@lynerc profile picture
Chris Lyne @lynerc

Security researcher. Tennis player. Bourbon taster. Animal lover. Lawn care nut. Opinions are my own.

Joined January 2011
  • Tweets 303
  • Following 454
  • Followers 520
5 Photos and videos
Chris Lyne retweeted
BleepingComputer
@BleepinComputer
12 Feb 2024
Bank of America warns customers of data breach after vendor hack - @serghei bleepingcomputer.com/news/se… bleepingcomputer.com/news/se…

Bank of America warns customers of data breach after vendor hack

Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.

bleepingcomputer.com
2
139
207
29,757
Chris Lyne retweeted
Praetorian
@praetorianlabs
14 Apr 2022
Do you enjoy capture the flag contests and solving hard problems? Check out Praetorian's cyber tech challenges! Solve problems. Get hired! ow.ly/AJtq50IKb7e
1
1
Chris Lyne retweeted
Praetorian
@praetorianlabs
23 Mar 2022
Because inadvertent secrets disclosure is a common attack path into an org, we developed Nosey Parker—a ML powered scanner for locating secrets. With a precision of 98.5%, Nosey Parker is an order of magnitude better than existing secrets solutions praetorian.com/blog/nosey-pa…
4
7
Chris Lyne retweeted
evan@stargravy
4 Feb 2022
Found some issues in Gryphon routers that let you root other people's devices across the internet through a shared Gryphon VPN service: medium.com/tenable-techblog/…
1
4
5
Chris Lyne retweeted
Anthony Weems@amlweems
1 Feb 2022
I'm really excited for this video! I got a chance to collab with @LiveOverflow and share the process for discovering the localhost bypass for CVE-2021-45046 with code review and differential fuzzing. :)
LiveOverflow 🔴
@LiveOverflow
1 Feb 2022
After the log4shell vulnerability was patched with version 2.15, another CVE was assigned. Let's have a closer look at the localhost JNDI connections bypass and learn about fuzzing Java applications. youtube.com/watch?v=kvREvOvS…
1
2
18
Chris Lyne retweeted
Tim Starks@timstarks
15 Dec 2021
Cool cool cool praetorian.com/blog/log4j-2-…

Log4j 2.15.0 stills allows for exfiltration of sensitive data

The Apache Software Foundation announced a new vulnerability in Log4j – CVE-2021-45046 – on December 14th. The vulnerability as described states that Log4j 2.15.0 can allow a local Denial of Service...

praetorian.com
10
9
Chris Lyne retweeted
Praetorian
@praetorianlabs
14 Oct 2021
New open source SAST tool for ISTO #praetorianlabs #CyberSecurity #istio praetorian.com/blog/introduc…

Introducing Snowcat: World's First Dedicated Security Scanner for Istio

Why Service Meshes Matter Over the last few years, the pace of moving workloads to the cloud has continued to accelerate. Mostly, this has been a boon for innovation, allowing complex monolithic...

praetorian.com
7
10
Chris Lyne retweeted
@_sinn3r
10 Sep 2021
I'd like to share this to demonstrate this is what I sacrificed to stay sharp in infosec. Blue is the ideal line, yellow is the actual. My arms started to feel numb. My doc said I was about a few years away to need a surgery. If you do a lot late night hacking, think about this.
51
159
655
Chris Lyne@lynerc
1 Sep 2021
Anyone have training recommendations for thick client pen testing / bug hunting?
1
Chris Lyne retweeted
Praetorian
@praetorianlabs
18 Aug 2021
New open source SAST tool for Go - check it out #golang #praetorianlabs github.com/praetorian-inc/go… praetorian.com/blog/introduc…

GitHub - praetorian-inc/gokart: A static analysis tool for securing Go code

A static analysis tool for securing Go code. Contribute to praetorian-inc/gokart development by creating an account on GitHub.

github.com
22
53
Chris Lyne retweeted
evan@stargravy
17 Aug 2021
Second in a set of wicked twin blogs by @lynerc & @CE2Wells : Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082) by @CE2Wells link.medium.com/K2F6nnosNib

Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082)

A couple months back, Chris Lyne and I had a look at ManageEngine ServiceDesk Plus. This product consists of a server / agent model in…

link.medium.com
2
3
Chris Lyne retweeted
evan@stargravy
17 Aug 2021
First in a set of wicked twin blogs by @lynerc & @CE2Wells : Stored XSS to RCE Chain as SYSTEM in ManageEngine ServiceDesk Plus by @lynerc link.medium.com/pSyRF7gsNib

Stored XSS to RCE Chain as SYSTEM in ManageEngine ServiceDesk Plus

Gaining SYSTEM access via the help desk software

link.medium.com
5
11
Chris Lyne retweeted
evan@stargravy
3 Aug 2021
Found a couple bugs in some Buffalo routers, one of which happened to affect a bunch more devices. link.medium.com/EvlKxCJaqib

Bypassing Authentication on Arcadyan Routers with CVE-2021–20090 and rooting some Buffalo

A walkthrough of my first experience in router hacking

link.medium.com
1
7
14
Chris Lyne retweeted
evan@stargravy
3 Aug 2021
A little video demo from the Buffalo writeup ( link.medium.com/EvlKxCJaqib ) :
0:31
1
20
30
Chris Lyne retweeted
Alexei Kojenov@kojenov
30 Jul 2021
Super excited to present my research @IoTvillage #defcon29!
IoT Village@IoTvillage
26 Jul 2021
Catch @kojenov's #iotvillage talk first thing Sat morning (Aug 7) at 10am PT @defcon! All talks will be streamed on our Twitch: twitch.tv/iotvillage To view our entire #defcon29 talk schedule, visit: iotvillage.org/defcon.html
4
9
Chris Lyne retweeted
Nicholas Miles@_NickMiles_
13 Jul 2021
“Examining Crypto and Bypassing Authentication in Schneider Electric PLCs (M340/M580)” by Nicholas Miles link.medium.com/aeJf0VbrRhb

2
5
9
Chris Lyne retweeted
Dan Raywood@DanRaywood
25 Jun 2021
New blog from @tenablesecurity researcher @clairetills on the proof-of-concept exploit for CVE-2020-3850, a cross-site scripting vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense software web services. ow.ly/kd17102Nt1g

Charge

Charge

charge.tenable.com
2
2
Chris Lyne retweeted
Praetorian
@praetorianlabs
22 Jun 2021
How Praetorian goes about hacking IoT. praetorian.com/blog/how-to-h… #cybersecurity #IoT #praetorianlabs

Methodology for Hacking IoT: From Chip to Cloud

Introduction Over the past 10 years, Praetorian has tested hundreds of embedded systems, ranging from autonomous vehicles, medical devices, critical infrastructure, and smart consumer devices....

praetorian.com
7
6
Chris Lyne retweeted
evan@stargravy
14 Jun 2021
Did a writeup on leveraging a small bug in a Power Apps page to steal auth tokens, emails, and more from Microsoft Teams users via malicious tabs. link.medium.com/tSPHTUUb5gb
11
13
Chris Lyne retweeted
SecureDrop@SecureDrop
19 May 2021
We have issued a security advisory for a low-severity vulnerability in the journalist web application (fixed in SecureDrop 1.8.2). We would like to thank the @TenableSecurity team for their responsible disclosure. You can find more information at: securedrop.org/news/security…

Security Advisory: Cross-site request forgery vulnerability on Journalist Interface test alert form

On May 10, 2021, the Tenable team informed us of a CSRF vulnerability on SecureDrop’s Journalist Interface. Details are now available on their advisories page.

securedrop.org
1
3
6
Load more