Lays @_L4ys
Researcher / Co-Founder @TrapaSecurity & @pwnabletw/ MSRC Top 100 2019/2020 / Focus on hunting bugs that are as useless as me / @[email protected] blog.l4ys.tw 台灣 Joined January 2015-
Tweets2K
-
Followers3K
-
Following949
-
Likes9K
🧵[1/9] Time to publish the solution to this challenge! x.com/pilvar222/stat… The goal of this challenge was to find an XSS while avoiding it being blocked by the CSP sent by the PHP header() function. Let's dive into it!
🧵[1/9] Time to publish the solution to this challenge! x.com/pilvar222/stat… The goal of this challenge was to find an XSS while avoiding it being blocked by the CSP sent by the PHP header() function. Let's dive into it!
New blog from @gabe_k just dropped on discovering multiple vulns in Windows 11 24H2 + exploitation and nice KASLR bypass. exploits.forsale/24h2-nt-exploi…
Join @j00ru as he shares his research/adventure through the Windows Registry: googleprojectzero.blogspot.com/2024/04/the-wi… 50 CVEs is just the beginning. Future posts will explore the attack surface, history, practical exploitation using hive memory corruption, cell indexes and other good times🎉
Part 4 of our N-Day Exploit Series is LIVE! 🔥 ➡️ blog.theori.io/chaining-n-day… Unveiling CVE-2023-34044, an information leakage vulnerability in #VMware Workstation’s #VBluetooth device, found by our own @pr0Ln! It’s a variant of CVE-2023-20870 demonstrated by @starlabs_sg in…
😱 Fixing Typos and Breaching Microsoft’s Perimeter How John Stawinski & @adnanthekhan got RCE on a machine joined to @Microsoft’s largest Active Directory domain with the privileges of a Microsoft Senior Developer MSRC rewarded them with… $0 johnstawinski.com/2024/04/15/fix…
It's nice to have a positive Outlook. Akamai researchers have discovered another critical vulnerability that bypasses the patch for the custom sound vuln from March 2023. Psst: this one can also be triggered in Explorer 👀 Full write-up: akamai.com/blog/security-…
It's been a while since the last tweet and I really don't like to debate publicly, but after 6yrs hunting on MSRC, I finally got really messed up by their rules. They refused to pay bounty for a critical EoP issue and said I accessed the customer/PROD data. Well, it's hard to…
Here's my blog post about CVE-2024-26230. I aim not only to introduce the exploit stage but also hope to share my thoughts on how I completed the exploitation step-by-step in all my posts from now on. whereisk0shl.top/post/a-trick-t…
The third series in our N-Day full chain exploit is out now! blog.theori.io/chaining-n-day… We exploited CVE-2023-29360, a beautiful logical vulnerability in the Windows driver, to elevate the privilege from user to SYSTEM. It was also leveraged by @Synacktiv at Pwn2Own 2023…
🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)! I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis…
Backdoor in upstream xz/liblzma leading to ssh server compromise openwall.com/lists/oss-secu…
With so many high achieving people in security it’s common to feel like you never get enough work done. You should always take a step back and appreciate yourself. If you worked hard it will compound! Keep the momentum up! 💪
Wrote a little tool to generate a proxy for DLL hijacking. ASM stubs are often used for this purpose, but with some trickery you can use forwards with absolute paths! github.com/mrexodia/perfe… #infosec #redteam #Memes
We've started a blog series on N-day full chain exploits. The first part is about chrome renderer exploit, CVE-2023-3079. Check it now!👇👇 blog.theori.io/chaining-n-day… #Theori #티오리 #Blog #Research #Fermium252 #Chrome #VirtualMachine #CVE #Vulnerability
We've started a blog series on N-day full chain exploits. The first part is about chrome renderer exploit, CVE-2023-3079. Check it now!👇👇 blog.theori.io/chaining-n-day… #Theori #티오리 #Blog #Research #Fermium252 #Chrome #VirtualMachine #CVE #Vulnerability
In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gai…
Microsoft KMDF type generation to their propagation inside an IDB, read more about this IDA based tool on the Hexrays blog written by Julien and Arnaud. hex-rays.com/blog/plugin-fo…
Microsoft KMDF type generation to their propagation inside an IDB, read more about this IDA based tool on the Hexrays blog written by Julien and Arnaud. hex-rays.com/blog/plugin-fo…
Interesting short reading on CVE-2024-21305: Hypervisor-Protected Code Integrity (HVCI) bypass for arbitrary kernel-mode code execution Credits @standa_t and @aall86 tandasat.github.io/blog/2024/01/1… #cybersecurity #hvci