kost

11.9K posts

kost

@k0st

Security/Hack. FLOSS security software contributor.

Katılım Mayıs 2008

3.1K Takip Edilen1.7K Takipçiler

kost retweetledi

OtterSec@osec_io·5 Mar

We recently achieved guest-to-host escape by exploiting a QEMU 0day. We’ll share details on a new technique leveraging the latest glibc allocator behavior and what we believe is a novel QEMU-specific heap spray/RIP-control primitive. Writeup coming next week.

English

189

1.5K

71.2K

kost retweetledi

Milan Gabor@MilanGabor·6 Mar

@k0st kicking of @BSidesZagreb! Pssst… It’s always DNS! #bsidesZagreb

English

175

kost@k0st·27 Kas

@antoniozekic zvuci kao da si iskopao neki gadni 0 day :-p

kost@k0st·4 Eyl

See you at @BalCC0n !

BalCCon@BalCC0n

#BalCCon2k25-Against the current is just around the corner on 19| 20| 21 September 2025!You don’t want to miss: @travisgoodspeed @MalwareUtkonos @gannimo @herrmann1001 @joegrand @GMahovlic @Th3PeKo @micko_mame @k0st …Secure your spot now at : 2k25.balccon.org/tickets/ #BalCCon

English

616

kost retweetledi

Clandestine@akaclandestine·10 Kas

GitHub - cisagov/decider: A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. github.com/cisagov/decider

English

283

14.4K

kost retweetledi

Dino A. Dai Zovi@dinodaizovi·12 Kas

The entire 3rd-edition of @rossjanderson's "Security Engineering" is available free as PDFs now! cl.cam.ac.uk/archive/rja14/…

English

122

244

32.1K

kost@k0st·9 Eyl

See you in Zadar this week!

BSides Zadar@BSidesZadar

[SPEAKER ANNOUNCEMENT] BSides Zadar welcomes @k0st! Vlatko will uncover unique strategies in his talk: "Secrets of Password Cracking - Croatian Edition" 🗓️ Sept 13 | 📍 Hotel Kolovare, Zadar #BSidesZadar #CyberSecurity #BSides

English

399

kost retweetledi

Craig Rowland - Agentless Linux Security@CraigHRowland·9 Tem

A great write-up on Linux process name stomping techniques from @haxrob h/t @thoughtb0x doubleagent.net/process-name-s…

English

244

20.6K

kost@k0st·25 Haz

Recommended Hacker wellness!

BalCCon@BalCC0n

@travisgoodspeed @ghidraninja @vanjasvajcer @k0st @vyrus001 @FuzzyAleks @ktemkin @obiwan666 @doctorow @elkentaro @carfucar @WillCaruana @maltman23 @ComplexEvo @gannimo @kurmus @UnaPibaGeek @sergeybratus @bojanz @JulienValiente

English

687

kost retweetledi

JS0N Haddix@Jhaddix·18 Nis

A 13 year old coded a botnet control framework that utilizes pastebin and github for control of hosts in red teaming… This makes the hacker in me so hopeful. Check out pastebomb when it’s dropped!

English

239

2.5K

223.4K

kost retweetledi

Binni Shah@binitamshah·17 Nis

PoC Exploit Released for 0-day Windows Kernel of Privilege Vulnerability (CVE-2024-21338) : github.com/Nero22k/Exploi… github.com/hakaioffsec/CV… Details : hakaisecurity.io/cve-2024-21338…

English

201

595

45.1K

kost@k0st·30 Mar

@vladimircicovic @GMahovlic @ivanmarkovicsec Pogledaj Davida / h1kari, on je radio čuda, a lokalno ti je @KatjaPericin imala projekt jako davno oko fpga i kriptoanalize (za jtr mislim). gpu je nekako u zadnje vrijeme uzeo primat za tu namjenu...

kost retweetledi

Flipper Devices@flipper_net·20 Mar

Btw, you don't need a Flipper Zero to "hack" dumb radio protocols. The piece of wire is enough. Check out how to receive and decode 433MHz radio signal just with a PC sound card.

English

922

4.2K

441.3K

kost@k0st·8 Mar

@retBandit @IBM Good luck and hope both IBM and you will grow!

English

123

Chris Thompson@retBandit·8 Mar

I’m happy to share that I’m starting a new position as Global Head of X-Force Red @IBM! I'm excited to lead X-Force Red onto the next phase of our journey, incorporating tradecraft from and lessons learned building one of the world's top red teams; X-Force Adversary Services. Thank you to @angus_tx for getting us to where we are today and best of luck on your next adventures!

English

248

31.6K

kost retweetledi

Help Net Security@helpnetsecurity·4 Mar

Photos: @BSidesZagreb 2024 - helpnetsecurity.com/2024/03/04/bsi… - @bojanz @infigois @advocatemack @GitGuardian @solardiz @k0st @Divertosecurity @mdecrevoisier @cocomelonckz @SrceHr #BSides #BSidesZagreb #cybersecurity #conferences #EU

Português

4.9K

kost retweetledi

Binni Shah@binitamshah·3 Mar

Bluetooth vulnerabilities in Android, Linux, macOS, iOS and Windows can be exploited to pair an emulated bluetooth keyboard and inject keystrokes without user confirmation : github.com/skysafe/reblog… credits @marcnewlin Slides : github.com/marcnewlin/hi_… CVE's : CVE-2024-0230 CVE-2023-45866 CVE-2024-21306

English

147

457

42.3K

kost retweetledi

Willem Melching@PD0WM·2 Mar

New blog post is out! Extracting the SecOC keys used for securing the CAN Bus on the 2021+ RAV4 Prime. icanhack.nl/blog/secoc-key… Research started all the way in 2022, but took many evenings of reverse engineering to get code execution. PoC: github.com/I-CAN-hack/sec…

English

317

39.1K

kost retweetledi

Binni Shah@binitamshah·2 Mar

Researchers create AI worms that can spread from one system to another : github.com/StavC/ComPromp… ComPromptMized : Unleashing Zero-click Worms that Target GenAI-Powered Applications : github.com/StavC/ComPromp… Paper : drive.google.com/file/d/1pYUm6X… credits @ben_nassi

English

183

17.4K

kost@k0st·3 Mar

@jduck Covered all in presentation, but in short: CPU with Intel CET/AMD Shadow stack support, Linux kernel 6.6+, glibc 2.39+, ELF binary compiled with x86 feature: SHSTK (all 64 bit!). Yep, it needs recompilation, but some distros (like Ubuntu) already correctly compiled some binaries.

English

147