Olivia
Online
Alyosha Sintsov
@asintsov
was born in '85, still alive...
Joined February 2010
532 Following
3K Followers
4.3K Posts
"we would look at xrefs to strcpy() and write a highly reliable exploit by the end of the day"
How can we measure the Return on Security Investment (RoSI) of Bug Bounty programs? @ygoltsev and I have explored various numbers to find answers, and we'd like to share our ideas with you - https://t.co/Qxy4YKPiit! #ROI #bugbounty #metrics #okr
Yes, I was right - https://t.co/6Q84zVil8K
Is Ivanti 0days based on path traversal + command injection in backup endpoint?
Let me say that again...
You store pointers at the _destination_ address of a memcpy.
You glitch during memcpy ().
You get that pointer into PC.
No, it's not sci-fi. It's the "instruction corruption" fault model. And we pioneered that.
See thread below 1/N.
Application Security and Vulnerability Assessment getting a significant advantage from GenAI (context-driven knowledgebase). That helps security teams understand the root cause of the problem faster and significantly reduces the latency in producing security fixes at scale.
"... detected several remotely exploitable bugs in AMI MegaRAC BMC"
"... whole attack sequence: from having zero knowledge about a remote AMI BMC with enabled IPMI (yeah, right) to flashing a persistent firmware implant to the server SPI flash"
Looking forward to this talk!
@joernchen I call it D&D already. I also think we should have network map and mini-figures!
Also found interesting, that ChatGPT works much better if you ask to use LangSec approach: translate logic into grammar, and input as a language and try to find a Weird Machine, works more efficient at my example than just "check the pseudocode/logic for security issues"
And on other side: "fraud/propaganda" is also a language for creating "weird machines"...
Think lately about weird machines, and found myself that jokes and humor is an example of such for human beings.
@virustotal @bquintero Can anyone please run Code Insight against that file: https://t.co/cBasZxjqIF
My dear humans and non-humans, I present to you the speakers for #OffensiveCon23
https://t.co/3OTgbcmlvV
📝New research by @lmpact_l: "Fork Bomb for Flutter"
There are more and more Flutter applications, and security analysis of these apps is in high demand. Our member Phil shares his knowledge and presents his reFlutter tool.
Read the article: https://t.co/8sLDdgB8Ul
@xplus_cat Or you can use other tricks of Social Engineering
Future of hacking... ha ha, It is really fun, thx!
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers