Nicky Bloor

@Random_Robbie @LargeCardinal All good here bud. Was hoping to cross paths at SteelCon but it clashed with Oasis. No idea what happened with BSides Liverpool either. You good bud?

@LargeCardinal @nickstadb You two safe and well not hear or seen you lot in a while?

Deserialization, reflection, and memory-resident shellcode execution come to mind with PrecodeFixupThunk being the first step of the JIT mechanism (hat-tip to @_xpn_ for weird ways to run unmanaged code in .NET!). Anyone observed this, or have any more specific suggestions?

Are there any funky .NET exploitation techniques that might lead to a crash in clr!PrecodeFixupThunk?

@Steel_Con @NEXUS2345 🤣

@nickstadb @NEXUS2345 We can certify, he is just about legit

Hi everyone, I'm interested in a @Steel_Con ticket if anyone has one available. Please send me a DM or reply. Will pay face value. Thanks!

@Random_Robbie @LargeCardinal Yeah deffo let me know if you're heading to any other cons bud, be good to catch up.

@nickstadb @LargeCardinal Boooooooooooooooooooo your like a staple friend there normally! We will have to meet up at some point at another con!

@LargeCardinal @nickstadb lads am i seeing you on saturday?

@vysecurity If it ain't snake oil on LinkedIn, it's some bullshit CVE with a 10.0 CVSS score that can only be exploited once you've already significantly compromised the target 🤔

Is it just me or there’s just more and more bullshit joining the cyber community in general? Every other LinkedIn post these days is just a sales guy with misunderstanding of topics and spreading bullshit?

@ethicalhack3r Cheers Ryan! It's tough for sure. Definitely need to get the training miles in - and hopefully not injure yourself or be floored by flu 😅 Half marathon is a nice distance IMO but if you push yourself there you're definitely in danger of being tempted to do a full marathon.

@nickstadb Congratulations! Farthest I’ve run is 16k, couldn’t imagine how hard a marathon is!

That's another one ticked! Did not go as well as I'd have liked but it was a brutal one today. The heat took a lot of people out. Hope everyone's ok and congrats to the 92k or so marathoners today whether at London or Manchester! #ManchesterMarathon

In other news - my @Steel_Con talk has been accepted! Looking forward to it. Catch you there if you're going!

@WisecWisec @irsdl I may have had something to do with this😉

@irsdl ... So it seems someone listened to the community, had an actual look at the cvss score and pushed to change it to a more solid 2.1/Low 😁 nvd.nist.gov/vuln/detail/CV…

I had to make sure it hasn't been reported on 1st of April but it wasn't. Who rated it? 🤣🤣

Apache security team have reviewed and revised this one! CVE-2025-24859 in Apache Roller has been downgraded to CVSS 2.1, panic over ;)

Intercepting HTTPS Communication in Flutter : Going Full Hardcore Mode with Frida : sensepost.com/blog/2025/inte…

@MarkD755 @UK_Daniel_Card There definitely seems to have been a rise in "critical" CVEs with insane preconditions in recent years.

@UK_Daniel_Card @nickstadb I like the few where you need to be admin first.

CVE database is becoming a joke TBH, when things like CVE-2025-24859 are published with a CVSS score of 10.0 - To exploit this vulnerability you first need to obtain a valid session token, then you only maintain access to the corresponding user account... cve.org/CVERecord?id=C…

@TheHackersNews I make that a 2.3 under CVSSv4.0, maybe even 2.1 - an attacker first needs to compromise an account, then they only maintain access to the account they already compromised. Who's reviewing/approving this stuff?! #CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" target="_blank" rel="nofollow noopener">first.org/cvss/calculato… 🤔

🚨 Apache Roller Hit by 10.0 CVSS Flaw! Old sessions stay active even after a password change (CVE-2025-24859). Hackers can keep access silently. All versions ≤6.1.4 affected. 👉 Full details: thehackernews.com/2025/04/critic… 🔒 Fixed in v6.1.5. Patch now.

Excellent day catching up with folk over at @BSidesLanc !

@Random_Robbie @fullspectrumdev @njcve_ @zseano @LargeCardinal Hahaha I'm game man!

It's time! Picked this one up about 9 years ago, not long after I had my first Smog Rocket @BeavertownBeer !