Twitter | Pretraživanje | |
Saifuddin Amri
Cyber Security Specialist. Consulting Manager at . A geek who is really passionate about tech & cyber security. Tweets & RTs are my own.
10.806
Tweetovi
3.673
Pratim
1.208
Osobe koje vas prate
 
Prikaži više fotografija
Tweetovi
Saifuddin Amri proslijedio/la je tweet
Jake James  28. sij
looks like this kext is accessible from sandbox, stay away from 13.3.1
Prikaz fotografije · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Hector Martin 16. sij
Odgovor korisniku/ci @marcan42
So it's not that Windows uses the wrong curve parameters or anything like that, it's that at some point the key used to index into a validated cert cache is (serial, pub) when it should be (serial, pub, params). As they say, one of the hardest problems in CS is caching.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Hector Martin 16. sij
To clarify the Windows crypto fail: The problem isn't in signature validation. The problem is the *root store/cache*. CryptoAPI considers an (attacker-supplied) root CA to be in the trust store if its public key and serial match a cert in the root store, Ignoring curve params.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Hector Martin 17. sij
Odgovor korisniku/ci @CyborgTribe
What you're trying to find is the private key given the public key. You cannot find the original private key for the original params, but you can trivially craft parameters in such a way to make a private key of 1 "happen" to correspond to the original public key.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
🥝 Benjamin Delpy 16. sij
That epic Microsoft moment❤️ Recently worked on and ECC, so yes, 10 and 2016/2019 only. Previous versions like Windows 7 did not support personnal EC curves (only few NIST standard ones)
Prikaz fotografije · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
🥝 Benjamin Delpy 17. sij
Ho, by the way, is not only about TLS & Authenticode... it's also for S/MIME and other signatures. Yes, it's also valid against mail signature verification ❤️ I hope nobody rely on it for legal / workflow validation
Prikaz fotografije · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
IT Freedom 16. sij
Don't take any chances, make sure your data is secure.
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Inc. 17. sij
4 customer service trends you need to know in 2020
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Cyber Advising 16. sij
CryptoAPI PoC CVE-2020-0601
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Didier Stevens 14. sij
New blog post "Analysis Of Unusual ZIP Files"
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri 17. sij
Odgovor korisniku/ci @SyakirahZahadi
Habis lah i kena pukul dengan BF you lepas ni. I lari dulu k. Hahaha
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri 17. sij
Odgovor korisniku/ci @yeolahv
Faham ya ustazah 😆
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri 17. sij
Odgovor korisniku/ci @SyakirahZahadi
Love you too, dumb ass 😂
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Elias Ladopoulos 29. pro
This attack did occur, but it wasn’t Mitnick that performed it. Also, Shimomura’s machine was already owned before Kevin finally was given access, and it was logged. I’ve seen the logs.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Cybergibbons! (Project Zero Hounslow) 27. pro
In Infosec, we need to consider Confidentiality Integrity Availability We often forget Availability - keeping something available often runs contrary to security. Interesting story about how handling the encoding of years on EMV cards led to downtime:
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Today In Infosec 25. pro
1994: Kevin Mitnick allegedly performed a remote attack against Tsutomu Shimomura’s personal computer, gaining access by using source address spoofing and TCP sequence prediction. But there's no proof he did it and it's generally accepted he lacked the required technical skills.
Prikaz fotografije · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Saifuddin Amri 13. ožu
For the next 6 months: 1. I will focus on myself 2. Myself is my 1st priority. Put aside unnecessary things & bullshit issue. 3. It's only me, myself & my career 4. Invest 10000% energy into myself 5. Don't lose focus & work harder ! Happy working peeps !
Prikaz fotografije · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Marco Rogers 24. pro
I keep telling y'all that "full stack" is a trap. Nobody wants to talk about it. I was honestly surprised when I learned that a lot of devs are taught to want that. As opposed to be able to build up competency incrementally.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
SwiftOnSecurity 24. pro
TIP: You should go through all web results for all your usernames past and present, and change all the user details to junk, BEFORE you delete the account (if that's an option). Often websites only HIDE deactivated accounts - if a hacker dumps the database all your stuff is there
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Saifuddin Amri proslijedio/la je tweet
Andrea Di Fabio 23. pro
When are we going to impose fines so hefty for poor cybersecurity that can seriously impact or shut down a company? Over 267M Facebook users had names, phone numbers leaked on dark web
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Učitaj starije tweetove