red0xff

🔺This is the first talk I've given in 6 years – featuring formal verification of post-quantum cryptography, the evolution of the Secure Page Table Monitor, a view into Memory Integrity Enforcement, updates to Apple Security Bounty… and a personal note.

Second time I complete flare-on :p, despite the busy month. ping @RandoriSec

Hello, I will be at @hexacon_fr, come say hi ! I will be glad to discuss anything. We are also hiring at @RandoriSec ;)

@hardwear_io @tihmstar @Phenol__

🔮Breaking into 📱iPhone's last Security Barrier 💡@tihmstar will present his work on attacking the iPhone's hardware AES crypto core through an EM-sidechannel in order to retrieve the hardware fused GID and UID keys 🎟️Grab your tickets 👉bit.ly/3BSDXU6 #hw_ioNL2022

@EmmanuelOchubi1 @Ox4d5a @imfaiqu3 @GodfatherOrwa @thehackerish @theXSSrat @Blaklis_ @arth_bajpai This screenshot contains enough information for people to locate the vulnerable website (intext:"..."), if I were you, I would make sure that it's not identifiable from the image (X-AspNet-Version: 4.0.30319 and X-Powered-By: ASP.NET in case you have any doubt)

@alexxubyte @SalahEddineBC

/1 How do Apple Pay and Google Pay handle sensitive card info? The diagram below shows the differences. Both approaches are very secure, but the implementations are different. To understand the difference, we break down the process into two flows.

@Shawan_J Can you try now @Shawan_J ?

@red0xff How can I DM you?

@Shawan_J Hello, my DMs are disabled? I'm checking

A blog worth reading, thank @red0xff

A random idea I had that turned into a short new blog post. (This post does not demonstrate a vulnerability, but rather a logic flaw in the execution environments of the most popular competitive programming platforms). red0xff.github.io/posts/cracking…

This might be the best bug I found. Never thought I'd be writing a kernel exploit as reliable, clean and fast as a browser exploit. For a while I actually used this to root my research phone when can't be bothered to patch the rom: github.blog/2022-07-27-cor…

Heap buffer overflow within the Netfilter subsystem of the Linux kernel (CVE-2022-34918). ps: @metasploit module coming soon. randorisec.fr/crack-linux-fi… #netfilter #0day

Hajime! We are glad to announce our second ring0 sponsor! 🙏 Thank you @RandoriSec for helping us to gather the infosec community in Paris ⛩️ To find out more about RandoriSec, visit their website at randorisec.fr #HEXACON2022

Here are 11 reasons why we should use #HyperDbg, the differences between HyperDbg and #WinDbg, and how HyperDbg will change our debugging/reversing journey. A thread (24 tweets) 🧵:

Just checked the latest #metasploit modules and seen this. 💪💪💪 @red0xff github.com/rapid7/metaspl…

Today is a great day ! @red0xff is joining us as a reverser 🔬 Welcome on board !

@moyix @Rode0day Been using these as cool random hostnames. github.com/red0xff/hostna… Chrome seems to hate that, thinks it's a new computer when the hostname gets changed (on each boot).

If you're curious, the list of scientists/hackers they use (along with a brief comment about each) is here. We used a similar strategy for generating anonymized team names for @Rode0day, but with insect names (bugs, get it?) :) #L120-L836" target="_blank" rel="nofollow noopener">github.com/moby/moby/blob…

Just got "unruffled_elbakyan" as a container name :)

Just published a new article about Keccak/Sha3 (explains its steps in simple words, and explains how leaking the internal state can lead to unwanted consequences) red0xff.github.io/posts/invertin… Feedback is welcome (PS: I'm not a cryptographer)

@meriem_laroui Thanks a lot 😄

@red0xff Congraats !!

@Moussaabben Thanks a lot man 😊

@red0xff Congrats man 🔥