|
Taha Ibrahim Draïdia
@
ibrahimdraidia
EIP
|
|
Hacker at @MDSecLabs interested in reverse engineering, binary exploitation, exploit development and web application security.
|
|
|
658
Tweetovi
|
137
Pratim
|
153
Osobe koje vas prate
|
| Tweetovi |
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
checkra1n
@checkra1n
|
5. velj |
|
checkra1n for Linux is now available at checkra.in! 🌧️📲
It’s been months of hard work in the making and we’re so glad to finally show it to you.
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Adam Chester
@_xpn_
|
1. velj |
|
Myself and @domchell are off to @BlackHatEvents USA 2020 to deliver our Adversary Simulation and Red Team Tactics course. Stay tuned for some upcoming posts on how the supporting labs were created blackhat.com/us-20/training…
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
MDSec
@MDSecLabs
|
30. sij |
|
And next up to the have Taha talking about Kubernetes for pentesters! 👍 pic.twitter.com/gBulEOnqds
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Ghidra
@GHIDRA_RE
|
15. sij |
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Rasta Mouse
@_RastaMouse
|
12. sij |
|
Looks like I got the whole BlockDLLs thing working in C#.
Quite a trivial exercise thanks to @_xpn_'s example in C:
blog.xpnsec.com/protecting-you… pic.twitter.com/SXJAe4oXsX
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
MDSec
@MDSecLabs
|
10. sij |
|
Deep Dive to Citrix ADC Remote Code Execution, CVE-2019-19781, new blog post By @0x09AL mdsec.co.uk/2020/01/deep-d… youtu.be/5U5Hk2CzIAk
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Dominic Chell
@domchell
|
10. sij |
|
This was a really interesting bug and really good work by @0x09AL to exploit it... Perl 😱😱😱 twitter.com/0x09AL/status/…
|
||
|
|
||
|
Taha Ibrahim Draïdia
@ibrahimdraidia
|
6. sij |
|
😂
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Jamie Shaw
@5ub34x
|
6. sij |
|
Adding CVE to muted words, FFS 🤦♂️
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Maddie Stone
@maddiestone
|
14. velj |
|
I get asked all the time how to get started in binary RE. There are tons of great resources out there, so #1 is just get started with something, anything! But if you're open to suggestions for building a strong, general reverse engineering foundation, here are my suggestions:
|
||
|
|
||
|
Taha Ibrahim Draïdia
@ibrahimdraidia
|
4. sij |
|
😂
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Mike Felch
@ustayready
|
4. sij |
|
DropBox privilege escalation in Windows using hardlinks. Great read and great research by @decoder_it!decoder.cloud/2019/12/18/fro…
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
h0mbre
@h0mbre_
|
21. pro |
|
Last project of 2019. I created an image-based C2 channel proof of concept that posts/retrieves stego'd images on Imgur. As a PoC only, I've simulated a proper implant in Python. The Framework is called Dali, after the artist. For fun & to learn! h0mbre.github.io/Image_Based_C2…
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Cutter
@r2gui
|
6. ruj |
|
Ghidra's decompiler is written in C++, hence it was trivial to implement a full integration.
The new version of Cutter is shipped with a new plugin we wrote for Cutter and @radareorg.
NO JAVA INVOLVED.
You can find the plugin and more info here --> github.com/radareorg/r2gh… >> pic.twitter.com/KCxR5SRxkn
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Swissky
@pentest_swissky
|
19. pro |
|
Bypass SSL Pinning and intercept HTTPS with Burp with apk-mitm - A CLI application that automatically prepares Android APK files for HTTPS inspection github.com/shroudedcode/a…
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Hanqing Zhao
@hankein95
|
13. pro |
|
I wrote a thing about JSC exploitation (including how to leak StructureID) and Safari sandbox escape. gts3.org/2019/Real-Worl…
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
buherator
@buherator
|
11. pro |
|
Qualys Security Advisory - Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) openwall.com/lists/oss-secu… < Beautiful! Wonder how @Qualys found it?
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Ian Coldwater
@IanColdwater
|
6. pro |
|
"A remote attacker can access vulnerable services with any password by entering the username as "-schallenge" or "-schallenge: passwd" bc a dash (-) before username tricks OpenBSD into interpreting the value as a command-line option and not as a username." thehackernews.com/2019/12/openbs…
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
Yellow Flag
@WPalant
|
2. pro |
|
My first article on #McAfee antivirus, detailing a bunch of issues rendering its web protection component ineffective. There will be more interesting findings to publish later. #infosec #appsec #antivirus
palant.de/2019/12/02/ren…
|
||
|
|
||
| Taha Ibrahim Draïdia proslijedio/la je tweet | ||
|
spidersec
@SpiderSec
|
29. stu |
|
HTTP Request Smuggling in one Screenshot. 🙂 pic.twitter.com/LIbLV3PIjk
|
||
|
|
||