Olivia
Online
Krypton
@kkrypt0nn
Cloud Engineer | Security enthusiast & researcher | Developer
$rax
Joined September 2018
46 Following
78 Followers
56 Posts
Even sloppier.
@evilsocket I remember when the request was made at Kali for that, a long time ago π
However, the time has finally come for this amazing tool π
@P3b7_ Time for another one with the same unusual NGINX config and some amazing new primitive? Maybe another RCE as primitive for that one?
Tomorrow: ASLR for CVE-2026-42945 can be bypassed by having a host access primitive..
Jokes aside, still an interesting PoC
Here's the PoC for Nginx CVE-2026-42945 which works against vanilla Ubuntu (and any other distro?) + Nginx with ASLR enabled. I have included all iterations of the PoC the LLM was kicked to improve.
TL;DR: We can use an LFI/file-read primitive to leak enough details from /proc/<nginx-worker>/mem to bypass ASLR and achieve reliable RCE, in most cases at first shot.
There are still other ways to make it work, with even less subtle primitives. If you ask Geppetto nicely, he will help you ;)
https://t.co/VawjqrMisN
@IntCyberDigest As explained in the description of the repository, it requires a LFI/read-file primitive. So you'd have another unfunny vulnerability as well
@IntCyberDigest Absolutely!
Don't disable ASLR
NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at https://t.co/KeoblrGL24
It's the Friday deployment time over at Discord
Hard to patch if there's no patch. It's a 0day, and thank you for that.
Blocking the module has some more side-effects than the ones described, see https://t.co/gRUDttbSYQ
I call that irresponsible disclosure, change my mind.
Patch your Linux boxes!
https://t.co/VWOUDbLAn2 is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
Found by the teams at @theori_io and @xint_official
More details below
https://t.co/9f6T96PvPX
Can we please also get RHEL 14.3 - you guys seem to be 4 major versions in advance π
Patch your Linux boxes!
https://t.co/VWOUDbLAn2 is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
Found by the teams at @theori_io and @xint_official
More details below
https://t.co/9f6T96PvPX
@vxunderground > RHEL 14.3
Did the LLM code a special futuristic version of RHEL? (https://t.co/5Y2KejOFif)
Also https://t.co/3uWXC0mTTC may help to see what Ubuntu versions effectively are affected
@DarkWebInformer Hey there! Just wanted to thank you for sharing my repository, it gained quite a few stars from it :D
@vector35 I think there was a bit of a mess up in the macOS versions π
Ventura is 13, Monterey is 12
Had an amazing time at @1ns0mn1h4ck, perfectly organized as always π₯
Favorite talk was probably @ElykDeer's one about the TantΕ plugin for @vector35 Binary Ninja π₯·
What's quite concerning is not only what @evilsocket found out. The fact that there's something going around at VINCE which leads to people having access to vulnerabilities people report using the "responsible" disclosure path..
Amazing research btw. Ignore the hate, keep it up
Most normal Windows moment.. π€‘
JUST IN - Global cyber outage. Cybersecurity platform CrowdStrike is "down" worldwide, causing global IT problems, Microsoft crashes, 911 outages across several US states, and disruptions in international airlines, banks and media outlets.
@evilsocket Pretty neat, gratz on that! New blog post maybe π
@I_AM_NO_LEGEND π It's pretty hard to answer that, security is a pretty wast area and has lots of subtopics which may interest you more than others. There's a link - https://t.co/TnLMnmOoJ2 - I like, though at some point you will have to find something more specific and targeted you enjoy :D
@evilsocket That's the trick, we are doing QA for them :)
Last Seen Users on Sotwe
Matt
Seen from Brazil
@Boys4Art
Seen from Germany
ππ§π§ππ« π
π¨π₯ππ¬ γ African Beauty γ
ππ¨π¦π’π§πππ«π’π± ππππ«π’π§π ππ₯πππ€π₯
Seen from Canada
Calista
Seen from France
nur lezbiyenπ³οΈβπ
ESCOBAR
Seen from Turkey
XSeyfiX
Seen from Turkey
MILF HUNTER
Seen from Indonesia
Gshsjkeidvak
Seen from Indonesia
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers