@rexploit profile picture
Max Moser @rexploit

@rexploit@chaos.social see you there

Joined April 2009
  • Tweets 1,768
  • Following 813
  • Followers 2,233
136 Photos and videos
Max Moser retweeted
@modzero@infosec.exchange@mod0
7 Jun 2024
Shells at midnight: Exploiting the flexibility of Email addresses for offensive purposes. Today we are publishing a new blog post about our disclosure report on #MailCleaner #CVE-2024-3191: modzero.com/en/blog/beyond_t… @born0monday@chaos.social will also present at @a41con today.
4
10
889
Max Moser@rexploit
26 May 2024
@swisspost es ist schon fast lustig wenn es nicht so traurig wäre. Trotz Gespräch mit euren Hotlines und den Vermerken in eurem System dreht mein Paket Runden. Die Adresse ist klar, deutlich und korrekt. Das habt ihr mit euren Scans sogar bestätigt. #postfail
1
159
Max Moser@rexploit
26 May 2024
@swisspost Winterthur ist nicht bei Genf und die Kosten der Hotlines obendrauf. Klar AI Erkennung ist super. Werdet euch doch mal einig.
1
134
Max Moser retweeted
@modzero@infosec.exchange@mod0
29 Apr 2024
We identified critical vulnerabilities in MailCleaner. A command injection vulnerability can be exploited by sending an Email. Our report can be found here: modzero.com/en/advisories/mz… Kudos to chaos.social/@born0monday and chaos.social/@parzel #MailCleaner #CVE-2024-3191 #Infosec

[MZ-24-01] MailCleaner

modzero.com
3
8
699
Max Moser retweeted
@modzero@infosec.exchange@mod0
29 Dec 2023
How do you hack Internet-connected devices? Today, our colleagues @parzel2 and @yonk@chaos.social will present their research at the #37C3 on how to turn a Poly VoIP phone into a wiretap, giving beginners some starting points for own research projects. events.ccc.de/congress/2023/…
2
4
584
Max Moser retweeted
Julio Merino@jmmv
22 Jun 2023
Please remind me how we are moving forward. In this video, a machine from the year ~2000 (600MHz, 128MB RAM, spinning-rust hard disk) running Windows NT 3.51. Note how incredibly snappy opening apps is. 👇
0:21
459
1,519
9,470
4,771,513
Max Moser retweeted
@modzero@infosec.exchange@mod0
19 Dec 2022
Better make sure your password manager is secure -- or someone else will. We found critical security issues in the enterprise password manager Passwordstate that allowed to access passwords and gain a shell -- without any authentication #CVE-2022-3875 modzero.com/modlog/archives/…

1
24
40
12,657
Max Moser retweeted
Marcel Böhme👨‍🔬@mboehme_
6 Nov 2022
Reverse engineering via GDB. x.com/ClownWorld_/status/158…

27
226
1,512
Max Moser@rexploit
4 Nov 2022
@rexploit@chaos.social @joinmastodon see you over there. If you like that i find you there as well reply with the handle or dm me with it.
1
Max Moser retweeted
wrongbaud
@wrongbaud
23 Oct 2022
Finally, it is the year of Linux on the desktop
2
5
52
Max Moser retweeted
Nicolas Krassas
@Dinosn
12 Oct 2022
How Wi-Fi spy drones snooped on financial firm go.theregister.com/feed/www.…

Wi-Fi spy drones used to snoop on financial firm

Check your rooftops: Flying gear caught carrying network-intrusion kit

theregister.com
1
14
Max Moser@rexploit
24 Aug 2022
This is appreciation when submitting a bug:"We realise you’ve already spent plenty of time helping us so far."
13
Max Moser retweeted
Niki “No Longer Here” Tonsky@nikitonsky
23 Aug 2022
Can’t wait for AI to take over the world
1:05
494
8,368
40,972
Max Moser@rexploit
22 Aug 2022
If you are privileged on system but Falcon is getting in you way. Fear not, just uninstall it. The uninstall token is not required. See modzero.com/modlog/archives/… for details.
2
7
Max Moser retweeted
@modzero@infosec.exchange@mod0
22 Aug 2022
We found a security issue in the latest @CrowdStrike #FalconSensor. The bug itself isn't worth a tweet as the severity is pretty low. However, we’d like to shed some light on a ridiculous vulnerability disclosure process with CrowdStrike. #CVE-2022-2841 modzero.com/modlog/archives/…

9
136
472
Max Moser retweeted
Charles M. Ishihara@n_o_t_h_a_n_k_s
16 Aug 2022
Had a look at quite a nice (new-ish?) way to dump LSASS memory into WinDBG Time Travel Debugging (TTD) format, and pull creds out offline. 🧵
3
89
270
Max Moser retweeted
quarkslab@quarkslab
29 Jun 2022
Oops, they did it again! The Titan-M chip is the root of all security in Google's Pixel phones @DamianoMelotti & @max_r_b will talk about their journey from Reversing & Fuzzing to Code Execution & leaking its encryption keys tomorrow at @WEareTROOPERS troopers.de/troopers22/agend…
TItan-M chip in a Google Pixel phone with wires soldered for pwnage

ALT TItan-M chip in a Google Pixel phone with wires soldered for pwnage

8
126
428
Max Moser@rexploit
14 Jun 2022
I will be at the @a41con and giving some insights on the #MeetingOwl issues during my talk. Come meet me in the hallway track 😀 during the conference days and have a good chat 🍻
3
15
Max Moser@rexploit
3 Jun 2022
Hey twitterverse. Anyone got some old 8192hz 2-pin crystals around? Yeah 8.192khz not mhz.
1
1
Max Moser@rexploit
3 Jun 2022
If you want to hunt for MeetingOwl devices in your network. Check for devices with a MAC Address starting with BC:D7:13 or check your proxy/firewall/dns logs for connections to owllabs.com

1
2
Max Moser@rexploit
1 Jun 2022
Well as some questions start coming up regarding the #MeetingOwl insecurities. Here are some short and clear infos. Details in our report. modzero.com/modlog/archives/…

3
5
7
more replies
Max Moser@rexploit
1 Jun 2022
The geolocation of your device is exposed, as well as the domain and company name you entered during the registration.
1
Max Moser@rexploit
1 Jun 2022
You're in good company, I suggest not using it until fixes are available and applied.
1
Load more