|
Anderson Eduardo
@
andersonc0d3
Salvador, Brazil
|
|
Founder & Security Researcher @alleleintel
|
|
|
3.120
Tweetovi
|
2
Pratim
|
729
Osobe koje vas prate
|
| Tweetovi |
|
|
Anderson Eduardo
@andersonc0d3
|
9 h |
|
uftrace - Function (graph) tracer for user-space github.com/namhyung/uftra…
|
||
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
Frank Denis
@jedisct1
|
2. velj |
|
Yet another vulnerability in sudo sudo.ws/alerts/pwfeedb…
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
Saleem Rashid
@saleemrash1d
|
4. velj |
|
i've written a working exploit for sudo vulnerability CVE-2019-18634. if you have "Defaults pwfeedback" (apparently the default in Linux Mint and derivatives), any user can become root without any password, even if they're not in /etc/sudoers nvd.nist.gov/vuln/detail/CV…
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
Solar Designer
@solardiz
|
28. sij |
|
Disclosure/write-up on Linux kernel user-triggerable read-after-free crash or 1-bit infoleak oracle in a userspace security hardening feature of open(2) found/analyzed/fixed by Al Viro (thus effectively by "the vendor"), which I share responsibility for: openwall.com/lists/oss-secu…
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
Saul Procterm
@pozdnychev
|
28. sij |
|
Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: openwall.com/lists/oss-secu…
PS: "Did you ever play tic-tac-toe?"
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
Andrey Konovalov
@andreyknvl
|
29. sij |
|
Implemented a PoC for disabling kernel lockdown on Ubuntu via a keyboard emulated through USB/IP, CC @mjg59
github.com/xairy/unlockdo…
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
raptor
@0xdea
|
2. velj |
|
I’ve just published my exploit for the LPE and RCE in OpenBSD’s OpenSMTPD recently disclosed by @qualys
You can find it here:
github.com/0xdea/exploits…
#opensmtpd_too_open pic.twitter.com/q1ykEhz7vh
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
|
raptor
@0xdea
|
2. velj |
|
And here’s a wonderful post by OpenSMTPD’s main developer @PoolpOrg:
poolp.org/posts/2020-01-…
Very interesting insight on how a bug enters the code and becomes exploitable over time. twitter.com/0xdea/status/1…
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
majek04
@majek04
|
4. velj |
|
It's possible to hack a machine with DMA attacks - you need to be able to hot-plug PCI or firewire device.
IOMMU was said to be a decent solution to the problem. But nope. It turns out IOMMU can be still broken because... computers are hard.
cs.technion.ac.il/users/wwwb/cgi… pic.twitter.com/cylUxrqJsD
|
||
|
|
||
|
|
Anderson Eduardo
@andersonc0d3
|
1. velj |
|
Avoiding gaps in IOMMU protection at boot mjg59.dreamwidth.org/54433.html
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
Bruno Oliveira
@mphx2
|
30. sij |
|
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
Sergio Prado 🐧
@sergioprado
|
14. sij |
|
What are #Linux #containers? What problems do they solve? What technologies are involved? LXC, @Docker?Should we use containers to deploy applications on #embedded systems? I will try to answer these and many other questions in this article! embeddedbits.org/introduction-l…
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
|
Sergio Prado 🐧
@sergioprado
|
29. sij |
|
#AddressSanitizer (ASan) is an instrumentation tool created by Google security researchers to identify memory access problems in #C and #CPP programs including buffer overflow, stack overflow, memory leak, use after free, uninitialized variable, etc! embeddedbits.org/finding-memory…
|
||
|
|
||
|
|
Anderson Eduardo
@andersonc0d3
|
28. sij |
|
New Safe Memory Reclamation feature in FreeBSD UMA lists.freebsd.org/pipermail/free…
|
||
|
|
||
|
|
Anderson Eduardo
@andersonc0d3
|
28. sij |
|
**PROTOTYPE** FreeBSD Jail/ZFS based implementation of the Application Container Specification github.com/3ofcoins/jetpa…
|
||
|
|
||
|
|
Anderson Eduardo
@andersonc0d3
|
28. sij |
|
Package jail provides native FreeBSD Jail syscalls in Go github.com/briandowns/jail
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
Jerry Bryant
@jnabryant
|
27. sij |
|
Just published a blog on INTEL-SA-00329 concerning L1D Eviction Sampling. This vulnerability has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations. blogs.intel.com/technology/202…
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
Matthew Green
@matthew_d_green
|
27. sij |
|
New cache attack against Intel CPUs: cacheoutattack.com
|
||
|
|
||
|
|
Anderson Eduardo
@andersonc0d3
|
27. sij |
|
Improved Blind Side-Channel Analysis by Exploitation of Joint Distributions of Leakages iacr.org/archive/ches20…
|
||
|
|
||
| Anderson Eduardo proslijedio/la je tweet | ||
|
Project Zero Bugs
@ProjectZeroBugs
|
27. sij |
|
macOS/iOS: ImageIO: heap corruption when processing malformed TIFF image bugs.chromium.org/p/project-zero…
|
||
|
|
||