johncool
228 posts
We are hiring offensive security researchers @Apple!
We are looking for experienced profiles in a variety of fields.
Learn more here: jobs.apple.com/en-us/details/…
You are into Kernel or Userland Vulnerability Research? My team would love to hear from you!
DM me if you have questions
English
johncool retweetledi
New year, new adventure for me @Reverse_Tactics ! A lot of work to come, but hopefully lots of vulnerabilities and exploits ! Feel free to DM me to discuss or leak your bugs 🥸
GIF
REverse_Tactics@Reverse_Tactics
Welcome to @OnlyTheDuck who is joining REverse Tactics for handling exciting security challenges and discovering new vulnerabilities!
English
johncool retweetledi
Welcome to @OnlyTheDuck who is joining REverse Tactics for handling exciting security challenges and discovering new vulnerabilities!
English
@h0wdeee I can’t remember which release fixes the bug, but here is the relevant commit github.com/Netatalk/netat…
English
hello researcher friends! I have been tasked with looking into CVE-2022-43634, a critical RCE vuln in Netatalk with a CVSS of 9.8
I haven't found any mention of it in the disclosures, but perhaps this will be of as much use to you as it is to me!
web.archive.org/web/2023060401…
English
johncool retweetledi
Thank you everyone for this amazing second edition!
We hope you all had a blast and all the team is already eager to see you all next year for #HEXACON2024 🚀
English
@lcheylus @OnlyTheDuck @swapgs Et oui… Je pensais pas que ça partirait si vite. Mais c’est tant mieux que la conf génère autant d’engouement.
Français
@JohnCool__ @OnlyTheDuck @swapgs Ah toi aussi, t'as pas réussi à avoir de place pour la GreHack 2023 ? :(
Français
Because I would love to see the magnificent @OnlyTheDuck on stage (and @swapgs (and the other one too))
Root-Me@rootme_org
The second batch for @GrehackConf 2023 was launched today, and guess what: tickets sold out in minutes 🫣. But lucky you, we had reserved 2 tickets for you! 🤩 👉 Retweet and comment by telling us what motivates you to go to the conference. Random draw Monday lunchtime, we'll announce the winners right away. Good luck to you all !
English
johncool retweetledi
The second batch for @GrehackConf 2023 was launched today, and guess what: tickets sold out in minutes 🫣.
But lucky you, we had reserved 2 tickets for you! 🤩 👉 Retweet and comment by telling us what motivates you to go to the conference. Random draw Monday lunchtime, we'll announce the winners right away.
Good luck to you all !
English
@0xor0ne @Flutsunami @Synacktiv Thanks! It was one of the funkiest bug we had to exploit! … and it’s everywhere 😏.
English
johncool retweetledi
Excellent writeup on obtaining root command execution on Netatalk daemon on Western Digital MyCloudHom NAS.
credits: Etienne Helluy-Lafont and Luca Moro (@Synacktiv)
synacktiv.com/en/publication…
#cybersecurity
English
johncool retweetledi
At #Pwn2Own Toronto, @johncool__ earned $40K by exploiting the @westerndigital My Cloud Pro Series PR4100 with a classic buffer overflow. Now that it's patched (CVE-2022-29844), he provides the details of his research on our blog. Read all about it at zerodayinitiative.com/blog/2023/4/19…
English
johncool retweetledi
Ninja tricks to abuse TCP stacks and pwn NAS! Check out our #Pwn2Own Netatalk exploit by Etienne, @JohnCool__ and @OnlyTheDuck! synacktiv.com/publications/e…
English
@JohnCool__ Nice one! Looking forward to the exploit write-up.
English
Yay, the Netatalk pre-auth bug we used during #Pwn2Own Austin 2021 has been disclosed! Be ready for the upcoming exploit/write-up and its funkiest TCP shenanigans zerodayinitiative.com/advisories/ZDI…
English
johncool retweetledi
[ZDI-23-112|CVE-2022-29844] (Pwn2Own) Western Digital MyCloud PR4100 FTP Server Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: @johncool__) zerodayinitiative.com/advisories/ZDI…
English
@pwning_me At the time we did not know about the previous form of that bug, and we could not argue that it was in fact a different vulnerability. That's why it ended up being a duplicate with your team during #pwn2own
English
@pwning_me If i remember correctly, Netgear shipped a very outdated version of Netatalk that had a similar vulnerability which disappeared during a refactoring and was no longer upstream. In its new form there is indeed a special trick :) #diff-faf8666ae774f38cdf861d9aca8a35bdd3e63c4cc5222a2af8a5987e3111e7d7R26" target="_blank" rel="nofollow noopener">github.com/Netatalk/Netat…
English
i'm confusion because i used this bug to pwn in aution 2021 on netgear.
I thought this vulnerability didn't be triggerble when I looked at the latest version of netatalk.
zerodayinitiative.com/advisories/ZDI…
TheZDIBugs@TheZDIBugs
[ZDI-23-094|CVE-2022-43634] Netatalk dsi_writeinit Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 9.8; Credit: @Synacktiv) zerodayinitiative.com/advisories/ZDI…
English
johncool retweetledi
[ZDI-23-094|CVE-2022-43634] Netatalk dsi_writeinit Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 9.8; Credit: @Synacktiv) zerodayinitiative.com/advisories/ZDI…
English