![_ceax's tweet photo. [New Post] Here is my write-up on my RCE affecting Schneider Electric ControlExpert by chaining 3 #0day: #CVE-2020-28211 CVE-2020-28212 CVE-2020-28213
Find out how to bypass project protection, hijacking UMAS session, and inject bytecode into PLC simulator
https://t.co/4gq3x7Mm3X https://t.co/Rr2K8a7rCx](https://pbs.twimg.com/media/EpMmsMgW8AA9k38.jpg)
Olivia
Online
ceax
@_ceax
embedded systems, ICS, IoT...
Joined January 2019
157 Following
313 Followers
204 Posts
Pinned Tweet
[Tool] Ghidralligator: Emulate and fuzz code running on various CPU architectures (ARM, MIPS, PPC, x86, Apple Silicon M1/M2...)
Based on #GHIDRA (libsla C++).
#AFLplusplus, snapshot fuzzing, code coverage, ASAN
https://t.co/k63EyL2fCe
https://t.co/qw5VCFCAft
@HomardBoy
Last week, we presented our research on Intel Wi-Fi chips at @sstic. Our talk and our slides are now available: https://t.co/NdZ4qGmqzb. It features a demo of a DMA attack from the Wi-Fi chip! We also published our tools to interact with some Intel chips: https://t.co/r292EKA90p
We wanted to create snapshot fuzzing demo. We also like challenges. So we chose a browser as the target :) You can find out what can go wrong from our latest blog post:
Fuzzy Snapshots of Firefox IPC -https://t.co/kybAR1px0J
Super excited to release Unicorn2 beta to public!
Important features:
- Backward compatible with Unicorn 1.0.3
- Support latest instruction set of all existing archs
- Add 2 new archs in PPC & RISCV
- More optimization
More info at https://t.co/oeiKH0HMKf
Who to follow
quarkslab
@quarkslab
Securing every bit of your data
https://t.co/hqdd8jMkYM
https://t.co/GOXPtukIXE
offensivecon 
@offensive_con
OffensiveCon Berlin is a technical international security conference focused on offensive security only. Organised by @Binary_Gecko. Stay tuned #OffensiveCon26.
Hossein Lotfi
@hosselot
Application security specialist at ZDI (views are my own). Check #hosselot_tips for vulnerability research tips.
Nicolas Delhaye @_Homeostasie_ & Flavian Dola @_ceax
"Making your own Stuxnet: Exploiting New Vulnerabilities and Voodooing PLCs"
🎞️ https://t.co/VdD8A9dfEb
📜 https://t.co/neuWpqRElq (2.6MB)
💥 demos https://t.co/w0r0ztkXBr (32.6MB)
Kudos to @_ceax & @_Homeostasie_ from @AirbusCyber for showing that #Stuxnet is still possible by "Exploiting New Vulnerabilities and Voodooing PLCs" [#RomHack2021]. You put impressive work into that. https://t.co/OBcrEj4yfC
Remote Code Execution (RCE) on the ABB #ICS system: “System 800xA SoftController” (CVE-2020-24672). This vulnerability could allow attackers to take remote control of the ABB engineering station. Details by @_ceax & @_Homeostasie_ at 3:40pm: https://t.co/4VprjIQXnl
At #RomHack2021, @_ceax & @_Homeostasie_ will demonstrate how one can gain remote control over some industrial devices exploiting several new #CVEs they discovered. They will explain how to reproduce key stages of a #Stuxnet -like attack. Live stream ➡️ https://t.co/pnTAhC9Ze8
Happy to present with my workmate @_ceax our vulnerability research around #ICS at the #RomHack2021 conference on September 25th. 🙂
"Making your own Stuxnet: Exploiting New Vulnerabilities and Voodooing PLCs"
➡️ https://t.co/JV2VQtRV62
You liked Stéphane's blog posts on QEMU? (https://t.co/TQkrGwtHP7)
Join him tomorrow for this free @hardwear_io Webinar.
@daveaitel @axcheron @kmkz_security It could be a good idea to integrate such functionality into the GUI. Maybe someday.
Currently, you have to build your own ghidra script using the lib provided, and define all the emulation parameters (registers value, pc, and memory values..). The examples can help you a lot ;-)
@guedou Hi Guillaume. No, I didn't try Ghidra libsla.a yet.
Thanks to pointing this out. It could be a way to improve performance for sure.
I will have a closer look to your work around this topic.
Did you notice performance improvement between Ghidra emulation and libsla.a emulation?
[Tool] Fuzz exotic arch with AFL using Ghidra emulator with code coverage
Ex: Fuzzing Xtensa binary code (#esp32)
Blog: https://t.co/FN6d4AZJTO
Github: https://t.co/QYr2OgTIPY
#GHIDRA #AFLplusplus
Inside SimpliSafe Alarm System https://t.co/MWLxUHV1xE
Reverse Engineering Testo Saveris2 firmware
https://t.co/y0fTpQBeY8
i tried to make a beginner-friendly post about some of the basics related to code coverage in fuzzing, just going over terminology, common strats, and some tooling. hopefully this will be useful for some! https://t.co/Tu0eZep5rC
LIVE TODAY AT 2PM CET: @_Homeostasie_ & @_ceax, #Vulnerability Researchers, will present at #GreHack20. Livestream available at https://t.co/agmPawMcgP
w/ @GrehackConf
Fixes available for my RCE on Schneider Electric EcoStruxure Control Expert
(CVE-2020-28211, CVE-2020-28212, CVE-2020-28213).
More details in my blog post will be coming soon...
https://t.co/OiVpVRuKK1
https://t.co/kgYag7Rost
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers