Erye Hernandez

307 posts

Erye Hernandez

@eryeh

Security Researcher, @inicmu alum, gamer, snowboarder, weekend baker, PPP member

Katılım Mart 2009

446 Takip Edilen1.1K Takipçiler

Sabitlenmiş Tweet

Erye Hernandez@eryeh·23 Eyl

Found an 0day privesc for macOS Catalina exploited in the wild! If you're still on Catalina, please patch or upgrade. support.apple.com/en-us/HT212825

English

113

Erye Hernandez retweetledi

Google VRP (Google Bug Hunters)@GoogleVRP·5 Eki

x.com/i/article/1974…

ZXX

6.9K

Erye Hernandez retweetledi

tylerni7@tylerni7·9 Ağu

Will post more later but: please check out @theori_io's landing page for AIxCC! We've got source code, agent traces, and blog posts to understand the system we built! theori-io.github.io/aixcc-public/

English

114

12K

Erye Hernandez retweetledi

PlaidCTF@PlaidCTF·15 Ağu

MMM takes 1st at @defcon CTF! Had a great time playing with our friends @maplebaconctf and @theori_io as @mmm_ctf_team! 🍁🦆🗝 Great job to Katzebin, StarBugs, and all the other teams! And thanks to @Nautilus_CTF for organizing!

English

254

Erye Hernandez retweetledi

Maple Mallard Magistrates@mmm_ctf_team·8 Ağu

@PlaidCTF, @theori_io (The Duck), and @maplebaconctf are joining forces to play DEFCON as Maple Mallard Magistrates. Some PPP members also play on The Duck & Maple Bacon, so this allows all of us to keep playing on the same team. See you all at DEFCON finals!

English

Erye Hernandez retweetledi

PlaidCTF@PlaidCTF·30 Mar

PlaidCTF is proud to announce visionary innovation and the actualization of experience in the hacking space. We’re moving beyond the ordinary to usher in a new paradigm of pwning. Welcome to the future. Welcome to Plaidiverse. Join us on April 8 at plaidctf.com!

English

155

Erye Hernandez retweetledi

Wicked6Games@Wicked6Games·23 Mar

Session 1 speakers are set for today's Wicked6games, don't miss your chance to register: hubs.li/Q016B3TH0 @Q8Thunders|@marigalloway|@JulieASparks|@eryeh|@AsuNa_jp

English

Erye Hernandez retweetledi

THE Mari Galloway | Cyberjutsu | International@marigalloway·17 Mar

#oneisntenough have you registered? @Wicked6Games @KATZCYLLC @CyberRiskLady @KeenanSkelly @Q8Thunders @mansimusa @eryeh @WomenCyberjutsu @ajohnsocyber

English

Erye Hernandez retweetledi

David Brumley@thedavidbrumley·16 Şub

😀 I am starting a fundraise for @picoctf. PicoCTF is free to everyone, and costs about $500k a year (🙀) to run. If you've had a positive experience with pico, please reply or DM. I'll use it in my fundraise pitch. Pls RT for awareness. #ctf #hacking

English

253

555

Erye Hernandez retweetledi

Marc-Etienne M.Léveillé@marc_etienne_·25 Oca

The exploit for Safari is quite complex and massive. I really wanted to understand exactly what the vulnerability was and how it was mitigated, so I dived into the world of browser exploits for a few days and tried to explain how leaking object addresses was possible.

ESET Research@ESETresearch

#ESETresearch uncovers new Mac malware DazzleSpy, delivered using watering hole on a pro-democracy Hong Kong radio station website. Payload was launched as root without user interaction, using exploits for Safari and macOS. @marc_etienne_ @cherepanov74 welivesecurity.com/2022/01/25/wat… 1/7

English

139

Erye Hernandez retweetledi

ESET Research@ESETresearch·25 Oca

English

163

297

Erye Hernandez retweetledi

Objective-See Foundation@objective_see·11 Kas

Google uncovered a sophisticated attack that leveraged both iOS & macOS exploits (n-/0-days) to infect Apple users! 👀 Interested in a triage of the macOS implant (named OSX.CDDS), including: ▫️ Installation ▫️ Persistence ▫️ Capabilities 📝 Have a read: objective-see.com/blog/blog_0x69…

English

176

Erye Hernandez retweetledi

Lorenzo Franceschi-Bicchierai@lorenzofb·11 Kas

New: In August Google caught hackers using an old Mac exploit together with a zero-day that was published by a research group at a Chinese cybersecurity conference in April. The hackers were targeting Hong Kong users. vice.com/en/article/93b…

English

109

Erye Hernandez retweetledi

Shane Huntley@ShaneHuntley·11 Kas

More technical details from @eryeh and the team on last months exploit and the associated campaign. blog.google/threat-analysi… TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group.

Shane Huntley@ShaneHuntley

0day privilege escalation for macOS Catalina discovered in the wild by @eryeh support.apple.com/en-us/HT212825 We saw this used in conjunction with a N-day remote code execution targeting webkit. Thanks to Apple for getting patch out so quickly.

English

Erye Hernandez@eryeh·11 Kas

Glad to be able to share some additional details on the campaign leveraging the macOS privesc (CVE-2021-30869) to install a new macOS backdoor blog.google/threat-analysi…

English

212

Erye Hernandez retweetledi

Shane Huntley@ShaneHuntley·23 Eyl

English

118

Erye Hernandez@eryeh·10 Ağu

Congrats A*0*E!!

A*0*E@teama0e

Congratulations to @teama0e all members!🏆We are the champion! Glad to join such a charming event held by @oooverflow with everyone!👍

English

Erye Hernandez retweetledi

Overflow@oooverflow·10 Ağu

After an EPIC battle for @defcon CTF, with MULTIPLE lead changes throughout 32 hours of competition, A*0*E REMAINS VICTORIOUS 👑 PPP takes second place, behind by two points

English

178

Erye Hernandez retweetledi

nedwill@NedWilliamson·10 Ara

Learn how found and exploited SockPuppet for iOS 12.4, featuring a bonus collaboration with LiveOverflow! googleprojectzero.blogspot.com/2019/12/sockpu… youtube.com/watch?v=YV3jew…

YouTube

English

123

366

Erye Hernandez retweetledi

Shane Huntley@ShaneHuntley·22 Ağu

We disabled 210 channels on YouTube when we discovered channels in this network behaved in a coordinated manner while uploading videos related to the ongoing protests in Hong Kong. blog.google/outreach-initi…

English

326

675

Keşfet

@theori_io @defcon @maplebaconctf @mmm_ctf_team @Nautilus_CTF @PlaidCTF @Q8Thunders @marigalloway