|
Rh0
@
rh0_gz
Digital Cave
|
|
Security Research • Program Analysis • Bugs and Exploits
|
|
|
329
Tweetovi
|
346
Pratim
|
402
Osobe koje vas prate
|
| Tweetovi |
| Rh0 proslijedio/la je tweet | ||
|
InfoSect
@infosectcbr
|
2. velj |
|
Pointer Compression in V8 and what it means for browser exploitation by @farazsth98 blog.infosectcbr.com.au/2020/02/pointe…
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
14 h |
|
Tried to reverse a wireless router only to be thwarted by encrypted firmware? @trendytofu shows methods for overcoming this roadblock in his latest #MindShaRE blog. zerodayinitiative.com/blog/2020/2/6/…
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Niklas B
@_niklasb
|
12 h |
|
just found that this writeup for CVE-2019-9793, a range analysis bug in Spidermonkey found by @bkth_ and analyzed by me is now unrestricted: bug1528829.bmoattachments.org/attachment.cgi…
I thought it was a cool bug, although unfortunately Spectre mitigations prevented exploitation as far as I know
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Maddie Stone
@maddiestone
|
18 h |
|
Here are the slides for my presentation today at @BlueHatIL on variant analysis for 0-days used in the wild. I discuss 3 case studies, covering the approach, findings, and lessons learned. #BlueHatIL
github.com/maddiestone/Co… pic.twitter.com/pXKzOUxc27
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
j00ru//vx
@j00ru
|
30. sij |
|
Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy! googleprojectzero.blogspot.com/2020/01/part-i…
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
16. sij |
|
To get set for #Pwn2Own Miami, @mrpowell exploits a SCADA bug submitted by @steventseeley and shows how you can too. See how he pops calc at bit.ly/2sAEGtq #P2OMiami
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Samuel Groß
@5aelo
|
9. sij |
|
I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage: googleprojectzero.blogspot.com/2020/01/remote…
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Andrea Fioraldi
@andreafioraldi
|
7. sij |
|
Today the Superion fuzzer is not anymore open-source on GitHub (github.com/zhunki/Superion) so I created an organization called Fuzzers-Archive that aims to collect unmaintained fuzzers to prevent this situation. Open an issue to ask for additions:
github.com/Fuzzers-Archiv…
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Jiliac
@Jilyac
|
26. pro |
|
We made a website which shows a genealogy of fuzzers: fuzzing-survey.org
Basically, this is a fork from the one we have in the survey, but which we can keep up-to-date and where anyone can contribute at: github.com/SoftSec-KAIST/…
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Abdulrhman Alqabandi
@Qab
|
24. pro |
|
Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws.
leucosite.com/Edge-Chromium-…
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
F-Secure Labs
@FSecureLabs
|
24. pro |
|
H0, H0, H0 Day
labs.f-secure.com/blog/hackin-ar…
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
16. pro |
|
In the 1st of our Top 5 bugs for 2019, @hosselot takes a look at a sandbox escape in #Firefox originally submitted to the program by @_niklasb. Read the details at bit.ly/2M0XatD #ZDITop5
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
|
Axel Souchet
@0vercl0k
|
6. pro |
|
Here is an exploit chain I wrote for Firefox that gets RCE via CVE-2019-9810 and escape the sandbox with CVE-2019-11708/CVE-2019-9810. Once compromised, it drops a payload and injects privileged JS code in already/newly created tabs. github.com/0vercl0k/CVE-2… pic.twitter.com/LeAOCgqpMG
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
2. pro |
|
Start off the week with the 2nd part of @trendytofu's look into reversing a TP-Link TL-WR841N wireless router. His write-up includes a full exploit & a video demonstration of ZDI-19-992. bit.ly/33AhiZq #MindShaRE
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
26. stu |
|
Correction: Take a deep dive into a #Pwn2Own winning #WebKit bug as @ziadrb breaks down an entry used by @fluoroacetate (Amat Cama and Richard Zhu) at this year’s Pwn2Own in Vancouver. bit.ly/2OMZNj5
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Bruno Keith
@bkth_
|
17. stu |
|
I published the slides of the talk I gave @GrehackConf last Friday github.com/bkth/optimize_…
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
PagedOut
@pagedout_zine
|
15. stu |
|
Paged Out! #2
pagedout.institute
Thanks to all the authors and the institute!
Enjoy!
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
qwertyoruiop
@qwertyoruiopz
|
8. stu |
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Sean Heelan
@seanhn
|
30. lis |
|
At CCS '19 next month I'll be presenting a paper titled "Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters". More details @ sean.heelan.io/2019/10/30/gol…
|
||
|
|
||
| Rh0 proslijedio/la je tweet | ||
|
Robert Swiecki
@robertswiecki
|
28. lis |
|
honggfuzz-rs has already found dozens of bugs in Rust packages, the python-hfuzz might help you to do the same with your python code: github.com/thebabush/pyth… (from the author of honggfuzz-qemu).
|
||
|
|
||