Marcin Noga

187 posts

Marcin Noga

@_Icewall

Security Researcher / Pentester / Malware hunter

Polska شامل ہوئے Ağustos 2013

1.1K فالونگ1.8K فالوورز

Marcin Noga@_Icewall·17 Eki

@yo_yo_yo_jbo @SEKTOR7net @yo_yo_yo_jbo That was my first idea. But unfortunately AsusCertService.exe contains UAC manifest requiring this exe to be run with admin privilege's. So, trying to spawn this exec as a suspended process and then inject arb code won't work.

English

Marcin Noga@_Icewall·17 Eki

@yo_yo_yo_jbo @SEKTOR7net @SEKTOR7net thank you for mentioning this research!

English

Marcin Noga ری ٹویٹ کیا

SEKTOR7 Institute@SEKTOR7net·9 Eki

Exploiting Asus driver to escalate privileges. With few clever tactics Marcin Noga managed to bypass several constraints implemented by the driver devs. With hardlinks and ObfDereferenceObject() one can decrement PreviousMode of a process to enter god mode (this was patched in 24H2). Nicely done, @_Icewall! Post: blog.talosintelligence.com/decrement-by-o… #redteam #maldev #malwredevelopment

English

170

11.6K

Marcin Noga@_Icewall·24 Tem

Thanks, @GamersNexus, for presenting the bugs I found in ASUS Armoury Crate to a wider audience in such an accessible way! youtube.com/watch?v=Vy_KWP…

YouTube

English

703

Marcin Noga@_Icewall·28 Haz

@Void_Sec I guess so, that's why I mentioned the timeline in the blog post . On pasted screenshots I only mention about mem leak primitive, but in general I wanted to signal that after 24H2 the exploit won't work.

English

250

Paolo Stagno (VoidSec)@Void_Sec·28 Haz

@_Icewall Question, isn't the PreviousMode primitive unusable on latest 24H2 where VBS/HVCI are in use?

English

286

Marcin Noga@_Icewall·26 Haz

Exploitation of Asus Armory Crate AsIO3.sys driver | authorization bypass + ObfDereferenceObject primitive to LPE - blog.talosintelligence.com/decrement-by-o…

English

7.8K

Marcin Noga@_Icewall·26 Haz

CVE-2025-1533 - Asus Armoury Crate AsIO3.sys stack-based buffer overflow vulnerability talosintelligence.com/vulnerability_… Remember that Windows paths can be longer than MAX_PATH(260)!!! I wrote a few words about this 15 years (sick!) ago : github.com/icewall/Public…

English

3.6K

Marcin Noga ری ٹویٹ کیا

Aleks@FuzzyAleks·7 Ara

The biggest takeaway from this talk is that macOS font renderer ALMOST never invokes the interpreter. If you were fuzzing TTF bytecode without paying attention, it was probably not hitting the interpreter at all. I'll post slides shortly with other interesting details. #OBTS

Mussy@Mu55sy

📜 Starting Day 2 Talks of #OBTS with a dive into the unexpected: “Triangulating TrueType Fonts On macOS: Reconstructing CVE-2023-41990” by Aleksandar Nikolic (@FuzzyAleks). Who knew a simple PDF and the Fonts could be transformed into a digital weapon? In this talk, Aleksandar unravels the mystery behind a hidden vulnerability in Apple’s font rendering code, originally linked to Operation Triangulation. Like navigating ancient paths of Kinihapai, we’ll explore some of the oldest code running on the latest macOS and iOS, uncovering insights that could reshape how we detect and defend against such exploits. OBTS kicks off strong—ready to see how deep this rabbit hole goes? 🌊📄 #AppleSecurity #macOS #ReverseEngineering

English

8.5K

Marcin Noga@_Icewall·27 Mar

@carste1n I have recently "built" for myself that thing : GMK87 + Brown Gaterons 3 Pro + Cherry profile PBT Dragon Ball keycaps

English

188

Michal Melewski@carste1n·27 Mar

Finishing another project

English

1.1K

Marcin Noga@_Icewall·11 Eki

CVE-2023-39928 - Webkit MediaRecorder API stopRecording use-after-free vulnerability more info : talosintelligence.com/vulnerability_…

English

6.5K

Marcin Noga@_Icewall·4 Eki

@oshogbovx Radio Naukowe - spotify.link/7wkNg88GCDb

Polski

173

Mariusz Zaborski@oshogbovx·4 Eki

Hey folks, what is your favorite podcast? One of my fav is: Philosophize this (open.spotify.com/show/2Shpxw7dP…) #PodcastRecommendations #FavoritePodcast #AudioLovers #PodcastJunkie #ListenUp #WhatsInYourEars

English

242

Marcin Noga ری ٹویٹ کیا

Aleks@FuzzyAleks·2 Ağu

Teammates have published an overview of five years worth of router security research which has resulted in hundreds of vulnerabilities discovered in routers from more than a dozen different companies.

Cisco Talos Intelligence Group@TalosSecurity

Since the #VPNFilter malware several years ago, our vulnerability research team has looked into several popular wireless routers used in homes and small businesses. Now, we have a rundown of all the vulnerabilities we discovered as part of this research cs.co/6018PwImO

English

8.3K

Marcin Noga ری ٹویٹ کیا

Gynvael Coldwind@gynvael·26 Tem

On Friday I'll be doing my "PCI Express To Hell" talk: youtube.com/watch?v=fE0fnG… If you're building your own PCs you should check it out! Last year I reworked my whole computer setup and learned a lot about PCIE. Don't make the same mistakes I did ;) Plz RT for range :)

YouTube

English

101

33.8K

Marcin Noga@_Icewall·26 Tem

@pedrib1337 hex-rays.com/blog/introduci…

QME

180

Pedro Ribeiro@pedrib1337·25 Tem

What do you use to patch instructions in a binary? Both IDA and Ghidra work, but are very clunky

English

17.9K

Marcin Noga ری ٹویٹ کیا

Cisco Talos Intelligence Group@TalosSecurity·13 Tem

Our vulnerability research team discovered 12 memory corruption vulnerabilities in MSRPC on #Apple macOS and #VMWare vCenter. We have a deep dive into how an attacker could exploit these vulnerabilities and what it says about the use of forked codebases cs.co/6012P3wLq

Cisco Talos Intelligence Group tweet media

English

7.9K

Marcin Noga@_Icewall·14 Haz

2 more to the collection : CVE-2023-33133 - Microsoft Office Excel WebCharts out-of-bounds write vulnerability : talosintelligence.com/vulnerability_… CVE-2023-32029 - Microsoft Office Excel FreePhisxdb arbitrary free vulnerability : talosintelligence.com/vulnerability_…

English

9.1K

Marcin Noga@_Icewall·15 Mar

@maciej_je Gourdough's Big. Fat. Donuts. +1 512-912-9070 maps.app.goo.gl/LapXsrZZbUbv85…

English

384

Maciej Blatkiewicz@maciej_je·15 Mar

Gdzie warto zjeść w Austin w Teksasie? 🇺🇸

Polski

9.1K

Marcin Noga ری ٹویٹ کیا

Hardik Shah@hardik05·11 Şub

Ok, I am looking out for security researcher role. If you can help, please DM. RT, like and recommendations are much appreciated. Here is My Linkedin profile, which will give you more details: linkedin.com/in/hardik05/

English

21.1K

Marcin Noga ری ٹویٹ کیا

Aleks@FuzzyAleks·24 Oca

Remember these? Original Lytro! Lightfield cameras of the future! I grabbed a few off eBay some time ago and took a peek at the firmware. Found secret unlock that enables full remote control of all camera features. Full writeup here: github.com/ea/lytro_unlock

English

372

37.7K

Marcin Noga@_Icewall·13 Ara

CVE-2022-31698 Pre-auth VMware vCenter Server Content Library denial of service vulnerability : talosintelligence.com/vulnerability_…

Română

دریافت کریں

@yo_yo_yo_jbo @SEKTOR7net @GamersNexus @Void_Sec @carste1n @oshogbovx @pedrib1337 @elonmusk