|
Sirko
@
golle0x90
|
|
I'm a linux nerd ;)
Vulnerability Research und Fuzzing
|
|
|
69
Tweetovi
|
131
Pratim
|
42
Osobe koje vas prate
|
| Tweetovi |
| Sirko proslijedio/la je tweet | ||
|
Kostya Serebryany
@kayseesee
|
30. sij |
|
HWASAN (think of it as ASAN v2) has become available to developers on Android outside of Google. If you use C or C++ on Android, please give it a try. developer.android.com/ndk/guides/hwa…
HWASAN is also available on Aarch64 Linux with a recent kernel.
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Christian Hartlage
@dendemeier
|
1. velj |
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Code Intelligence
@CI_GmbH
|
20. sij |
|
@golle0x90 found 12 CVEs in Suricata with libFuzzer. Read more about it in his war story. You can find the full report here: ow.ly/98Fh50xYcRl #suricata #cves #fuzzyoursoftware pic.twitter.com/eg7EYUG2VB
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
catenacyber
@catenacyber
|
15. sij |
|
#fuzzing @MySQL with @TELECOMNancy then you realize `grep memcpy` is still powerful to find vulnerabilities : CVE-2020-2573 (stack buffer overflow in libmysql out of bounds write) totally fixed in latest critical patch update oracle.com/security-alert…
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
ET Labs
@ET_Labs
|
13. sij |
|
Just pushed out-of-band rule 2029255 - ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) M2 (exploit.rules) for additional coverage
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Code Intelligence
@CI_GmbH
|
13. sij |
|
In this interview, our co-founder @serj_de explains the advantages of #fuzzing in continuous integration. Read the full article jaxenter.de/devops/softwar… #fuzzyoursoftware #automatedsoftwaretesting
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Code Intelligence
@CI_GmbH
|
10. sij |
|
The new year has already started and it is time for Bonn Security Night. We invite all #researchers, #professionals and #ITSecurity enthusiasts to join us: #Meetup @BonnSecNights 21.01.20, 18:30 o'clock in the office of @CI_GmbH. See you there! @MeetupDE pic.twitter.com/i5NbiSLkxc
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Samuel Groß
@5aelo
|
9. sij |
|
I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage: googleprojectzero.blogspot.com/2020/01/remote…
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Dmitry Vyukov
@dvyukov
|
9. sij |
|
Another "nice" kernel bug that literally allows to write any memory on the machine by any user (you just give kernel any exact physical or virtual address):
syzkaller.appspot.com/bug?id=c173ad9…
Again, killed before making it into any release:
lkml.org/lkml/2020/1/8/…
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Andrey Konovalov
@andreyknvl
|
8. sij |
|
Linux Kernel Runtime Guard (LKRG) bypass collection by Ilya Matveychikov, CC @Adam_pi3
github.com/milabs/lkrg-by…
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Josh Stroschein
@jstrosch
|
7. sij |
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Code Intelligence
@CI_GmbH
|
24. pro |
|
An exciting year is coming to an end. The Code Intelligence Team would like to take this opportunity to thank you for your support and the good cooperation. We look forward to a successful new year with new exciting challenges. We wish you cozy holidays and a happy new year. pic.twitter.com/k5iY3FzMmv
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Kostya Serebryany
@kayseesee
|
13. pro |
|
Running libFuzzer in a browser, via WASM.
We need to go deeper (?)
github.com/jonathanmetzma…
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Suricata IDS/IPS
@Suricata_IDS
|
13. pro |
|
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Suricata IDS/IPS
@Suricata_IDS
|
13. pro |
|
Announcing the #Suricata 5.0.1 release: suricata-ids.org/2019/12/13/sur…
Fixing lots of issues in 5.0 and improving performance.
#ids #ips #nsm #opensource #oss
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
catenacyber
@catenacyber
|
13. pro |
|
#fuzzing #python with @fuzzitdev pythonfuzz : github.com/P1sec/pycrate/… twitter.com/p1security/sta…
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
nedwill
@NedWilliamson
|
10. pro |
|
Learn how found and exploited SockPuppet for iOS 12.4, featuring a bonus collaboration with LiveOverflow! googleprojectzero.blogspot.com/2019/12/sockpu… youtube.com/watch?v=YV3jew…
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Code Intelligence
@CI_GmbH
|
3. pro |
|
Don't miss out on our talk 'Developers Are Not the Enemy!' tomorrow at 16:45 in Sindelfingen at the Embedded Software Engineering Congress. @m42smith and Paul Corrales will tell you more about the human factor, fuzzing and the future of secure software. ese-kongress.de/frontend/index…
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
OISF
@OISFoundation
|
2. pro |
|
Today ONLY - 20% off current @Suricata_IDS training like TWO 2-day "live" events in Washington DC with @jstrosch and @pevma and 5-day Dev Deep Dive in Berlin with @inliniac! Don't miss it - details here shorturl.at/dglHO. Discount code? Email us, info@oisf.net. pic.twitter.com/GAlXw8X1od
|
||
|
|
||
| Sirko proslijedio/la je tweet | ||
|
Kostya Serebryany
@kayseesee
|
27. stu |
|
Matt Morehouse's talk on GWP-ASan is out.
youtube.com/watch?v=RQGWML…
|
||
|
|
||