Roberto Paleari

Before some new war starts, lucky us, i'am publishing my new (incomplete) tool based on GDB python API. The tool in particular injects assembly into the process to hook GOT entries. We can inject whatever we want as gcc is used as compiler. Cool for IoT devices with old kernel.

Huawei just announced private Mobile Bugbounty for Europe. It was amazing to see all the security researchers in one room. Great venue and organization. Now, time to hack!

2007: The UCSB International Capture The Flag competition was held. 35 teams from 9 countries participated. The winner was a team from Milan, Italy called the Chocolate Makers.

FAQ: How to find vulnerabilities? gynvael.coldwind.pl/?lang=en&id=659

@xoreaxeaxeax Thanks!! And kudos again for your research! ..enjoy BH now ;-)

@xoreaxeaxeax congrats for the cool x86 paper! we used a similar approach some years ago: roberto.greyhats.it/pubs/issta10-n…

Working exploit for Win7 IE11 <= 11.0.37 (CVE-2017-0037 and CVE-2017-0059): redr2e.com/cve-to-exploit…

@evilsocket Years ago (italian) bundled apps were used to self-update via plain HTTP ;-) twitter.com/rpaleari/statu…

So you want to work in security, but are too lazy to read @laparisa's excellent essay: lcamtuf.blogspot.com/2016/08/so-you…

@ilmila grazie Enrico! :-)

@jduck @CCrowMontance @cheru2 @jcase thanks! :-)

Interacting with Samsung radio layer from unprivileged applications roberto.greyhats.it/2016/05/samsun… (“stealth call” video: twitter.com/rpaleari/statu…)

@jduck @jcase @cheru2 I agree.But several AT cmds are emulated by Apps,I won't be surprised some can be exploited to do something nasty

@jcase @jduck @cheru2 yep, you just have to switch USB configuration before Details are here github.com/ud2/advisories…

@ObregonJose1 @joystick we don't have an S5 device, but it should work. You can test it using the PoC at github.com/ud2/advisories…

@matalaz @joystick nope, USB debugging is not needed :-)

@rhcp011235 @joystick never tried on a S7 (still too expensive for us :-)). btw we notified samsung on 12/2015, so maybe they fixed it..

We just posted the details of the Samsung "lock bypass" video we tweeted some months ago (with @joystick): github.com/ud2/advisories…

Find this 2016's #EasterEggs using #BinDiff. Now available for free: security.googleblog.com/2016/03/bindif… zynamics.com/software.html

Remember when we mentioned a Samsung's secfilter bypass? Here it is: github.com/ud2/advisories… cc: @rpaleari