| Tweetovi |
|
Mehdi Talbi
@abu_y0ussef
|
2. velj |
|
les deux ;-)
|
||
|
|
||
|
Mehdi Talbi
@abu_y0ussef
|
1. velj |
|
je note ca pour les prochains tweets de l’événement :-)
|
||
|
|
||
|
Mehdi Talbi
@abu_y0ussef
|
31. sij |
|
Après BiereSecu Paris, BiereSecu Toulouse, Le BiereSecu arrive à Lyon le 13 Février !!
Ca se passera au Peaky Blinders
goo.gl/maps/L6iEXmFgc…
|
||
|
|
||
|
Mehdi Talbi
@abu_y0ussef
|
29. sij |
|
She is absolutely wrong :-p. There is only one syntax
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
Marina Minkin
@MarinaMinkin
|
27. sij |
|
Finally, the wait is over! We present CacheOut, a new speculative execution attack to leak data on Intel CPUs: cacheoutattack.com #intel #cacheout @themadstephan, Andrew Kwong, Daniel Genkin and @yuvalyarom pic.twitter.com/tQYerMiOHK
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
Root-Me
@rootme_org
|
27. sij |
|
Interested in learning Windows Kernel exploitation ?
@Synacktiv wrote 3 challenges to help you write your first Windows Kernel shellcodes ! You can already try the first one, or all of them if you're a premium member.
root-me.org/en/breve/New-s… pic.twitter.com/q8oSwfd5cC
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
Saar Amar
@AmarSaar
|
23. sij |
|
Wow, crazy issue bypasses PAN: Part of the uaccess routines (__arch_clear_user() and __arch_copy_{in,from,to}_user()) fail to re-enable PAN if they encounter an unhandled fault while accessing userspace. Check out the patch: lore.kernel.org/patchwork/patc… @Liran_Alon
|
||
|
|
||
|
Mehdi Talbi
@abu_y0ussef
|
22. sij |
|
kernel exploit by @a13xp0p0v with a nice smep bypass
a13xp0p0v.github.io/2017/03/24/CVE…
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
Vitaly Nikolenko
@vnik5287
|
16. sij |
|
I'll make my tech report and poc public soon. It was a fun bug affecting most major distributions. one exploit to rule them all w/ all kernel expl mitigation bypasses - no rop chains / hardcoded crap duasynt.com/blog/ubuntu-ce…
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
Synacktiv
@Synacktiv
|
14. sij |
|
Fifty shades darker: no safe wor(l)d in SMM by @BrunoPujos
synacktiv.com/posts/exploit/…
|
||
|
|
||
|
Mehdi Talbi
@abu_y0ussef
|
14. sij |
|
"I repeat: do not use spinlocks in user space, unless you actually know what you're doing. And be aware that the likelihood that you know what you are doing is basically nil." :D
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
~
@xerub
|
28. pro |
|
github.com/xerub/acorn untethered+unsandboxed code execution based on media.ccc.de/v/36c3-11034-t… /cc @littlelailo @s1guza @ZecOps @_bazad
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
Fire30
@Fire30_
|
30. pro |
|
Also while I am on twitter :P
github.com/Fire30/bad_hoi…
PS4 Webkit exploit for 6.XX consoles. Gains addrof/fakeobj and arbitrary read and write primitives. Fixed in 7.00.
Uses bug from: bugs.chromium.org/p/project-zero…
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
Andy Nguyen
@theflow0
|
21. pro |
|
Decided to release the ROP chain source code of h-encore²: github.com/TheOfficialFlo…
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
Cutter
@r2gui
|
6. ruj |
|
Ghidra's decompiler is written in C++, hence it was trivial to implement a full integration.
The new version of Cutter is shipped with a new plugin we wrote for Cutter and @radareorg.
NO JAVA INVOLVED.
You can find the plugin and more info here --> github.com/radareorg/r2gh… >> pic.twitter.com/KCxR5SRxkn
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
Synacktiv
@Synacktiv
|
20. pro |
|
"Hey la Kibana, Inspection des gadgets !" 😋 Pwning Kibana 6.2 using prototype pollution and CVE-2018-17246 by @_mabote_
synacktiv.com/posts/pentest/…
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
Hanqing Zhao
@hankein95
|
13. pro |
|
I wrote a thing about JSC exploitation (including how to leak StructureID) and Safari sandbox escape. gts3.org/2019/Real-Worl…
|
||
|
|
||
|
Mehdi Talbi
@abu_y0ussef
|
12. pro |
|
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
buherator
@buherator
|
11. pro |
|
Qualys Security Advisory - Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) openwall.com/lists/oss-secu… < Beautiful! Wonder how @Qualys found it?
|
||
|
|
||
| Mehdi Talbi proslijedio/la je tweet | ||
|
|
Axel Souchet
@0vercl0k
|
6. pro |
|
Here is an exploit chain I wrote for Firefox that gets RCE via CVE-2019-9810 and escape the sandbox with CVE-2019-11708/CVE-2019-9810. Once compromised, it drops a payload and injects privileged JS code in already/newly created tabs. github.com/0vercl0k/CVE-2… pic.twitter.com/LeAOCgqpMG
|
||
|
|
||