Twitter | Pretraživanje | |
Grant Hernandez
PhD candidate at , firmware analyst, reverse engineer, and binary breaker.
926
Tweetovi
1.340
Pratim
1.308
Osobe koje vas prate
Tweetovi
Grant Hernandez 2. velj
Odgovor korisniku/ci @G33KatWork
Install via pyBOMBS, not pacman. It's like a single folder virtualenv but it includes libraries and binaries. Will not break when the system changes
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 31. sij
Odgovor korisniku/ci @Digital_Cold
Another stat to add: I estimate AT LEAST 4.4 million lines of code (see repo for the calculation). Absolutely insane!
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 24. sij
Check out how my CTF team, Kernel Sanders and I approached CSAW's embedded security competition using angr and how we leveraged a buffer overflow to print arbitrary messages to the serial port using RFID shellcode
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 24. sij
Odgovor korisniku/ci @Digital_Cold
Looks like a bug, and almost a vulnerability, but not quite. Maybe some better pwners can take this to an exploit?
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 24. sij
Odgovor korisniku/ci @Digital_Cold
This is the allowed check that is passed to the lack of error handling on fopen: And this is as far as the program gets with the new ulimit:
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 24. sij
Odgovor korisniku/ci @Digital_Cold
Normally it would say this: $ crontab newtab You (grant) are not allowed to use this program (crontab) See crontab(1) for more information
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 24. sij
In vixie-cron, SUID crontab prevents crontab editing if /etc/cron.allow is empty. If you force the ulimit for open files to be 4, auth check is bypassed but you hit another error lower down :( $ bash -c 'ulimit -n 4; crontab newtab' /var/spool/cron/: mkstemp: Too many open files
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 18. sij
Odgovor korisniku/ci @0xcharlie @nudehaberdasher
Might be time to remind them with another hack!
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 15. sij
Odgovor korisniku/ci @kaoudis @phoenixuprising @KateLibc
check out soong (their custom build system in Go)
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 13. sij
Odgovor korisniku/ci @alt_kia
I have accepted that the inevitable bi-monthly kernel panic will wipe out half of my tabs
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 8. sij
Odgovor korisniku/ci @cybergibbons
Justify using defense-in-depth. If one control falls (WAF) for what ever reason, patching this vuln will mitigate the loss along this specific vector.
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 5. sij
Odgovor korisniku/ci @alt_kia
"The missile knows where it is..."
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 2. sij
Odgovor korisniku/ci @weatherbryan @UF @UFRecSports
Here was the damage caused by this rotation as it crossed US 441 and hit Lake Wauburg facilities.
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 2. sij
Odgovor korisniku/ci @Foone
I just ordered 66 of these
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 23. pro
Odgovor korisniku/ci @moyix
May not be relevant to what you are looking for, but cuttlefish vm is now the preferred system emulation platform internally. Goldfish (qemu) hasn't been maintained as much these days
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 21. pro
Odgovor korisniku/ci @lmcdo_ @SwiftOnSecurity
The risk is overblown for every day users, BUT Android manufacturers still expose a lot of attack surface via USB, much of it being proprietary. For instance, Samsung exposes AT interfaces on patched phones. Plus charge only can be a lie as we showed in.
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 4. pro
Odgovor korisniku/ci @steventseeley
Check out some good debugger detection routines and how to bypass
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 4. pro
Odgovor korisniku/ci @OwariDa
Hmm, nothing else is coming to mind. Source/debugger would be my next step unfortunately
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 4. pro
Odgovor korisniku/ci @OwariDa
I've had this issue before on Android (which strips debug info). I ended up using gdb to step through with the sanitizer source available. Is this being used in the context of libfuzzer?
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 4. pro
Odgovor korisniku/ci @OwariDa
Are you able to get the information when manually calling llvm-symbolizer with the PC and .so? If not, maybe its version is out of sync with the debug information
Reply Retweet Označi sa "sviđa mi se"