Olivia
Online
Sunjoo Park
@grigoritchy
@pksecurity_io
Joined May 2017
89 Following
857 Followers
27 Posts
Getting root of Huawei p60 pro(103.1.0.132) with 1-day kernel vulnerability. Completely locked down, an unavailable of panic logs and can't find the firmware image matching to my device were really tricky managing to.
@bbbig12 멋지다!!!
@p1k4l4 CONFIG_XEN_PV is enabled on ubuntu so kernel addresses noted with ELFNOTE macro is in the between __start_notes and __stop_notes section. This section can read through "/sys/kernel/notes" via any user since this sysfs file mode is registered with S_IRUGO(read all permission)
It is interesting to see similar shift/unshift race condition issues that i found and exploited webkit in 2018 (https://t.co/K4HPKoaDXv) are exploited on safari, chrome these days as an in the wild bug
Apple Safari In-The-Wild memory corruption vulnerability (CVE-2023-42917 [265067]) happens because flattenDictionaryStructure can shrink butterfly for named properties (like Array shift/unshift) and got exploited by triggering a race condition:
https://t.co/LJyHF4QQSr
@zeroclicker I can only say @cwresearchlab is an offensive security company in the south korea and we have met IRL before.
My linux kernel netfilter OOB read bug CVE-2023-39192 is finally patched. https://t.co/NStj7ODsaS
I've had experience on blockchain 1 years ago, which was new area for me, did bounty on @immunefi and rewarded. Was good experience for learning new thing :) I've set my wallet address to FTX for reward and remained it, but FTX is now.. anyway writeup is: https://t.co/Gpogax7jyk
Found two Samsung exynos kernel bug a month ago. Samsung seems using minor security update website for the exynos device since this year. https://t.co/OSBKTPeYGx
First time in Spain. Realized that they use vim for cleaning something. It’s true for me, i use vim too for cleaning my spaghetti code ;)
PKSecurity 에서 같이 일하실 분을 모집합니다!
하시게 될일은 아래중 하나 입니다.
웹해킹
안드로이드 해킹
윈도우 해킹
지원방법: [email protected] 메일로 자유형식 이력서 보내주세요
Hello, Android!
Root Cause Analysis - CVE-2023-32439 Webkit in the wild bug
https://t.co/aA2twkGaFF
@dmxcsnsbh GetByVal opcode hadn't aware about structure changing during handling on ArrayStorage|SlowPutArrayStorage array types before that commit.
@dmxcsnsbh Oops, that link was broken :( that is https://t.co/bCvuVGTHGW Bug was ArrayStorage or SlowPutArrayStorage array's structure (butterfly) can change by shift/unshift interpreter function while compiling DFG and handling GetByVal opcode on DFGAI phase.
Pwn2own 2023 is coming in now. This pwn2own season remind us that we pwned microsoft teams (unfortunately we failed in real round). Here is our first blog post about our journey of pwn2own 2022 microsoft teams RCE.
https://t.co/FQ5682AUjL
@vngkv123 저도 팬이에요 ㅎㅎ
I don't know what is a CVE number for my spooler EoP 0-day that i discovered last year. Anyway It was patched by microsoft tuesday patch, So I'm sharing this PoC one of the bug that listed on the screenshot for spooler EoP here: https://t.co/51k1A3SUW7
@adm1nkyj1 천성이 그렇지않음
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers