Olivia
Online
igor51
@igor51
France
Joined July 2009
235 Following
81 Followers
4K Posts
Hacking the #EU #AgeVerification app in under 2 minutes.
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.
1. It shouldn't be encrypted at all - that's a really poor design.
2. It's not cryptographically tied to the vault which contains the identity data.
So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.
After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.
Other issues:
1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.
Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
We achieved a guest-to-host escape by exploiting a QEMU 0-day where the bytes written out of bounds were uncontrolled.
Full breakdown of the technique, glibc allocator behavior, and our heap spray/RIP-control primitive ↓
A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets.
A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic.
https://t.co/IxURrHpBT0
Happy New Year from everyone at Iron Maiden!
Thank you for an incrEDible 2024! See you on the road in 2025!
#IronMaiden #TheFuturePastWorldTour #RunForYourLivesWorldTour #McMurtrie #HappyNewYear
New stealthy Pumakit Linux rootkit malware spotted in the wild - @billtoulas
https://t.co/zVCQbTcqEx
https://t.co/zVCQbTcqEx
Thank you to everyone around the world for making The Future Past Tour one that we’ll never forget!
A big shout out to our incrEDible #KillerKrew as well!
#IronMaiden #TheFuturePastWorldTour #KillerKrew
IRON MAIDEN: We Have 'Already Chosen' Our New Drummer; To Be Announced 'Very Shortly' https://t.co/g9vWZdh19O
An Announcement from Iron Maiden..
I love you too All and up the Irons 🤘🤘
🚨 I'm working on adding new Linux coverage for the EDR telemetry project and want to get things right from the start. I'd love your input on the current approach—check out my comment here: https://t.co/S0HWHunrDF
What do you think? Drop your thoughts in the comments below or on GitHub. Appreciate any feedback! 🙌
This is a nice simple way to hide a process name on Linux. You can see it happening due to /proc/PID/exe, /proc/PID/comm, and /proc/PID/cmdline mismatch. But, legit processes may present this way as well so not always reliable for detection.
https://t.co/B0VE1DUCiU
CVE-2024-36401
https://t.co/Iwf7Yvj9Pt
Quand tu peux flex 15 jours au village Olympique
Anyone can Access Deleted and Private Repository Data on GitHub : https://t.co/HJqKhwrPwv
🚨New! "PKFail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem."
#PKfail is a supply-chain issue affecting x86/ARM devices around the globe.
Blog:
https://t.co/X3RaVzDWGk
Full report:
https://t.co/BrzDzd5D4L
A free scanning tool: https://t.co/fSqeVlxxT7
Hiding Linux Processes with Bind Mounts : https://t.co/9U87suciXf
Ref : The 'Invisibility Cloak' - Slash-Proc Magic : https://t.co/WMbuvFfGtS
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware - @serghei
https://t.co/JylzTUgBkX
Ensuring #Jenkins server security is crucial. Our latest findings indicate a rise in #cryptomining activities due to misconfigurations.
Get the complete analysis and protection tips here:⬇️ https://t.co/NqUPTtApkE
Acer, Dell, Gigabyte, Intel, and Supermicro impacted: the platform key was leaked in 2022 on GitHub at https://t.co/yzXMQzuZCC
"The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password"
via @Agarri_FR
https://t.co/fcN6zeZ2kQ
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers