Georgios Baltas

Interested in the #ShadowBrokers exploits? I wrote a technical analysis of EternalSynergy: blogs.technet.microsoft.com/srd/2017/07/13…

Quest devices will be at the Pwn2Own stage this year, alongside Meta Ray-Bans and WhatsApp. Excited to see what people come up with.

File system redirection has long been a tool for attackers seeking privilege escalation. RedirectionGuard, a new Windows mitigation, is designed to block malicious junction-based redirection by default, strengthening system security. Key Features of RedirectionGuard: •Blocks junction traversal only when followed by an opted-in process and when created by a non-admin user. •Stores privilege metadata in an admin-only alternate data stream to verify junction trustworthiness. •Already enabled in Windows Insider builds for User Profile Service, AppX Deployment Service, and Installer Service, historically among the most vulnerable components. Learn more in our new blog by Mike Macelletti (@pintostart), Senior Security Researcher, Microsoft: msft.it/6018SIil0 Many thanks to Georgios Baltas (@gebaltas) and James Forshaw (@tiraniddo) for their contributions.

Looking to apply your vulnerability research skills to a new product area? This is a great opportunity to get started with Quest devices — with hands-on support from Meta’s security engineers (myself included) to accelerate your impact

Andrew Calvano and I wrote a proof of concept exploit targeting the Meta Quest2 VR headset to understand how to secure it better as part of Meta's Native Assurance team. Go check it out 🔥🔥! "Meta Quest 2: Defense through offense" engineering.fb.com/2023/09/12/sec…

From investigating an OOB read bug report in the Quicksort implementation of the Hermes JS engine to building an RCE exploit engineering.fb.com/2022/07/20/sec…

Zenith is an (unreliable) exploit I wrote to compromise the TP-Link AC1750 Smart Wi-Fi Router for Pwn2Own Austin 2021. It remotely exploits an integer overflow in the NetUSB kernel driver that results in a heap-buffer overflow 🔥 github.com/0vercl0k/zenith

hyperv bugzz bounties fuzzing and bananas, something in between those lines => rezer0dai.github.io/biug-bounties/

We have a great team and currently hiring, so if the above sounds interesting shoot me a DM! Here's the link to one of the openings: facebookcareers.com/v2/jobs/123558…

Our day-to-day consists of in-depth security reviews, building & running static/dynamic analysis tools and mitigating classes of bugs. People can pick their focus area based on their interests.

It's been over a year since I've joined FB's native product security. People might not realize, but we have a lot of native code to work on, in all types of software; from firmware to mobile apps.

It's happening!!! Well probably😁

New blogpost by @0vercl0k: "Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)" doar-e.github.io/blog/2021/04/1…

@halvarflake It seems to me that the level of security (or lack thereof) is already baked into the price of software. The security community can facilitate more informed decisions, but ultimately consumers decide what they pay for.

For a single severe bug and a 90 day fix, this means "75% securetime". Now establish that customers paid for 99% securetime, and get a refund for any percentage below that. For free-but-monetized software like Android, they get a corresponding cut of the generated revenue.

Ill-thought-out idea to start the week - this time on regulating software providers to improve security: Establish the metric "securetime", equivalent to "uptime": The number of days in the past calendar year that the software had no severe vulnerabilities known to the vendor.

If you were to draw on a canvas the virtual address space of a 64-bit Windows process running on 19H1 this is what you would see 🧐🧐

@Saif_Sherei @msftsecresponse It was great having you on the same team. Congrats and best of luck!

Today was sadly my last day at MSRC @msftsecresponse , it was truly a pleasure and honour to be part of this epic team, I learnt so much from everyone, and Thank you all for being a part of my journey.

Today is my first day at @Facebook's Product Security team, where I will be working on native code vulnerability research and exploit mitigation

After almost 5yrs, Friday was my last day at @Microsoft. It has been a lot of fun working with many talented people at @msftsecresponse and other teams.

@n0x08 @dana_baril Congrats Nate!

@guhe120 FWIW report quality is always determined by engineers and we are incentivized to reward highly actionable reports. It is not influenced by the potential payout.

The same situation, many cases closed without any conversation, and dirty reasons (e.g. saying your reports are low quality) to refuse to pay bounty

@vkemerlis @GreekDiasporaFP @IIEglobal @FulbrightGreece @SNForg @AUEB Going back to the roots :) Cograts!

I'm deeply honored for being awarded a @GreekDiasporaFP Fellowship by @IIEglobal, @FulbrightGreece, and @SNForg! I look forward to visiting again @AUEB, my alma mater, and working with George Polyzos and George Xylomenos on IoT security! #BrownResearch #BrownCS #AUEB #MMlab