|
Yannayl
@
Yannayli
|
|
Warranty voider | Occasional exploiter | Holistic Security researcher | Views are deconstructed | The author will die (E&OE)
|
|
|
508
Tweetovi
|
183
Pratim
|
952
Osobe koje vas prate
|
| Tweetovi |
|
Yannayl
@Yannayli
|
16 h |
|
The yearly #BlueHatIL authentication bypass.
Thanks for a great conference! pic.twitter.com/RoVsJT0gFt
|
||
|
|
||
|
Yannayl
@Yannayli
|
17 h |
|
|
||
|
Yannayl
@Yannayli
|
22 h |
|
Just found out about @Android VPN enforcement menu. I love it!
Security Conference honeypot wifi, come at me! #BlueHatIL @WireGuardVPN pic.twitter.com/9dRJkGyJ7z
|
||
|
|
||
|
Yannayl
@Yannayli
|
5. velj |
|
Check out @seanhn work
|
||
|
|
||
|
Yannayl
@Yannayli
|
4. velj |
|
Great research!
Gotta love web-based desktop apps, where every XSS is probably an RCE twitter.com/perimeterx/sta…
|
||
|
|
||
|
Yannayl
@Yannayli
|
4. velj |
|
יש תיאוריה שאם מישהו יבין אי פעם תלוש שכר של עובד במגזר הציבורי הוא יוחלף מיד לתלוש אף יותר אניגמטי וסתום.
יש תיאוריה שאומרת שזה כבר קרה.
|
||
|
|
||
|
Yannayl
@Yannayli
|
31. sij |
|
Does P0 sponsor guest research? If I know a researcher with very promising preliminary results, will they consider hiring him to complete and publish the research?
|
||
|
|
||
|
Yannayl
@Yannayli
|
30. sij |
|
Mind reading is not production yet
|
||
|
|
||
|
Yannayl
@Yannayli
|
30. sij |
|
You don't need to call, just have a phone near and speak out loud
|
||
|
|
||
|
Yannayl
@Yannayli
|
25. sij |
|
If it's python only (e.g. fast prototype, initial research etc.)
You get the full power of a programming language so you can do non-trivial things like checksum checking and express dependencies between fields in elaborate ways. Last time I checked kaitai it didn't support those
|
||
|
|
||
|
Yannayl
@Yannayli
|
24. sij |
|
If you use python construct (the sanest way I know to do binary parsing/construction) and want some feature added, the maintainer is looking for suggestions: github.com/construct/cons…
|
||
|
|
||
|
Yannayl
@Yannayli
|
7. sij |
|
Really nice bypass! Memory permissions require 3 bits per EL but HW has only 2, when using weird combinations interesting things happen.
Reminds me this old tweet twitter.com/Yannayli/statu… twitter.com/s1guza/status/…
|
||
|
|
||
|
Yannayl
@Yannayli
|
3. sij |
|
What's the intended solution?
|
||
|
|
||
|
Yannayl
@Yannayli
|
2. sij |
|
CTF ROP pro-tip: use more pop sleds.
See also: twitter.com/Yannayli/statu…
|
||
|
|
||
|
Yannayl
@Yannayli
|
1. sij |
|
Range based for loop?
|
||
|
|
||
|
Yannayl
@Yannayli
|
31. pro |
|
I wish to remind everyone that the new decade is only a few hours and ONE YEAR away. en.wikipedia.org/wiki/Anno_Domi…
We live by an off-by-one calendar.
|
||
|
|
||
|
Yannayl
@Yannayli
|
30. pro |
|
Very cool!
|
||
|
|
||
|
Yannayl
@Yannayli
|
30. pro |
|
|
||
|
Yannayl
@Yannayli
|
30. pro |
|
Do you mind sharing the bug in VVVV? I found a bunch but failed to exploit the in time :/
|
||
|
|
||
|
Yannayl
@Yannayli
|
30. pro |
|
My teammate modified malloc.c/realloc.c to use 16 bit offsets instead of pointers, added a small main and used that as a simulator . I was very skeptical but our local exploit worked on the remote without modifications 🤷
|
||
|
|
||