Federico Bento @uid1000
Joined November 2016-
Tweets540
-
Followers953
-
Following65
-
Likes623
Today I learned that a memory corruption vulnerability may not be considered a memory corruption vulnerability
1
0
0
0
0
Looking at a private version of PaX/grsec from the 2nd half of this year, there's no probabilistic xor cookie retaddr protection for the 'iret' insn case. I'm not saying it can't be done & I'm also not saying it isn't implemented in some later or exotic commercial version.
Talking about bruised egos, apparently a certain someone decided to throw a tantrum and block me because he just got nominated for the Lamest Vendor Response award... Isn't it ironic? Good riddance!
Fun fact: the initial Kaiser (currently KPTI) patches, which were meant to fix KASLR breaks via CPU side-channel attacks (read: not Meltdown), specifically said that KASLR could still be broken. For more, see "challenge 2" from the original paper.
Federico Bento retweeted
@bluefrostsec @NicoEconomou I liked the blog but this tweet is pretty dramatic. kASLR was vulnerable to timing attacks prior to Meltdown and we explicitly documented that our Meltdown mitigation does not attempt to solve kASLR. kASLR was never safe from timing attacks nor should anyone have expected it was.
git.kernel.org/pub/scm/linux/…… is a cute bug and also a good reminder that one of SMAP's weaknesses is the reliance on EFLAGS.AC
Federico Bento retweeted
Cool writeup exploiting FreeBSD bhyve. Nice to see the same points from other platforms repeat here: - CFI makes more exploits leak the stack && do ROP (it's easy) - RFG/SafeStack/whatever in software is weak, many ways to leak the shadow stack address phrack.org/papers/escapin…
Federico Bento retweeted
Interesting facts about 'exec_id' - almost all Linux kernels insufficiently restrict exit signals (except 2.0.39 and 2.0.40 ;-)) blog.pi3.com.pl/?p=697
Federico Bento retweeted
Let's try kernel stack base offset randomization again! :) lore.kernel.org/lkml/202003242…
Federico Bento retweeted
New blog post on Hardware-enforced Stack Protection in Windows 10 from the Windows kernel team (@TheRealHariP & @mamyun) Support is in WIP fast ring builds if/when you have a CPU that supports CET :) techcommunity.microsoft.com/t5/windows-ker…
Federico Bento retweeted
Free knowledge! 🔥 We have a new blog post ready, which discloses an unfixed Linux UserLAnd ASLR bypass. Read here: bit.ly/2ULoj97 -- #cybersecurity #informationsecurity #linux #ASLR #alwayskeeplearning #wildfire #goblaze
André Baptista @0xacb
17K Followers 784 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
Halvar Flake @halvarflake
44K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
Pedro Umbelino @kripthor
1K Followers 728 Following rural hacker. nfcdripper. hardware maker. software breaker.
Tiago Henriques @Balgan
3K Followers 1K Following CUO @solvecyberrisk - I help build the future of cyberinsurance . ex CEO/Founder @binaryedgeio (acquired) - Opinions=mine.
fG! @osxreverser
12K Followers 791 Following Know a thing or two about Reverse Engineering and Economics. Love 911s with three pedals and natural aspirated engines.
LiveOverflow 🔴 @LiveOverflow
156K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
Andrey Konovalov @andreyknvl
7K Followers 788 Following Security engineer at https://t.co/027VXUlgOx. Focusing on the Linux kernel. Maintaining @linkersec. Trainings at https://t.co/D5MrxmYimS.
Rodrigo Branco @bsdaemon
13K Followers 4K Following Chief Architect, Security Research Binarly. Grsecurity. BYOS - Advisor Dartmouth's Hacker in Residence OffensiveCon, Langsec, DistrictCon, Secdev Committee
Rio @0x09AL
7K Followers 1K Following POC || GTFO Red Teaming - @NetSPI Organiser - @BSidesTirana @AxiomBreach
Phenol @Phenol__
885 Followers 687 Following Former chemistry student. @42born2code student. Reversing and pwning stuffs at @RandoriSec.
Pedro Ferreira @nunofexki
101 Followers 844 Following Security Student 🔑 CTF noob, but learning Infosec every day 💻
Pruff @proffsmoke
67 Followers 1K Following
DaniK @danikdaniqua
131 Followers 924 Following
aholic @aholic287971
0 Followers 22 Following
Cybersafe and sound (... @CybersafeSound
52 Followers 473 Following She / Her. Making cybersecurity accessible to everyone and helping you stay safe against cybercrime. X is a platform run by a fascist
.R @1337Rayan
0 Followers 524 Following
Gonçalo Ferreira @gonsalu
38 Followers 269 Following
Renato Alencar @cajuinaoverflow
2K Followers 2K Following Smashing the stacks for fun and profit. Mostly into OCaml and Clojure these days, hacking stuff together until it works.
Ohs3eej7 @ohs3eej793493
40 Followers 362 Following
d4v1d @pwn2dav
17 Followers 139 Following - | Exploit Developer | IT-Researcher |- https://t.co/mHvexx2AqH
Steve @st9eve
22 Followers 234 Following
rz @_luiscatarinoz3
0 Followers 372 Following
Leon Amator @LeonAmator
17 Followers 151 Following
Caitlin @Aliceho04140589
31 Followers 464 Following
Dr. Deep @DrDeep50756563
0 Followers 26 Following
Flavio Carpinteiro @flaviocarpin
129 Followers 603 Following Tech Lead, passive income investor focus on dividends
jemos @j3mos
27 Followers 325 Following
buckfunky @buckfunky
1 Followers 22 Following
Hack Disciple @hackdisciple
8 Followers 72 Following
Luca Giardullo @GiardulloLuca
1 Followers 1K Following
Organik Sec @OrganikSec
1 Followers 85 Following
🐺 RLobo (sbzo) @_sbzo
367 Followers 1K Following Security Researcher at @blackwinghq | 0x4834636B33720A
Yannick P. @assezpale
66 Followers 300 Following Ex. AS35393, now AS12876. Server hardware + Linux/FreeBSD.
eggbeater @eggbeater63
0 Followers 47 Following
André Machado @andre_machado3
0 Followers 42 Following
[CP77] @n0rdluchs
6 Followers 718 Following
0xch1n @0xch1n
24 Followers 736 Following
Manuel Corregedor @break2fix
186 Followers 384 Following
habbedz @habbedz1
0 Followers 562 Following
HappyBento @HappybentoJapan
0 Followers 181 Following Bento VLOG Please come and visit us if you like
Bart Mistrot @BartMistrot
11 Followers 1K Following
KR13P @KR13P
86 Followers 424 Following
Elizabeth @Elizabe666888
15 Followers 1K Following
Robert Johnson @RobertC_Johnson
0 Followers 5K Following
Faceless @sickid
114 Followers 636 Following /ˈradɪk(ə)l/ very new and different from the usual or ordinary ***** ***
André Baptista @0xacb
17K Followers 784 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
Halvar Flake @halvarflake
44K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
Tiago Henriques @Balgan
3K Followers 1K Following CUO @solvecyberrisk - I help build the future of cyberinsurance . ex CEO/Founder @binaryedgeio (acquired) - Opinions=mine.
fG! @osxreverser
12K Followers 791 Following Know a thing or two about Reverse Engineering and Economics. Love 911s with three pedals and natural aspirated engines.
twiz @lazytyped
815 Followers 311 Following Barely grasping the small picture. Opinions are all someone else's
thaddeus e. grugq @thegrugq
128K Followers 417 Following Hacker :: PhD researcher @warstudies @KingsCollegeLon :: [email protected] :: PGP https://t.co/dYipV8y3bo
Tavis Ormandy @taviso
130K Followers 632 Following Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine. I'm also @[email protected]
Andrey Konovalov @andreyknvl
7K Followers 788 Following Security engineer at https://t.co/027VXUlgOx. Focusing on the Linux kernel. Maintaining @linkersec. Trainings at https://t.co/D5MrxmYimS.
Rodrigo Branco @bsdaemon
13K Followers 4K Following Chief Architect, Security Research Binarly. Grsecurity. BYOS - Advisor Dartmouth's Hacker in Residence OffensiveCon, Langsec, DistrictCon, Secdev Committee
Pedro Justo @itanium_guy
497 Followers 156 Following 🇵🇹 https://t.co/aT6qKA7gVz https://t.co/Ery7KXM3Dh
Jacques Fortier @jacquesgt
2K Followers 144 Following Firmware, operating systems, and security at billion device scale, but mostly pictures of my cat. @[email protected]
Manuel Corregedor @break2fix
186 Followers 384 Following
Anders Fogh @anders_fogh
3K Followers 544 Following Don't for get the Jacobian. Opinions are mine. Interested in improving IT-Security. Intel employee. This is a personal account, opinions are mine.
Brandon Edwards @drraid
5K Followers 1K Following CTO @crashappsec. Past: Cofounder and Chief Scientist @capsule8, Hacker-in-Residence @NYUTandon, and other research, reverse-engineering, and exploit dev roles.
renorobert @renorobertr
2K Followers 924 Following
Adam 'pi3' Zabrocki @Adam_pi3
3K Followers 336 Following Director of Offensive Security @NVIDIA, architecting @RISC_V, @LKRG_org Founder, @BlackHatEvents & @Defcon Speaker, #Phrack author, @PwnieAwards nominee
scriptjunkie (Matt) @scriptjunkie1
7K Followers 1K Following Documentation is lies. Source is an abstraction. Assembly is the truth. Also at https://t.co/VYFZ0HHnQn and nostr npub10mx0gx3r2lszrrut8kvr5mt2m8r9ffhn
Vasco @V_jofra
83 Followers 206 Following
@[email protected]... @qwertyoruiopz
123K Followers 867 Following I no longer use Twitter. Mastodon: @[email protected], IRC: https://t.co/Fl1O3K3DTV #chat
Pedro Rodrigues @Pedro_SEC_R
155 Followers 131 Following Invited Assistant Lecturer. InfoSec enthusiast. I love to break stuff. Understanding how things work is half the way for pwnage. Opinions are my own.
Stefano Zanero @raistolo
19K Followers 2K Following Tinkerer, security geek, recovering entrepreneur, full professor @polimi, frequent flyer, pilot (follow https://t.co/19HknsE6EE). He/him 🏳️🌈
Julio @juliocesarfort
2K Followers 3K Following I'm not cut from the same mold, I don't read from the same old story. South American in Eastern Europe. Opinions are mine.
rui @fdiskyou
2K Followers 241 Following BJJ Black Belt. Type Confused. calc||GTFO. Retired @OpenBSD committer, former @ProjectHoneynet researcher, @exploitdb core team vet.
Silvio Cesare @silviocesare
11K Followers 1K Following CTO of @infosectcbr. Co-founder of @bsidescbr. Still hacking.
Pedro Adão @pedromigueladao
426 Followers 437 Following Associate Professor @ IST, ULisboa 🇵🇹. Proud mentor of @STTSec CTF team.
Andy Nguyen @theflow0
61K Followers 447 Following The opinions stated here are my own, not those of my company.
`Ivan @Ivanlef0u
11K Followers 4K Following
stephen @_tsuro
10K Followers 527 Following @v8js security, CTFs and CPU vulnz. LCHL. @[email protected]
Filipe Casal @filipe_casal
122 Followers 409 Following
Duarte Silva @serializingme
1K Followers 91 Following On my free time, I'm a tinker. For a living, I'm a security researcher that breaks and builds. 🎱👌🏻 @[email protected]
0xfad0 @0xfad0
117 Followers 86 Following
Azeria @Fox0x01
122K Followers 597 Following Sneaky bit flipper | CEO @azeria_labs | Author of “Arm Assembly Internals & RE” @BlueFoxBook | Adjunct Professor @SAISHopkins | Forbes 30u30
Zezadas @0xz3z4d45
636 Followers 676 Following Organic hacker, sharing Bio && Healthy hacks. Supporter of the charity cause, 'helping noobs to exit vim' - because everyone deserves a chance to write and quit
Jack64 @penagil
318 Followers 619 Following
David Weston (DWIZZZL... @dwizzzleMSFT
25K Followers 2K Following Corporate Vice President, OS Security and Enterprise @Microsoft
HD @hdontwit
673 Followers 967 Following Made of 1s and 0s. @BSidesLisbon organizer. iOS security student.
Pwnie Awards @PwnieAwards
12K Followers 24 Following An annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community.
comex @comex
152K Followers 287 Following Mastodon: @[email protected] / https://t.co/MZ1EDnKsAI | Cohost (inactive): https://t.co/BkMXfegtxe
Vasileios Kemerlis @vkemerlis
1K Followers 819 Following Professor @BrownUniversity. Brown Hat. Research on systems and software security. 🏴☠️🇬🇷🇺🇸
Ike Broflovski @steaIth
3K Followers 1K Following sh/csh Chief Dude @ Sobchak Security $_='print"\$_=\47$_\47;eval"';eval
Matt Miller @epakskape
12K Followers 649 Following Killing bug classes and breaking exploits as part of @msftsecresponse. Adding more entropy to the Internet. https://t.co/J8GCGurGP3
Chris Evans @scarybeasts
25K Followers 202 Following CISO and Chief Hacking Officer at HackerOne. Past: Founded {vsftpd, Chrome security, Google Project Zero}; Tesla; Dropbox. Hacker / Researcher. beebjit.
José Luís Sousa @JLLiS
2K Followers 417 Following Information Security @ https://t.co/JiZpWUmoCU | Senior Player @ @ExtremeSTF (xSTF)
Trends for United States
52 B posts
5.323 posts
46,9 B posts
51 B posts
32,8 B posts
313 B posts
19,7 B posts
39,7 B posts
52,1 B posts
12,7 B posts
386 B posts
22,3 B posts
46,7 B posts
10,5 B posts
21,9 B posts
2.332 posts
38 B posts
2.725 posts
You might like
BSidesLisbon
@Bsideslisbon
2K Followers
acez
@amatcama
4K Followers
grsecurity
@grsecurity
9K Followers
Vitaly Nikolenko
@vnik5287
6K Followers
Bruno
@bkth_
7K Followers
stephen
@_tsuro
10K Followers
Markus Vervier
@marver
3K Followers
Felix Wilhelm
@_fel1x
11K Followers
morisson
@morisson
1K Followers
ohjin
@pwn_expoit
4K Followers
Alexander Popov
@a13xp0p0v
7K Followers
André Baptista
@0xacb
17K Followers
Luca Carettoni
@lucacarettoni
4K Followers
KITCTF
@KITCTF
2K Followers
José Luís Sousa
@JLLiS
2K Followers