|
ac
@
Andreas_Ch_
127.0.0.1
|
|
we can not solve our problems with the same thinking we use when we created them. keybase.io/andreasch
|
|
|
3.995
Tweetovi
|
1.007
Pratim
|
274
Osobe koje vas prate
|
| Tweetovi |
| ac proslijedio/la je tweet | ||
|
Kostya Serebryany
@kayseesee
|
30. sij |
|
HWASAN (think of it as ASAN v2) has become available to developers on Android outside of Google. If you use C or C++ on Android, please give it a try. developer.android.com/ndk/guides/hwa…
HWASAN is also available on Aarch64 Linux with a recent kernel.
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Dmitry Vyukov
@dvyukov
|
27. sij |
|
What I'm thinking reading this sad story of crit remote vuln introduced into all #linux LTS kernels and still unfixed (now in your kernel)- this "forgot to release lock" is mostly solved problem today with static analysis. Kernel absolutely needs it as part of the dev process 1/n twitter.com/grsecurity/sta…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
LWN.net
@lwnnet
|
27. sij |
|
The 5.5 kernel is out lwn.net/Articles/81057…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Project Zero Bugs
@ProjectZeroBugs
|
27. sij |
|
macOS/iOS: ImageIO: heap corruption when processing malformed TIFF image bugs.chromium.org/p/project-zero…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Dino A. Dai Zovi
@dinodaizovi
|
26. sij |
|
The claim in the FTI forensics report on Bezos’ iPhone that, “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file]...” bugged me so much that I coded up how to do it:
github.com/ddz/whatsapp-m…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
David S. Miller 😷
@davem_dokebi
|
24. sij |
|
Linux is the first OS to support MPTCP v1, please give me that twitter dopamine. Lots... git.kernel.org/pub/scm/linux/…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
grsecurity
@grsecurity
|
23. sij |
|
New blog post: The Life of a Bad Security Fix: grsecurity.net/the_life_of_a_…
We'll do more shorter-form blogs like this rather than just tweet into the void over several months about the journeys of bad fixes: twitter.com/grsecurity/sta…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Silvio Cesare
@silviocesare
|
18. sij |
|
My first blog post on browser exploitation for
@infosectcbr. I'll look at how to pop xcalc on current Linux Spidermonkey given a relative (oob) rw bug. Spidermonkey is the JavaScript Engine in Firefox. Exploit code also supplied. blog.infosectcbr.com.au/2020/01/firefo…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Siguza
@s1guza
|
18. sij |
|
New blog post: cuck00
A XNU/IOKit info leak 1day killed in iOS 13.3.1 beta 2.
siguza.github.io/cuck00/
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
GitHub Security Lab
@GHSecurityLab
|
15. sij |
|
Assert yourself on the browser playground with @mmolgtm ’s guide to hunting Chrome IPC sandbox escapes: securitylab.github.com/research/chrom…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Vitaly Nikolenko
@vnik5287
|
16. sij |
|
I'll make my tech report and poc public soon. It was a fun bug affecting most major distributions. one exploit to rule them all w/ all kernel expl mitigation bypasses - no rop chains / hardcoded crap duasynt.com/blog/ubuntu-ce…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Hossein Lotfi
@hosselot
|
13. sij |
|
Browser jit exploitation quick start:
@5aelo Phrack paper is the base:
phrack.org/papers/attacki…
@LiveOverflow well-described video series:
liveoverflow.com/tag/browser-ex…
@bkth_ presentation in SSTIC 2019:
sstic.org/media/SSTIC201…
Also:
doar-e.github.io
phoenhex.re twitter.com/Sivenruot/stat…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
LWN.net
@lwnnet
|
10. sij |
|
[$] configfd() and shifting bind mounts lwn.net/Articles/80912…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Catalin Cimpanu
@campuscodi
|
11. sij |
|
Proof-of-concept code published for Citrix bug as attacks intensify
* Not one, but two PoCs have been published for CVE-2019-19781 (also known as Shitrix now)
* PoC 1: github.com/projectzeroind…
* PoC 2: github.com/trustedsec/cve…
zdnet.com/article/proof-… pic.twitter.com/zzJcaeE8wE
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Mobile Security
@mobilesecurity_
|
11. sij |
|
Security hardening of Android native code
#MobileSecurity #AndroidSecurity
darvincitech.wordpress.com/2020/01/07/sec…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
LWN.net
@lwnnet
|
9. sij |
|
Stable kernel updates lwn.net/Articles/80912…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Project Zero Bugs
@ProjectZeroBugs
|
10. sij |
|
Android: ashmem readonly bypasses via remap_file_pages() and ASHMEM_UNPIN bugs.chromium.org/p/project-zero…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
LWN.net
@lwnnet
|
9. sij |
|
[$] Grabbing file descriptors with pidfd_getfd() lwn.net/Articles/80899…
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Siguza
@s1guza
|
7. sij |
|
New blog post. ARM hardware bug. In the specification.
siguza.github.io/PAN/
|
||
|
|
||
| ac proslijedio/la je tweet | ||
|
Project Zero Bugs
@ProjectZeroBugs
|
9. sij |
|
SLOP - A Userspace PAC Workaround bugs.chromium.org/p/project-zero…
|
||
|
|
||