stdnoerr

I will be in Riyadh for the BlackHat MEA CTF finals. If you're there as well, ping me. I would like to chat with CTFers, or anyone interested in cybersecurity, in person. Exchanging ideas is always fun

Learning how to exploit DirtyPipe vulnerability in Linux kernel (@0xnull007 and @stdnoerr) 0xnull007.github.io/posts/dirtypip… stdnoerr.blog/blog/DirtyPipe… #infosec #Linux

@Synacktiv Neo-Stuxnet?

In our new article, Maxime Desbrus examines a technique for easily creating a Rust “Two-Face” binary for #Linux: ➡️ in most environments it runs a benign program; ➡️ but on a specific host it launches an entirely different, much more discreet payload. Read it here 🔗 synacktiv.com/en/publication…

@josef_korbel @0x_shaq Hello josef! How have you been?!!

@stdnoerr @0x_shaq well hello guys!

@0x_shaq Yeah man. You have left CTFs for a while but those were the days. Full on action. I actually liked a lot of your tweets since you OS dev brainfuck journey lol Lets catch up sometime

@stdnoerr long time no see stdnoerr :) seeing you here brings back old memories from the discord server lmao

@h0mbre_ I don't know if someone mentioned this or not but this blog by @benhawkes addresses this problem by comparing the vulnerability with other similar vulnerabilities and proving them to be members of an "equivalence" class. blog.isosceles.com/exploit-equiva…

what is the standard for calling a bug 0click-RCE when it's something you don't have a PoC for and don't even know if it requires more bugs? you can just say it's RCE bc it does memory corruption?

played BlackHat 2024 Qualifiers with AirOverflow. Didn't get much time but managed to solve one challenge. Here's the writeup for the one I solved. P.S. I'm in Riyadh for the Finals. If you're there as well, feel free to hit me up stdnoerr.github.io/writeup/2023/1… #BHMEA24

Finally figured out my approach and I'm already thinking of a new, hopefully better, one.

Today I opened the poc I was trying to write and I couldn't understand what I was trying to attempt🫠, got rusty on Netfilter internals and never documented the manual steps of debugging (was using ftrace to tame race condition). Lesson learnt: ALWAYS document and take notes 2/2

I was trying to write an exploit for CVE-2023-32233 last summer. It was my first exposure to the netfilter subsystem and race conditions. Had to give up when university started. I thought I would continue to try in my free time. Never did. 1/2

@_h0p5 That's so cool!!! Well deserved

Managed third place :) Two months of hard work any many fun challenges !

Checkout my teammate's writeup. These were some really good challenges.

corCTF 2023 has ended🥳- thanks to all the players and our wonderful sponsors! We hope everyone had a great time! Congrats to the top 5 teams: 1. @Water_Paddler 2. @CyberTeamItaly 3. cat🇰🇷 4. @0rganizers 5. @r3kapig See you all next year!

@PhysInHistory @SaveToNotion #thread

Richard Feynman was a brilliant physicist best known for his exceptional contributions to quantum mechanics and his captivating teaching style, among others. Here are all of Feynman's Freely available Lectures at one place. A Thread 🧵

@tourpran @theXSSrat @justk1R4 I am delighted ❤️

@theXSSrat @stdnoerr @justk1R4

Who is your favourite hacker?

@ustayready @SaveToNotion #tweet #edr

A quick method to bypass an EDR. Even aggressive EDR's can be bypassed. Allocate your shellcode, overwrite a WNF subscription callback in a userland process, and trigger the WNF state change.. Old but relevant example github.com/ustayready/wnf… follow for more fun soon to come!

@LivePhilosophyy @SaveToNotion #Thread

CVE-2022-22629: From WebKit Patch Diffing to PoC github.com/parsdefense/CV…

@mistymntncop I need to read it again ig. Sorry if It turns out to be nothing

@stdnoerr Thanks! I had a skim. I feel like those DOM UAF still need JS though ?

Wonder if there's ever been a browser exploit that doesn't involve javascript? That'd be a scary thing...

@mistymntncop I found the document. It is about JSC and I may or may not remember the exact contents I mentioned above since I read this document some time ago (~8-9 months). But the gist is same. And yeah it is utterly fascinating iokit.racing/jsctales.pdf

@stdnoerr Wow! Hope you can find a link. That sounds fascinating.