Ryan Hanson

My Office RCE, CVE-2017-0199, won the Pwnie Award for Best Client-Side Bug! I'm speechless, thank you @PwnieAwards! Photo Credit: @dalmoz_

We decided to revisit an old research problem with some new LLM powered tooling. Check out our latest blog post to see how we approached this research, and the new Java deserialization gadget chains it discovered in just two days! buff.ly/CeAQZ2B

Let's Hack Something Cute! A Reverse Engineering Journey into the Drawbot with Jessie buff.ly/yEWSICJ

Check out our latest blog from Matt Burch (@emptynebuli) detailing new supplemental findings from his DefCon32 talk Where's the Money: Defeating ATM Disk Encryption: buff.ly/lBtjQe7

We recently identified a number of privilege escalation vulnerabilities in Lenovo Vantage on Windows; check out our latest blog for a technical deep dive buff.ly/eKMcZLg

We're excited to announce that Atredis is 100% employee owned and operated. Here's Shawn with a post about how we got there. bit.ly/4d85Icq

Here's Chris' slides from his REcon talk on the DA1469x BootROM! bit.ly/3ztw8qe

Hey, for anyone who wanted to see this slide deck, it was a keynote about the 0day market, but it commented on public research vs saleable products. I have put it here: github.com/mdowd79/presen… // cc @chompie1337 @bsdaemon

Well, here's a goofy reverse engineering challenge I started a year or two ago and "polished" up last night (I'm sorry it's JavaScript but that's part of the point): gist.githubusercontent.com/justdionysus/d… Please solve it and let me know if it's dumb or boring.

@MarcOverIP @HackingLZ Damn I had no idea, that’s crazy. Car values have been all over the place the past few years

@ryHanson @HackingLZ Im not sure you are aware how expensive cars are here in The Netherlands 😂 New TTS with basic options: $400k. Cheapest 991TTS I can find costs $130k is 10+ yrs old and has done more than 100k KM.

Inching closer to race season and I’m still way behind

@MarcOverIP @HackingLZ Driving a fast car slow can still be fun, but I totally get what you mean. Mountain drives are amazing, even if you don’t go more than 5-10mph over the limit. 992TTS is too much for sure, but $120-150k for used 991TTS isn’t too bad

@ryHanson @HackingLZ I dont know. For a daily its just too much I would say. That chassis and engine is so good you cant really have fun without reaching extremely illegal speeds. Now for a track thats different, but with still costing €250k at least, its too expensive as track car.

@HackingLZ @MarcOverIP 991TTS, perfect daily super car, easy low 10s at elevation on 91oct

@MarcOverIP 911 is on my bucket list. I’m on a similar two year plan of getting something interesting GTR is up there as well.

So, if your debugger crashed in the API “task_set_exception_ports” or “thread_set_state”, try to use the boot args: sudo nvram boot-args="thid_should_crash=0 tss_should_crash=0"

We're excited to see our ChromeOS paper go public! 🎉🥳 We did a deep comparative analysis of ChromeOS' security posture vs MacOS and Windows, with full autonomy to make our own independent conclusions. Paper: bit.ly/43rVzDz ChromeOS blog: bit.ly/3INZ1i7

Of course @elonmusk shut off access to superior 3rd party Twitter clients like @tweetbot… How else was he going to force us to read his shitposts? (Yes, I know, Twitter was likely losing money from the ad-free experience offered by 3rd party clients)

🤿 Dive into #symbolic #execution and learn how to create custom analysis tooling, with Jordan Whitehead’s (@jordan9001) “Practical Symbolic Execution for VR and RE”! 🎟️ ringzer0.training/trainings/prac…

I have a feeling the “Disgruntled (Ex-)Employees” security threat is about to become very real for Twitter

Ever have too many bugs? Me neither, but Jordan does. It happens so often he developed a bunch of tools to triage and analyze his pile of crashes using symbolic execution. Also, he’s got a training so you can too — check it out.

For those of you that include source code in your reports written in Word, what are you tricks for getting the code blocks to look good and retain proper syntax highlighting? Can you share screenshots of what you consider "looks good" if you respond?

OH

Hey so my friend @kclawder works with @UnhousedSTL amd they do a lot of great stuff for our city, and it's getting cold early this year, folks. I'm donation matching up to $1500 for them this week. Just DM or @ me a screenshot of your donation! unhousedstl.org/paypal