Olivia
Online
phoenhex team
@phoenhex
Fine writeups & exploits by @5aelo @_niklasb @edgarboda @bkth_
your kernel
Joined April 2017
6 Following
4K Followers
53 Posts
I wrote a thing about a Chakra RCE for which the JIT trigger is tweetable :)
function opt(o) {
o.pwn = o.a;
}
https://t.co/79NjgeQwoo
I wrote a thing about my macOS sandbox escape & LPE from Pwn2Own https://t.co/8EetvFz2i5
New blog post written together with my friend @S0rryMybad about using the JIT to abuse a non-JIT bug in Chakra (CVE-2019-0812) https://t.co/c2GMTQewHO
I published the slides of the presentation I gave @BlueHatIL and @offensive_con about Attacking Edge through the JIT compiler. I also contains exploit code for CVE-2018-8266 https://t.co/01ZoFkmBBq
My #pwn2own exploit chain from this year, essentially 3 logic bugs to go from Safari to kernel on macOS up to 10.13.3, is now open source: https://t.co/AXhKn3rDxF. The README also links to a few slide decks which contain some more background information :)
#Hack2Win eXtreme @bevxcon - SSD Advisory – Firefox Remote Code Execution https://t.co/RPiZ4HrNV9
Two RCE bugs in the Spidermonkey JIT fixed in Firefox 62.0.3. One was a pretty old bug in the IonMonkey register allocator.
First #Hack2win eXtreme winners, @_niklasb @bkth_ @5aelo, 3 categories: Firefox RCE, Firefox InfoLeak and Chrome RCE, beautifully done, for a total prize of 170,000$USD. Still have 330,000$USD to give out to anyone that can show their skills - disclosure soon via @SecuriTeam_SSD
Here are the slides from my #BlackHatUSA talk about just-in-time compilers for JavaScript and the @webkit bug I used as part of my Pwn2Own chain this year =) https://t.co/RpASPLSfr1
New blog post: Fuzzing the CS:GO map file loader with AFL in QEMU mode. Includes full fuzzing harness + triaging tools to reproduce. Will still find heap overflows, because Valve says these are not security issues :> So get yourself some 0days now! https://t.co/MDSQrvt1UZ
I added a PKGBUILD to get a full debug build of the latest VirtualBox version for Arch Linux, with the 3D security fixes from July reverted: https://t.co/0XR5MCmasB
I published a small Python Linux library for experimenting with HGCM and VBoxSharedCrOpenGL (3D accel) from a VirtualBox guest. Includes a full exploit for CVE-2018-30{55,85} demonstrating some useful heap exploitation techniques for the 3D component https://t.co/xtXuqN5qGk
Best idea ever to order ESPR+phoenhex keyboards <3
Got CVE-2018-8266 for a bug inside ChakraCore that led to RCE :) https://t.co/upyPEv8BcY
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers