Twitter | Pretraživanje | |
nafiez
Information Security / Reverse Engineering / Vulnerability Research / POC, HITB & NanoSec Speaker
6.844
Tweetovi
538
Pratim
907
Osobe koje vas prate
 
Prikaži više fotografija
Tweetovi
nafiez proslijedio/la je tweet
raptor 6 h
CVE-2019-12180 – ReadyAPI & SoapUI command execution via malicous project file This is a 0day vulnerability reported by my coworker The timeline is interesting 🤦‍♂️
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
Dave dwizzzle Weston 7 h
Just posted my talk "Keeping Windows Secure" touching on security assurance process and vuln research in Windows from 2019:
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
FireF0X 2. velj
KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore,
Prikaz fotografije · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
MDSec 31. sij
’s first post is a writeup for an RCE in SharePoint
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
Brett Hawkins 31. sij
Want to see how the red team weaponizes threat intel for R&D and TTP development? Check out some research I did with and . Also includes some new executables that can be used for DLL abuse.
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
nafiez 31. sij
Odgovor korisniku/ci @overflow_kaizen @wargamesmy
I heard from the crew, you dont want to claim?
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
SandboxEscaper 31. sij
Fuck it, I can't focus at all today. It's a mess, sorry.. I've also uploaded the discussed bug to github. Maybe someone can make sense of it. It's a junction bug that's a little more complicated then a simple "bait and switch". Hope it's useful to someone.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
j00ru//vx 30. sij
Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy!
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
Walied Assar 27. sij
Windows Kernel _IMAGE_DOS_HEADER::e_lfanew Denial Of Service/Memory Corruption
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
James Forshaw 30. sij
A quick post on why you shouldn't use SYSTEM Tokens when you sandbox a process. Part 1 of N (where I haven't decided how big N is).
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
Leandro Barragan 28. sij
[Educational] One of the best blog posts that I ever read about going from 0 to unauth RCE in f**king Mikrotik OS step by step:
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
Jin Wook Kim 28. sij
CVE-2020-2551 Weblogic RCE with IIOP /bea_wls_internal/classes/mejb@/ .j2ee.mejb.Mejb_dj*(Object obj)
Prikaz fotografije · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
Ryan Hausknecht 28. sij
New blog (and tool): Attacking Azure, Azure AD, and Introducing PowerZure
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
halvarflake 28. sij
My comments about the hubbub of AV vuln use finally being caught: Everybody with any experience knew it's going on. AV software was vuln-dev training material more than a decade ago. There were just sufficient economic reasons to ignore it until it became indisputable.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
0x1337dtm 23. sij
New article! Anti-virus Exploitation: Malwarebytes 4.0.4 - Protection Not Found - Hijacking Malwarebytes via COM IPC
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
nafiez 24. sij
Savage
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
Stuart Winter-Tear 23. sij
Microsoft have released an open source tool to analyze source code for vulnerabilities in almost any modern language:
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
TrustedSec 21. sij
Senior Security Consultant describes the discovery of a privilege escalation in the Intel Trusted Connect Service Client and how to complete the in order to obtain local admin access
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
nafiez proslijedio/la je tweet
SpecterOps 22. sij
Odgovor korisniku/ci @SpecterOps
Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
nafiez 23. sij
Interesting. Do you have more sources on this ? Thanks!
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Učitaj starije tweetove