@dronesec profile picture
Bryan Alexander @dronesec
Joined June 2012
  • Tweets 1,421
  • Following 330
  • Followers 1,741
11 Photos and videos
Bryan Alexander retweeted
Open Source Security mailing list@oss_security
30 Jan 2024
CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog(), @Qualys Security Advisory. openwall.com/lists/oss-secur…

1
15
18
5,118
Bryan Alexander retweeted
James Forshaw@tiraniddo
7 Dec 2022
The Kerberos PAC verification bypass me and @monoxgas showed at the end of our BH presentation and was fixed last month is now open in the issue tracker. Certainly an interesting one :) bugs.chromium.org/p/project-…

1
34
83
Bryan Alexander retweeted
stephen@_tsuro
17 Nov 2022
Breaking the Chrome Sandbox with Mojo - the recording of my black hat talk is out: youtu.be/qhhJCLy0YBA (I'm painfully aware of the red shift :) )

Breaking the Chrome Sandbox with Mojo

If you manage to exploit a Chrome renderer vulnerability, you find ...

youtube.com
1
39
145
Bryan Alexander retweeted
TrendAI Zero Day Initiative
@thezdi
16 Nov 2022
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend - @chudyPB provides the details of CVE-2022-41040 and -41082. These were the #Exchange bugs used in active attacks and recently patched. zerodayinitiative.com/blog/2…

Zero Day Initiative — Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell...

By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researc...

zerodayinitiative.com
65
161
Bryan Alexander retweeted
JF Bastien
@jfbastien
15 Nov 2022
Wherein I propose that C initialize all stack variables to zero, preventing ~10% of CVEs. Cost: none. 🔗 wg21.link/P2723R0 🔗
74
248
1,651
Bryan Alexander retweeted
Shane Huntley
@ShaneHuntley
8 Nov 2022
Six actively exploited 0days patched today by Microsoft including one found by @benoitsevens & @_clem1 from TAG. duo.com/decipher/microsoft-f… 2022 and we are still seeing active IE scripting exploitation 😔 Thanks to Microsoft for the quick turnaround and patch.

1
25
59
infosec.exchange/@drone for those that are migrating
Bryan Alexander retweeted
Project Zero Bugs@ProjectZeroBugs
4 Nov 2022
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain googleprojectzero.blogspot.c…

A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain

Posted by Maddie Stone, Project Zero Note: The three vulnerabilities discussed in this blog wer...

projectzero.google
2
39
112
Bryan Alexander retweeted
raptor@0xdea
3 Nov 2022
Now this is a pretty handy tool... "A plugin to introduce interactive symbols into your debugger from your decompiler" // by @mahal0z github.com/mahaloz/decomp2db…
16
38
Bryan Alexander retweeted
Will Oremus
@WillOremus
3 Nov 2022
Inside Elon Musk's "free speech" Twitter, a culture of secrecy and fear has taken hold. Managers and employees have been muzzled, Slack channels have gone dark, and workers are turning to anonymous gossip apps to find out basic info about their jobs. washingtonpost.com/technolog…

Musk’s Trump-style management rattles Twitter workers awaiting layoffs

Silence from new leaders has bewildered workers, who are turning to private chats, anonymous apps and Elon Musk’s tweets for basic information.

washingtonpost.com
103
689
1,825
Bryan Alexander retweeted
KevinLu@K3vinLuSec
28 Oct 2022
My new blog series: Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis zscaler.com/blogs/security-r… Part 2: Exploit Analysis zscaler.com/blogs/security-r… #0day #exploit #vulnerability #CVE_2022_37969
1
93
220
Bryan Alexander retweeted
Alex Matrosov
@matrosov
31 Oct 2022
My keynote "The Evolution of Firmware Threats: Attacks below the OS" from @nohatcon is now available online! youtube.com/watch?v=L1VanOGM…

No Hat 2022 - Alex Matrosov - [Keynote] The Evolution of Firmware...

THE EVOLUTION OF FIRMWARE THREATS: ATTACKS BELOW THE OSDefensive ...

youtube.com
23
38
Bryan Alexander retweeted
Brandon Azad@_bazad
27 Oct 2022
I’m really excited for us to shed light on some really cool work we’ve been doing to harden the XNU allocator! This has been a huge effort by so many people, and I’m very proud of the direction: security.apple.com/blog/towa…

Towards the next generation of XNU memory safety: kalloc_type - Apple Security Research

Improving software memory safety is a key security objective for engineering teams across the industry. Here we begin a journey into the XNU kernel at the core of iOS and explore the intricate work...

security.apple.com
6
95
393
Bryan Alexander retweeted
nedwill
@NedWilliamson
25 Oct 2022
A couple months overdue, here's the open source release of Concurrence, my new fuzzing library for thread-based targets. Integration code to SockFuzzer, plus Mach process/IPC/VM/etc. support are coming soon. Check it out at github.com/googleprojectzero…

5
62
237
Bryan Alexander retweeted
kylebot@ky1ebot
19 Oct 2022
Finally, here is the blog documenting the crazy 7 days that I spent on CVE-2022-1786 to pwn kCTF (and won a lot of cash)! Let me know what you think of the blog! blog.kylebot.net/2022/10/16/…

[CVE-2022-1786] A Journey To The Dawn

IntroductionBack in April, I found a 0-day vulnerability in the Linux kernel and exploited it on Google’s kCTF platform.I reported the bug to Linux kernel security team and helped them fix the vulnera

blog.kylebot.net
5
222
740
Bryan Alexander retweeted
Andrey Konovalov@andreyknvl
16 Sep 2022
Slides for "Sanitizing the Linux kernel: On KASAN and other Dynamic Bug-finding Tools", the talk I just gave at Linux Security Summit Europe 2022. Covers: 🐧 Generic KASAN implementation 🔥 Other Sanitizers 🗡 Extending KASAN and KMSAN to find more bugs docs.google.com/presentation…
7
75
255
Bryan Alexander retweeted
CTurt@CTurtE
14 Sep 2022
New blog post! Part 1 in my new PlayStation hacking series: An **unpatched** PS4 / PS5 userland exploit that also allows pirating PS2 games. mast1c0re: Hacking the PS4 / PS5 through the PS2 emulator - Part 1 - Escape: cturt.github.io/mast1c0re.ht… Video demo: youtube.com/watch?v=GIl1mR0H…

61
304
1,214
Bryan Alexander retweeted
Kostya Serebryany
@kayseesee
9 Sep 2022
We had quite some fun for the last 2.5 years fuzzing CPUs. We wrote one system, scratched it, and wrote another one. This week we open-sourced most of it, and hope to open-source more in the future. github.com/google/silifuzz

GitHub - google/silifuzz

Contribute to google/silifuzz development by creating an account on GitHub.

github.com
5
134
600
Bryan Alexander retweeted
Kees Cook@kees_cook
8 Sep 2022
We've finally landed the run-time memcpy() overflow warning patch in linux-next: git.kernel.org/pub/scm/linux… So now I'm constantly reloading a search on lore, checking if anyone has run into new instances on real work loads. :P lore.kernel.org/all/?q="de…

1
18
54
Bryan Alexander retweeted
kmkz@kmkz_security
7 Sep 2022
Details about the @MDSecLabs 's process for identifying Veeam 1Day vulns, writing working exploit & considerations for further weaponisation (including preauth. RCE(s), LPE complete analysis) - Such an awesome post by @SinSinology 👏 defense.one/d/36-cve-2022-26…

2
21
52
Load more