Aobo Wang
37 posts
This time LLM developed a kernel pool overflow exploit while I'm still investigating how to fengshui😅. It's really rapidly evolving.
Aobo Wang@M4x_1997
Can't agree more. Same situation here. Last week LLM ran for many hours, claiming ~99.9% success rate for an exploit but ultimately gave it up. I had to manually root-cause and fix it quickly. The highlight is that it did find a vulnerability I likely would have missed, mainly because I'm not familiar with the internals. However, it also overlooked some deeper vulnerabilities until I prompted "what if...". IMO, LLMs can indeed help with bug hunting, but don't fully rely on them, especially for exploits, at least, for now.
English
Can't agree more. Same situation here. Last week LLM ran for many hours, claiming ~99.9% success rate for an exploit but ultimately gave it up. I had to manually root-cause and fix it quickly. The highlight is that it did find a vulnerability I likely would have missed, mainly because I'm not familiar with the internals. However, it also overlooked some deeper vulnerabilities until I prompted "what if...". IMO, LLMs can indeed help with bug hunting, but don't fully rely on them, especially for exploits, at least, for now.
Jonathan Bar Or (JBO) 🇮🇱🇺🇸🇺🇦@yo_yo_yo_jbo
And to summarize - I wasted roughly 15 hours of my life and tons of tokens to eventually give up, reverse engineer manually and find the cause of what I was looking for in like 1 hour. LLMs are great but are no replacement for real, hardcore research.
English
@lyq_sqsp The gtfo site(gtfobins.org/gtfobins/sed/ ) documents many quirks like this one. Also, there is a similar site for Windows: lolbas-project.github.io
English
@0gtweet @tiraniddo has a great explanation with more details here: googleprojectzero.blogspot.com/2016/02/the-de…
English
@0gtweet It's a parsing artifact. Explorer uses ::{GUID} paths, but some file APIs misinterpret the first : as a drive letter. This forces Windows to auto-generate a "current directory" var (=::) for this non-existent drive, which then gets inherited by all child processes.
English
Can anyone explain the mystery behind "=::=::\"? It really exists in the PEB -> ProcessParameters -> Environment, is returned by GetEnvironmentStringsW() but is not shown by the "SET" command. And I could see it many times in different Windows versions.🤔
English
Just learned from Apple I was not the first one to report that Wi-Fi bug I found. Looking at the security notes, there were a few others.
@M4x_1997, @theevilbit, @_r3ggi: which one of you got their report in before I did, lol?
Or maybe it was the anonymous researcher.
English
Well, I got a very cheap Xiaomi router to tinker with it and found that most of the vulnerabilities from this presentation (hitcon.org/2020/slides/Ex…) are still valid lol
Great work btw @M4x_1997 and @zh_explorer
English
Aobo Wang retweetledi
Real World CTF Corrupted GI Writeup challenge and writeup author: @f1yYY__
@M4x_1997
xz.aliyun.com/t/13473?time__…
#realworldctf
English
Aobo Wang retweetledi
I've invited some friends of Tea Deliverers and @Water_Paddler to create some interesting challenges for AliyunCTF. We also offer great bonuses:
1st: about 21000$
2nd: about 11000$
3rd: about 7000$
Time: 4.21 13:00 UTC- 4.23 13:00 UTC.
Come join us! 🥳🥳
ays.cn/AGWz
English
Aobo Wang retweetledi
2022 The 4th Real World CTF is about to start. Only one round Online Jeopardy will directly decide the championship this year.
21:00,21th Jan. ~ 21:00,23th Jan. 2022 (GMT+8)
WE WANT YOU!
Follow us on CTFTime:ctftime.org/event/1507, or official website:realworldctf.com
English
#realworldctf I published my writeup for router3. Check English version here: github.com/chaitin/Real-W…
English
Aobo Wang retweetledi
Just published the writeup for our 0day VirutalBox escape: secret.club/2021/01/14/vbo…
Thank you to ChenNan and @RealWorldCTF for creating this challenge!
English
Aobo Wang retweetledi
There may be some uncertainty both in hacking & living. But just like Team @Sauercl0ud just showed, we will finally make it!✊#realworldctf
English