Android kernel vulnerability researcher | Mathematics student
Joined August 2018
- Tweets 31
- Following 925
- Followers 2,733
- Likes 3,776
5 Photos and videos
29 Aug 2022
I developed an N-day exploit for CVE-2022-2586: Linux kernel nft_object Use-After-Free (UAF). I sent my exploit and writeup to the oss-security mailing list: openwall.com/lists/oss-secur…
8
173
687
29 Aug 2022
This vulnerability was used in Pwn2Own Vancouver by @Seasecresponse: congratulations and thanks for this amazing discovery!
2
14
25 Jan 2022
Now that the discoverers have published their exploit and writeup, I sent my exploit and writeup for CVE-2022-0185 (Linux kernel integer underflow to slab OOB write) to the oss-security mailing list: openwall.com/lists/oss-secur…
4
184
670
10 Sep 2021
CVE-2021-40444 simple demonstration PoC Exploit: github.com/lockedbyte/CVE-20…
14
368
938
Alejandro G. retweeted
17 Aug 2021
ProFTPd UAF (@lockedbyte), API hacking (@hakluke and @Farah_Hawaa), file extension tricks on cloud storage (@mrd0x), built-in AD searching with ADSI (@Gr1mmie), DCE/RPC fingerprints (@hdmoore), SAML issues (@Secureworks, @joonas_fi), and more! blog.badsectorlabs.com/last-…
1
16
47
Alejandro G. retweeted
11 Aug 2021
A very detailed exploit demonstration of @Nosoynadiemas 's CVE-2020-9273 (ProFTPd UAF)
10 Aug 2021
Dear Fellowlship, How is your summer going?
Our N-Day owl @lockedbyte was bored in his holidays and decided to build an exploit for CVE-2020-9273. Check our post:
Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273)
adepts.of0x.cc/proftpd-cve-2…
7
31
Alejandro G. retweeted
10 Aug 2021
Dear Fellowlship, How is your summer going?
Our N-Day owl @lockedbyte was bored in his holidays and decided to build an exploit for CVE-2020-9273. Check our post:
Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273)
adepts.of0x.cc/proftpd-cve-2…
1
48
79
Alejandro G. retweeted
18 May 2021
Exim RCE (@lockedbyte), Windows kernel exploit writeup (@33y0re), plaintext RDP creds from memory (@jonasLyk, @n00py1), MS Defender ATP bypasses (@Tyl0us), hashcat 6.2.0 (@hashcat), persist and blend C2 with Teams (@BlackArrowSec), and more! blog.badsectorlabs.com/last-…
23
46
Alejandro G. retweeted
15 May 2021
So @Lockedbyte just brought to our nest a PoC. Read his last entry in our blog: "From theory to practice: analysis and PoC development for CVE-2020-28018 (User-After-Free in Exim)" adepts.of0x.cc/exim-cve-2020…
1
17
31
15 May 2021
I developed a Remote Code Execution PoC exploit for the Exim Use-After-Free that was recently disclosed (as part of @qualys 21Nails advisory). Tested just on Exim 4.92. PoC available: github.com/lockedbyte/CVE-Ex…
6
296
784
Alejandro G. retweeted
9 Mar 2021
Our young owlet @Lockedbyte reported an uncontrolled recursion in the XML parser of OSSEC/Wazuh (CVE-2021-28040) that has been fixed recently. Not all bugs are cool RCEs, but hey, bugs that lead to DoS should be fixed too.
9
27
Last night @lockedbyte showed you how we managed to exploit sudo with a partial overwrite of a funcptr and some small bruteforce. Today.. we do it single-shot with some help of glibc/nss.
haxx.in/CVE-2021-3156_nss_po…
8
137
379
29 Jan 2021
I were able in collaboration with @bl4sty to create a working Proof of Concept exploit for the new sudo CVE-2021-3156.
Tested just in Ubuntu 20.04.1 LTS, in other distros offsets may change. PoC available: github.com/lockedbyte/CVE-Ex…
18
446
1,109
26 Jan 2021
I got targeted by Zhang Guo and sent me the blog post link hxxps://blog.br0vvnn[.]io/pages/blogpost.aspx?id=1&q=1
26 Jan 2021
New blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development.
blog.google/threat-analysis-…
Stay safe out there everyone!
1
1
11