Twitter | Pretraživanje | |
Saar Amar
Reversing, Exploits, Windows Internals, Virtualization, Mitigations. team member. MSRC-IL
1.380
Tweetovi
225
Pratim
6.353
Osobe koje vas prate
Tweetovi
Saar Amar proslijedio/la je tweet
Yarden Shafir 2. velj
Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't. and I wrote about these!
Reply Retweet Označi sa "sviđa mi se"
Saar Amar proslijedio/la je tweet
qwertyoruiop 31. sij
Reply Retweet Označi sa "sviđa mi se"
Saar Amar proslijedio/la je tweet
j00ru//vx 30. sij
Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy!
Reply Retweet Označi sa "sviđa mi se"
Saar Amar proslijedio/la je tweet
qwertyoruiop 29. sij
Linux on T8010 via PongoOS :) /cc
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 29. sij
Odgovor korisniku/ci @gerhart_x
Great job man!
Reply Retweet Označi sa "sviđa mi se"
Saar Amar proslijedio/la je tweet
gerhart 29. sij
Windows Server 2019 securekernel live debugging demo
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 29. sij
Odgovor korisniku/ci @_niklasb @bkth_ i 2 ostali
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 29. sij
Odgovor korisniku/ci @_niklasb @bkth_ i 2 ostali
Yep, both in ancient rome and pwndb :)
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 29. sij
Interesting vulnerability: may_create_in_sticky() was done when we already have dropped the ref to dir and thus dir (a struct dentry ptr) might be freed and reuse. One impact is a 1-bit infoleak oracle in open() (CVE-2020-8428)
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 23. sij
Odgovor korisniku/ci @s1guza
Short time after the publish of the crazy design issue, contradicting XOM on EL0 && PAN (the arch can't create ---/--x, checkout 's amazing post. TL;DR )
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 23. sij
Wow, crazy issue bypasses PAN: Part of the uaccess routines (__arch_clear_user() and __arch_copy_{in,from,to}_user()) fail to re-enable PAN if they encounter an unhandled fault while accessing userspace. Check out the patch:
Reply Retweet Označi sa "sviđa mi se"
Saar Amar proslijedio/la je tweet
Project Zero Bugs 22. sij
Insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still isn't atomic
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 22. sij
Odgovor korisniku/ci @aionescu @dwizzzleMSFT i 3 ostali
Well it got fixed, so yeah ;)
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 22. sij
Odgovor korisniku/ci @aionescu @dwizzzleMSFT i 3 ostali
Of course! EVERYTHING reachable from sk!IumInvokeSecureService is in scope.
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 22. sij
Odgovor korisniku/ci @dwizzzleMSFT @gabe_k i 3 ostali
At we'll have round 2. But this time with securecalls
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 21. sij
Odgovor korisniku/ci @elazarl
No. You can return into an address which the original flow didn't intend, but you control the registers :)
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 21. sij
In those CET times: It's possible to return in unwinding to any address in the SSP, causing a "type confusion" between stack frames ;) I really like the different variants of this concept :) Type confusions are on fire! (stack frames, objc for PAC bypass)
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 21. sij
Odgovor korisniku/ci @qwertyoruiopz @BlueHatIL
Can't wait!
Reply Retweet Označi sa "sviđa mi se"
Saar Amar proslijedio/la je tweet
qwertyoruiop 21. sij
See you at for another round of “One Weird Trick SecureROM Hates”! I hoped to have enough material for a new talk, but my plans didn’t quite work out :X
Reply Retweet Označi sa "sviđa mi se"
Saar Amar 20. sij
It's finally here, guys - is back! Checkout the schedule && register now!
Reply Retweet Označi sa "sviđa mi se"