Olivia
Online
Gabor Seljan
@GaborSeljan
You can’t stop the signal.
Europe (EU)
Joined December 2012
99 Following
259 Followers
1.1K Posts
Pinned Tweet
#CVE-2022-38006 is a heap-based buffer overflow in the MfEnumState::OutputDIB() function that allows disclosure of (un)initialized heap memory due to improper bitmap compression handling when processing an EMF metafile with an EMR_STRETCHDIBITS record. https://t.co/2ASl0Tdiqs
We suggest assigning such vulnerable templates the new ESC number 17 (ESC17) to help identify and mitigate these risks.
You can read our blog post here: https://t.co/oOylKB6Rac
2/2🧵
A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices https://t.co/S3XomYalt8
Who to follow
Mmm
@hackyzh
Chrome GPU sandbox escape and Anroid Kernel Stuff.
starlabs
@starlabs_sg
A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
KevinLu
@K3vinLuSec
Bluehat Speaker, Vulnerability Research, Malware Analysis, Reverse Engineering on macOS, Android, Windows, IoT(Views represented are solely my own)
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus. More technical details here: https://t.co/AzK6USwACO
I’m super excited about this blogpost. The approach is so counterintuitive, and yet the results are so much better than anything else that we’ve tried for memory safety. We finally understand why.
https://t.co/cBc3gMLzO6
Wondering how difficult will it be to surpass the 2024 Pwnie for Epic Fail for #CRWD2K in the coming decades? Sure there are many promising candidates for the challenge.
Some of you may already be aware but due to extenuating circumstances we've made an early award!
The 2024 Pwnie for Epic Fail goes to @CrowdStrike for the CRWD2K bug! 🦃
In this blog we introduce Thread-Name Calling - A new process injection technique using Thread Name. We also discuss various scenarios in which this not widely-known API can be used for offense.
https://t.co/kX2la3xSEe
Introducing a new Windows vulnerability class: False File Immutability.
👉 Bonus: a kernel exploit to load unsigned drivers.
https://t.co/rckAZVs5Lf
Here's my blog post about CVE-2024-26230. I aim not only to introduce the exploit stage but also hope to share my thoughts on how I completed the exploitation step-by-step in all my posts from now on.
https://t.co/Cqxl4NK5IM
Generative AI tools are as vulnerable to exploits as any other technology. CVE-2023-46229 and CVE-2023-44467 affect open-source library LangChain, a framework to build LLMs. This article discusses these vulns in depth. https://t.co/OoGloI2kUQ
Uncoordinated Vulnerability Disclosure: After more than a decade of CVD, has it benefited vendors or researchers more? Have the number of bugs increased to where vendors simply cannot cope with CVD? @dustin_childs has some thoughts - & lots of questions. https://t.co/ZHx3oF7E5O
CrowdStrike’s preliminary Post Incident Review concluded that Rapid Response Content configuration updates - a key selling point of the product - should be Semi-Rapid. https://t.co/fNFRpHXyY1
Exclusive: Meta just released Llama 3.1 405B — the first-ever open-sourced frontier AI model, beating top closed models like GPT-4o across several benchmarks.
I sat down with Mark Zuckerberg, diving into why this marks a major moment in AI history.
Timestamps:
00:00 Intro
00:38 Meta’s Llama 3.1 rundown
03:44 Real-world use cases for Llama 3.1
06:15 Educating developers on open-source AI tools
09:43 Societal implications of open-source AI
13:00 Balancing power and managing bad actors
14:40 Open source and global competition
16:59 Accelerating innovation and economic growth
20:04 Zuck on Apple and lessons from the past
24:22 Future of AI: Llama 3 and beyond
26:43 Prediction: Billions of personalized AI agents
31:32 Factors to changing anti-AI sentiment
Interested in messaging app research on iOS? Follow along with @__comedian in our blog series "You Can't Spell WebRTC without RCE!" Part 1 dives into Signal’s WebRTC calling library and injects bugs to facilitate deeper research: https://t.co/Z239n7HjGu
Do you know what all lawyers are doing right now? Reading #CrowdStrike EULAs.
Let's have a look, shall we? Such documents are super easy to find online, I put one there for reference: https://t.co/K2L6Mdq4Yi
Let's see what happens when something hits the fan. (It's good.) 🧵
🚫 DOM XSS, begone! 👋 Discover how we used Trusted Types to protect AppSheet, and how that can inform your own web application's journey to a safer security posture where DOM XSS vulnerabilities are a thing of the past.
https://t.co/JPnfTO0pK3
The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. https://t.co/uDHHSuzd5f
Here is our slides for Zer0con 2024, Escaping the Sandbox (Chrome and Adobe Pdf Reader) on Windows https://t.co/He6mNe9WTu
Step into the right direction. However, CVEs without reliable technical details are pretty much useless. The underestimated value of CVEs is that we could all learn from them. Other researchers cannot really debunk false information regarding such CVEs. Code cannot lie.
In our ongoing commitment to transparency, we will now issue CVEs for critical cloud service vulnerabilities, regardless of whether customers need to install a patch or take other actions to protect themselves. Learn more in our blog post: https://t.co/9d1KQNJwRW
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
61.9M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers