Olivia
Online
CJ Heres
@cj_000
@exploiteers member
United States
Joined May 2012
124 Following
615 Followers
660 Posts
Today, Google finally killed off one of our oldest rooted devices, the Chromecast. Although it wasn't the same as the gen 1, it's sad to see it go nonetheless
So long old friend...
https://t.co/QU0q4UNCDt
Read about our root method from 2013 on our blog:
https://t.co/O9K9hLlD5P
As of a little over 2 weeks ago, I've been laid off from my previous gig and am looking for new opportunities. DM me if you have a role you think I may be a good fit for. 👁️🔬🐛
@David3141593 I've had more recent success with this one. Apologies on the Amazon link. However I can confirm that the one you've identified no longer seems to work. Manhattan USB 2.0 Card Reader / Writer – https://t.co/H9TfZEtej1
Who to follow
Chris Wysopal 
@WeldPond
Hacker. Co-founder Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future
Joe Fitz
@securelyfitz
Hardware Security Trainer and Researcher
HITBSecConf
@HITBSecConf
The official Twitter stream for the HITBSecConf conference series held annually in Europe (Amsterdam), Asia (Bangkok), & The Middle East (Abu Dhabi)
.@Exploiteers handed me a bunch of the low voltage adapters. A must have for every hardware hacker. Happy to hand some out if you find me at DEF CON!
Great presentation from @LennertWo on hacking Starlink terminals with a surprise appearance of our Low Voltage Adapter!
@jbit4n6 If you are monitoring this. Can you follow back / shoot a DM? Trying to figure out how to report something... Thanks!
Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a "layer 2 scaling solution" for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty. https://t.co/J6KOlU8aSW
@Themariocrafter Unfortunately, no. Searched what I have, but it was 8 years and many hard drives ago...
Google TV v4, soon! Source from LG: http://t.co/moRs4vOSFC Linux version 3.4.5 /home/work/inho.roh/gtv_platform/v4/ #GoogleTV
@oneplus @OnePlus_Support #wtf this is the $780 bill you sent to fix a SIM issue on my $400 #oneplus 8 which is only 6mo old and otherwise working
Presenting a root #jailbreak for most Roku TVs and some Roku set top boxes:
https://t.co/ur8kdjrKuB
We've been working hard on this one, so I'm glad to finally be able to share it! A big thank you to ammar2 and popeax from the @Exploiteers Discord.
#infosec
This is amazing
@cybergibbons @joernchen Yeah had a requirement for a box to be able to take an update at any point in its life, and date of 1970 / certs rolled. They opted to keep it in the clear vs over any type of TLS due to the multitude of problems it could cause. Meanwhile they refused to encrypt anything...
@cybergibbons @joernchen Once looked at a cheap thermostat that pinned certs, and encrypted comms via a proprietary means (inside the cert pinning). For $100, they checked the boxes of almost everything you could do right, which was awesome! Except the stupid shell with root/oemname for a logon.
@cybergibbons @joernchen Actually.. I'll one-up myself. It's on their website.... https://t.co/eC0iBlwZkQ (ironically, the update file vs the full installation image, which is a zip)
@cybergibbons @joernchen Magic of course! To be honest I didn't look at the url, but intercept/dns alterations and strip/serve a bogus cert? Are they pinning certs?
@joernchen @cybergibbons That's my bet. See a .pgp in a packet sniffer. Dismiss as probably encrypted instead of digging deeper. Yet another example of security by obscurity. Not saying it's not effective at "preventing" something trivial, better than a zip, not as good as something actually encrypted.
@rmspeers @nolsen311 @mitch_berry Thanks - this isn't even the worst of the offenders (in terms of privilege), just the easiest to quickly find and hit over a network. Loads of silliness going on in here, but at least they encrypted the firmware updates...
So, turns out that Vizio exploit... plan is to release it tonight, it affects multiple models and multiple chipsets and multiple software stacks. No longer as clean as I would have liked it, but have two POC's ready to go, may need some tweaks depending on model. #exploiteers
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers