Twitter | Pretraživanje | |
Yannayl
Warranty voider | Occasional exploiter | Holistic Security researcher | Views are deconstructed | The author will die (E&OE)
508
Tweetovi
183
Pratim
952
Osobe koje vas prate
Tweetovi
Yannayl 16 h
The yearly authentication bypass. Thanks for a great conference!
Reply Retweet Označi sa "sviđa mi se"
Yannayl 17 h
Odgovor korisniku/ci @yoavalon @dvyukov @BlueHatIL
Reply Retweet Označi sa "sviđa mi se"
Yannayl 22 h
Just found out about VPN enforcement menu. I love it! Security Conference honeypot wifi, come at me!
Reply Retweet Označi sa "sviđa mi se"
Yannayl 5. velj
Odgovor korisniku/ci @OphirHarpaz @seanhn
Check out work
Reply Retweet Označi sa "sviđa mi se"
Yannayl 4. velj
Great research! Gotta love web-based desktop apps, where every XSS is probably an RCE
Reply Retweet Označi sa "sviđa mi se"
Yannayl 4. velj
Odgovor korisniku/ci @OriKatz3
יש תיאוריה שאם מישהו יבין אי פעם תלוש שכר של עובד במגזר הציבורי הוא יוחלף מיד לתלוש אף יותר אניגמטי וסתום. יש תיאוריה שאומרת שזה כבר קרה.
Reply Retweet Označi sa "sviđa mi se"
Yannayl 31. sij
Odgovor korisniku/ci @scarybeasts @l_zzi_ @benhawkes
Does P0 sponsor guest research? If I know a researcher with very promising preliminary results, will they consider hiring him to complete and publish the research?
Reply Retweet Označi sa "sviđa mi se"
Yannayl 30. sij
Odgovor korisniku/ci @BOtupal @thegrugq
Mind reading is not production yet
Reply Retweet Označi sa "sviđa mi se"
Yannayl 30. sij
Odgovor korisniku/ci @thegrugq
You don't need to call, just have a phone near and speak out loud
Reply Retweet Označi sa "sviđa mi se"
Yannayl 25. sij
Odgovor korisniku/ci @obilodeau
If it's python only (e.g. fast prototype, initial research etc.) You get the full power of a programming language so you can do non-trivial things like checksum checking and express dependencies between fields in elaborate ways. Last time I checked kaitai it didn't support those
Reply Retweet Označi sa "sviđa mi se"
Yannayl 24. sij
If you use python construct (the sanest way I know to do binary parsing/construction) and want some feature added, the maintainer is looking for suggestions:
Reply Retweet Označi sa "sviđa mi se"
Yannayl 7. sij
Really nice bypass! Memory permissions require 3 bits per EL but HW has only 2, when using weird combinations interesting things happen. Reminds me this old tweet
Reply Retweet Označi sa "sviđa mi se"
Yannayl 3. sij
Odgovor korisniku/ci @liadmord
What's the intended solution?
Reply Retweet Označi sa "sviđa mi se"
Yannayl 2. sij
CTF ROP pro-tip: use more pop sleds. See also:
Reply Retweet Označi sa "sviđa mi se"
Yannayl 1. sij
Odgovor korisniku/ci @Wlrving
Range based for loop?
Reply Retweet Označi sa "sviđa mi se"
Yannayl 31. pro
I wish to remind everyone that the new decade is only a few hours and ONE YEAR away. We live by an off-by-one calendar.
Reply Retweet Označi sa "sviđa mi se"
Yannayl 30. pro
Odgovor korisniku/ci @PastaFork @hxpctf
Very cool!
Reply Retweet Označi sa "sviđa mi se"
Yannayl 30. pro
Played CTF with . It was awesome and so diverse. With my teammates, I wrote heap exploit for AVR, ropchain for arm and shellcode for x86. Thanks !
Reply Retweet Označi sa "sviđa mi se"
Yannayl 30. pro
Odgovor korisniku/ci @PastaFork @hxpctf
Do you mind sharing the bug in VVVV? I found a bunch but failed to exploit the in time :/
Reply Retweet Označi sa "sviđa mi se"
Yannayl 30. pro
Odgovor korisniku/ci @gynvael @pastenctf
My teammate modified malloc.c/realloc.c to use 16 bit offsets instead of pointers, added a small main and used that as a simulator . I was very skeptical but our local exploit worked on the remote without modifications 🤷
Reply Retweet Označi sa "sviđa mi se"