Olivia
Online
johncool
@JohnCool__
offsec and VR somewhere
Joined September 2015
174 Following
1.2K Followers
224 Posts
We are hiring offensive security researchers @Apple!
We are looking for experienced profiles in a variety of fields.
Learn more here: https://t.co/QGYZXKqxCt
You are into Kernel or Userland Vulnerability Research? My team would love to hear from you!
DM me if you have questions
New year, new adventure for me @Reverse_Tactics ! A lot of work to come, but hopefully lots of vulnerabilities and exploits ! Feel free to DM me to discuss or leak your bugs 🥸
Welcome to @OnlyTheDuck who is joining REverse Tactics for handling exciting security challenges and discovering new vulnerabilities!
@h0wdeee I can’t remember which release fixes the bug, but here is the relevant commit https://t.co/nqN1Gq1yHD
@h0wdeee Hi, one of the original author here. This is indeed CVE-2022-43634. I confirm that this was a critical RCE in Netatalk. Exploiting it is non trivial but can be done reliably. Feel free to DM or ask here if you have any question
Thank you everyone for this amazing second edition!
We hope you all had a blast and all the team is already eager to see you all next year for #HEXACON2024 🚀
@lcheylus @OnlyTheDuck @swapgs Et oui… Je pensais pas que ça partirait si vite. Mais c’est tant mieux que la conf génère autant d’engouement.
Because I would love to see the magnificent @OnlyTheDuck on stage (and @swapgs (and the other one too))
The second batch for @GrehackConf 2023 was launched today, and guess what: tickets sold out in minutes 🫣.
But lucky you, we had reserved 2 tickets for you! 🤩 👉 Retweet and comment by telling us what motivates you to go to the conference. Random draw Monday lunchtime, we'll announce the winners right away.
Good luck to you all !
The second batch for @GrehackConf 2023 was launched today, and guess what: tickets sold out in minutes 🫣.
But lucky you, we had reserved 2 tickets for you! 🤩 👉 Retweet and comment by telling us what motivates you to go to the conference. Random draw Monday lunchtime, we'll announce the winners right away.
Good luck to you all !
@0xor0ne @Flutsunami @Synacktiv Thanks! It was one of the funkiest bug we had to exploit! … and it’s everywhere 😏.
Excellent writeup on obtaining root command execution on Netatalk daemon on Western Digital MyCloudHom NAS.
credits: Etienne Helluy-Lafont and Luca Moro (@Synacktiv)
https://t.co/hpM8Dy2Fu8
#cybersecurity
At #Pwn2Own Toronto, @johncool__ earned $40K by exploiting the @westerndigital My Cloud Pro Series PR4100 with a classic buffer overflow. Now that it's patched (CVE-2022-29844), he provides the details of his research on our blog. Read all about it at https://t.co/mvaZOSIP4M
@alexjplaskett And here is the article https://t.co/HVUteTFBYZ
Ninja tricks to abuse TCP stacks and pwn NAS! Check out our #Pwn2Own Netatalk exploit by Etienne, @JohnCool__ and @OnlyTheDuck! https://t.co/sHlH5OnYBB
Yay, the Netatalk pre-auth bug we used during #Pwn2Own Austin 2021 has been disclosed! Be ready for the upcoming exploit/write-up and its funkiest TCP shenanigans https://t.co/k19YCfjtPf
Ninja tricks to abuse TCP stacks and pwn NAS! Check out our #Pwn2Own Netatalk exploit by Etienne, @JohnCool__ and @OnlyTheDuck! https://t.co/sHlH5OnYBB
[ZDI-23-112|CVE-2022-29844] (Pwn2Own) Western Digital MyCloud PR4100 FTP Server Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: @johncool__) https://t.co/kEnUOzm5Mf
@pwning_me At the time we did not know about the previous form of that bug, and we could not argue that it was in fact a different vulnerability. That's why it ended up being a duplicate with your team during #pwn2own
@pwning_me If i remember correctly, Netgear shipped a very outdated version of Netatalk that had a similar vulnerability which disappeared during a refactoring and was no longer upstream. In its new form there is indeed a special trick :) https://t.co/oWRiLQe9Ai
[ZDI-23-094|CVE-2022-43634] Netatalk dsi_writeinit Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 9.8; Credit: @Synacktiv) https://t.co/JmFRSTi0o5
Last Seen Users on Sotwe
สายเงี่ยนชอบเยสสาวใหญ่ สาวอ้วน สาวแก่ แม่หม้าย
Seen from Thailand
JANDA MULUZ
Seen from Singapore
wwww
Seen from Indonesia
PAP Boogil
Seen from Indonesia
!:‧yorozu‧₊⊹𓂃ִ🐑🇸🇱
Seen from Brazil
Bang Jo
Seen from Indonesia
けい 
Seen from Japan
contract
Seen from Saudi Arabia
Fatma’nın Oğlu
Seen from Turkey
el king
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers