was born in '85, still alive...
Joined February 2010
- Tweets 4,313
- Following 532
- Followers 2,978
- Likes 811
40 Photos and videos
8 Aug 2024
Hey, we are looking for an Incident Response Engineer in Mexico! #job social.icims.com/viewjob/pt1…
1
3
241
19 Feb 2024
How can we measure the Return on Security Investment (RoSI) of Bug Bounty programs? @ygoltsev and I have explored various numbers to find answers, and we'd like to share our ideas with you - linkedin.com/pulse/how-measu…! #ROI #bugbounty #metrics #okr
2
356
16 Jan 2024
Is Ivanti 0days based on path traversal command injection in backup endpoint?
1
673
Alyosha Sintsov retweeted
19 Sep 2023
Let me say that again...
You store pointers at the _destination_ address of a memcpy.
You glitch during memcpy ().
You get that pointer into PC.
No, it's not sci-fi. It's the "instruction corruption" fault model. And we pioneered that.
See thread below 1/N.
5 Sep 2023
This attack showed that the data at the destination of a copy can be abused just like the data at the source.
We had to improve this attack quite a bit as it simply took too long to get a successful glitch. The details for this optimization will be explained during our training.
1
14
39
10,637
Alyosha Sintsov retweeted
4 Aug 2023
Application Security and Vulnerability Assessment getting a significant advantage from GenAI (context-driven knowledgebase). That helps security teams understand the root cause of the problem faster and significantly reduces the latency in producing security fixes at scale.
1
10
32
6,941
Alyosha Sintsov retweeted
21 Jun 2023
"... detected several remotely exploitable bugs in AMI MegaRAC BMC"
"... whole attack sequence: from having zero knowledge about a remote AMI BMC with enabled IPMI (yeah, right) to flashing a persistent firmware implant to the server SPI flash"
Looking forward to this talk!
21 Jun 2023
Check out the abstract of our upcoming DC talk :)
CC: @Adam_pi3
forum.defcon.org/node/245714
14
30
10,851
Alyosha Sintsov retweeted
6 Jun 2023
Our lovely Red Team at @gitlab is looking for a Senior Red Teamer
boards.greenhouse.io/gitlab/…
1
31
168
38,923
25 May 2023
Also found interesting, that ChatGPT works much better if you ask to use LangSec approach: translate logic into grammar, and input as a language and try to find a Weird Machine, works more efficient at my example than just "check the pseudocode/logic for security issues"
1
298
23 May 2023
Think lately about weird machines, and found myself that jokes and humor is an example of such for human beings.
1
353
23 May 2023
And on other side: "fraud/propaganda" is also a language for creating "weird machines"...
225
Alyosha Sintsov retweeted
19 May 2023
1
25
63
10,906
Alyosha Sintsov retweeted
13 Apr 2023
My dear humans and non-humans, I present to you the speakers for #OffensiveCon23
offensivecon.org/speakers/
2
36
116
58,020
📝New research by @lmpact_l: "Fork Bomb for Flutter"
There are more and more Flutter applications, and security analysis of these apps is in high demand. Our member Phil shares his knowledge and presents his reFlutter tool.
Read the article: swarm.ptsecurity.com/fork-bo…
6
27
76
14 Feb 2022
And our Vulnerability Management team is growing in CZ as well, HERE Technologies: linkedin.com/jobs/view/29094…
1