Olivia
Online
Darkarnium
@Darkarnium
Mostly security and the cloudy clouds with occasional metal and beer ramblings for good measure.
United Kingdom
Joined July 2010
367 Following
2.1K Followers
1.9K Posts
Reverse engineering a Novation FLKey - Part I.
Alternatively titled: Turning a Novation FLKey into a Launchkey.
https://t.co/wMQhd9aczS
STACS 0.4.11 has been released!
This version includes support for Apple Disk Images (DMGs), and zlib compressed data.
https://t.co/1xf0wlcXah
@nastradinhoxha0 Nope :(
You'd likely need to pin it out from the circuit it's present in. Unfortunately, this one ended up in my parts drawer and I never finished pinning it out or I'd share my notes.
Okay, so now I actually have the looms, the gateway, the instrument cluster, ECU, "Vehicle Electrical System Control Module", and the correct wiring diagrams, it's time to get this party started! (1/N)
https://t.co/gA0AhM2iyX
Who to follow
Niv Levy 🇮🇱
@restr1ct3d
Penetration Testing Engineer / Bug Bounty Hunter / OSCP, OSWE, GCPN
Abhijeth D
@abhijeth
#Appsec, Mentor, Adjunct Lecturer, #Telugu, #bugbounty #TFI #puns #poly. No free bugs only free hugs. Tweets are my own and don't reflect my employer.
Nick Popovich
@pipefish
Amateur Crastinator trying to go pro.
Soli Deo gloria
Hard to believe it's been a year. Want to gamble on fat bears for charity again?
#FatBear2022 is here, fill out your brackets by the 5th, send me hashes. More details here: https://t.co/wMuW3O6y7e
@yrp604 660afb5f4d0c940b221e4652721eb54966dae5c26baaf1248a182a859a43b68e fat-bear-week-2022.png
Yet another instance of a company trying to use bug bounties to force their disclosure terms onto potential bugs.🤦♂️
We found a security issue in the latest @CrowdStrike #FalconSensor. The bug itself isn't worth a tweet as the severity is pretty low. However, we’d like to shed some light on a ridiculous vulnerability disclosure process with CrowdStrike. #CVE-2022-2841 https://t.co/HFtL0uBQ6v
The Big Four of Thrash Metal as Dragon Ball Z villains
Today marks the official public release of "unblob", a firmware extraction tool we've developed internally and used in production for a while now. Let's explore what it is in this 🧵(1/12)
Gave this album another few spins recently, and holy shit there are some brilliant tracks on it. For example, this one absolutely fucking rips.
https://t.co/m67lTY7zzu
Danzig’s first vocal take on “Mother”
@QuinnyPig Nice you meet you. I'm XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
The take away for defenders is the same as it ever was: Don't rely on just a firewall for security, and STOP TRUSTING YOUR VENDORS NETWORKS.
Given I don't do many bug bounties these days, I thought I'd share an old trick that I've used a few times to compromise externally hosted build farms:
Github Webhooks.
Using Github webhooks, you can use Github to proxy requests into target organisations via web-browser.
As a concrete example: I've used this trick to grab AWS keys from otherwise inaccessible Jenkins build farms.
Although a properly configured Jenkins instance should prevent this, the target in this case... wasn't. Using this trick I could view all jobs and their build logs.
There's no better feeling than hearing back from a vendor that an exploit chain that took months of effort to build is working in their environment.
Is it just me, or of all of the delivery companies in the UK, is @DHLParcelUK the most unreliable? Whether listing international shipments to the US as being delivered to the wrong state, or _consistently_ losing and delaying "overnight" parcels in the UK.
Holy shit.
@Ryan_Jarv That said, the big issue with this approach is you need to stuff the machine full of GPUs, and assign them to each VM.
As the GPUs required are cheap it's a viable approach today. If I need more than 4x users per hypervisor, then I'll need to look at better set of GPUs :)
Just a reminder that X11 is still cool, and works brilliantly with @vector35's BinaryNinja.
JupyterLab, BinaryNinja, X11, Terraform, Ansible and KVM results in amazing analysis environments ♥.
Keeping analysis off of your workstation, and allowing complete rebuilds in minutes.
@Ryan_Jarv That's a fair question. In this environment right now there's only one user (me). However, planed isolation is via mapping is 1:1 between user and VM.
The analysis VMs are built using Terraform and libvirt, so new VMs can be created by just incrementing a counter :)
Last Seen Users on Sotwe
my story.ll(ทวิตใหม่อันเก่าเข้าไม่ได้)
Seen from Thailand
ihanet evli bekar ve dul bayanlar herşey gizli olm
Seen from Netherlands
merriyem
Seen from Brazil
Mad max
Seen from India
Foot Fetish Universe/Ayak Fetişi Evreni
Seen from Germany
itirafet rahat et
Seen from Germany
Guggenheim Museum Union 2110
Cum lover
Seen from Japan
DevineLuna
Seen from Canada
Creadora de Contenido
Seen from Guatemala
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers