23. sij |
|
TFW when you bypass a mitigation that almost made your exploit futile. Wooooo
|
||
|
|
||
|
Gil Dabah
@_arkon
|
23. sij |
|
Haha!!
|
||
|
|
||
|
Gil Dabah
@_arkon
|
23. sij |
|
Lol
|
||
|
|
||