Filippo Cremonese

V12 is now live for open beta. It can: - Find valuable bugs - Generate working, runnable PoC - Generate patch and test the PoC against it In our testing during audits at Zellic, Zenith, and Code4rena we've been consistently impressed. Best of all: it's free. (Don't abuse it!)

Bad auditors miss obvious bugs. We built an AI tool that finds them. Introducing V12: the only autonomous Solidity auditor that actually finds Highs and Criticals. We'll be releasing it for free. V12 finds Crits in Zellic audits, High/Mediums in Cantina, and a bug in Pendle.

Still hacking with your feet on the ground? Not anymore, we cooked 🍝 Join Ctrl+Space CTF Quals (20–21 Sep) to be one of the 5 finalist teams to play in-orbit challenges running on @D_Orbit ION Satellite Carrier 🛰️ at @esa 3S conference 🇳🇱 (4–6 Nov)! ctrl-space.gg

🚨 Sponsoring us?! The mhackeroni kitchen will open its usual pop-up restaurant in Vegas at @defcon this August 🍝 There's still time to help us make it - write us if you'd like to discuss! Let's get your logo out there on this summer's hottest piece of apparel 👕🚩

We're proud to share that Zellic Security Researcher @fcremo helped discover an issue in the Cairo VM during a recent audit of @Starknet OS. This bug has been fixed as an immediate patch to Starknet's current version 0.13.3.

@wizzair hi! My lawyer is trying to get in contact with you but is not receiving any answer. What email address can he use to reach you?

I'm loving @nohatcon soundtrack

@_revng Hey I know that machine 👀

This is our NAS. It runs restic in append-only mode. Ransomware don’t scare us! 🦠⚕️

📢 Calling all Sponsors! Get mhackeroni to the DEF CON 32 CTF finals 🚩🍝 Would you like to be a part of moving the kitchen to Las Vegas this summer & secure a spot for your logo in our highly-demanded t-shirt? Contact us! Your favourite Italian Acheri™️ need your help!

@hackerfantastic @pid_eins I am trying to understand the vulnerability you are outlining. Could you please give me an idea of how you would hijack the pty to inject inputs into it without ptrace and without being root/having CAP_SYS_ADMIN which AFAIK is needed to use TIOCSTI on the pts?

@pid_eins The issue is that the pty is owned by the same user, its not root owned. The use of ptrace is just for easily hijacking the pty, you also didn't acknowledge that root environment variables leaks through dbus properties. Leave sudo alone, signed every Linux user.

This isn't the only bug of course, it's not possible on Linux to read the environment of a root owned process but as systemd creates a service in the system slice, you can query D-BUS and learn sensitive information passed to the process env, such as API keys or other secrets.

Ticket still available, get it while it's hot!

How ironic -- one of the songs in the playlist @Spotify made for users that unsubscribe from a premium plan is unavailable

I have a friend with one extra CCC ticket. Reply/DM me if interested, will put you in contact. RT apprecieted, see y'all at Congress! #CCC #37C3

Gone! Sorry everyone, good luck with the general sale!

I have one spare ticket for #CCC. Giving it away at cost (obviously, screw scalpers). RTs appreciated :) #37C3

@vh_tech @frank_juston I have a spare ticket, giving it away at cost. DM me if you still need one!

@frank_juston Nope, my voucher got abused. Now I'm left out. I wish everyone a great #37C3 ❌ Ticket ✅ Train ✅ Stay

@_revng I meant you don't get to decide where the push goes, it's one time up, the next down. I guess it could be worse, it could push half word up, half word down.

@fcremo Well, take a look at ia64...

Just found out this nice table. HPPA is the "f- you" architecture. The stack grows up. Deal with it. Source: wiki.debian.org/ArchitectureSp…

@mebeim Big buck bunny and Ubuntu ISOs are so popular these days!

The struggle to reach 10x share ratio on a 100/20 ADSL line is real

@gf_256 Since this is getting seen by a lot of people, I want to clarify that while the general idea is correct, the sum has to be mod 3, not mod 10, as other users have pointed out

@gf_256 Damn it I got nerd sniped. IMO it's easier to first think in terms of a finite automaton with states representing the sum of digits modulo 10. First img shows an automaton that works for 1 digit. Now you just need to add the rest of the state transitions (2nd img) 1/n

alright CS new grads, let's put that shiny degree to the test!