vr/exploit dev/offensive security; hacker @graplsec; she/her; i post online

Joined October 2019
Pinned Tweet
Thrilled to share my new blog post: Put an io_uring on it: Exploiting the Linux kernel. Follow me while I learn a new kernel subsystem + its attack surface, find an 0day, build an exploit, + come up with some new tricks. I go deep and demystify the process graplsecurity.com/post/iou-r…
52
660
44
2,341
Show this thread
anyone else remember palace? i ran my own server at like 9 y/o and had a whole staff. i made them log their shifts and assigned them scripting work for rooms, like what
6
37
someone reverse engineered the protocol so you could steal other people’s props and avatars
3
12
to get “hired” at the cool palace servers you had to know how to script (Iptscrae). being hired meant you had some privileges on the server. good times
2
17
Show this thread
if I don’t name a PoC “lol.bin” or “lol.exe” know that I’ve been kidnapped
if you ever see me type "lol" know i didnt write that shit ive been kidnapped
2
4
73
chompie retweeted
My new article about hacking the Zircon microkernel of Fuchsia OS "A Kernel Hacker Meets Fuchsia OS" swarm.ptsecurity.com/a-kerne… 🟪 Fuchsia security architecture 🟪 My exploit dev experiments for the Zircon microkernel 🟪 PoC attack planting a rootkit into the microkernel Enjoy!
📝New research by @a13xp0p0v: "A Kernel Hacker Meets Fuchsia OS" Fuchsia OS is based on the Zircon microkernel and developed by Google. Alexander assessed it from the attacker's point of view. Read the article: swarm.ptsecurity.com/a-kerne…
3
87
2
207
“the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem” - this is gold
blog.google/threat-analysis-… CVE-2021-1048 (Fixed by Al Viro w/ commit with missing security impact) exploited as n-day by a commercial surveillance company, last year's news but the attribution is new.
19
64
Show this thread
lol, someone copied my SMBGhost RCE to make this fake exploit
Replying to @BleepinComputer
When executed, both PoCs would pretend to exploit a remote device, even checking if the remote port was open, but would ultimately fail.
Show this thread
9
9
1
119
I'd just like to intersect for a moment. What you're referring to as GNU is infact, GNU/Timecube, or as I've recently taken to calling it GNUbe Stallman. Cubernetes is not a shape into itself, but rather another folded component of a full functioning GameCube system.
6
8
74
I'd just like to interject for a moment. What you're referring to as Linux is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system
I'd just like to interject for a moment. What you're referring to as Linux is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system
8
5
6
112
chompie retweeted
Replying to @yarden_shafir
did… did you just call Linux an operating system?
5
8
193
HR is in place to serve the best interests of the company, not the employees.
It's going to sound harsh, but always...*always* make HR prove their worth to you before you ever trust them when you're truly in need of their help.
3
6
2
84
Linux online mob when I say kernel maintainers don’t prioritize security
14
36
1
472
chompie retweeted
Recon 2022 schedule is now online. Note that this might not be the final schedule cfp.recon.cx/2022/schedule/#
1
27
4
77
This is ineffective because an attacker can just ROP at a target away from the kprobe. The kernel has more than enough gadgets. It’s trivial to bypass.
Can't wait until people start putting kprobes on the beginning of functions to claim to prevent some ROP-based attacks, so Pawel can just adjust the target a few bytes 😆
1
3
43
Como dice mi madre : “Esa cosa de acking que haces tú, yo ni siquiera sé 🙄🙄🙄”
How do I say hacker in Spanish ? I found pirata informático, but ya..... my family would die laughing at that one.
15
3
115
conclusion: Firecracker is a pretty hard target.
When we first started modeling attacks in our VMs we really weren't sure about this stuff. Offsec research was *critical* to our understanding and how we built our defenses. I've learned so much thanks to @chompie1337 's work as well as other researchers in the area.
2
14
102
haters will ignore this
23
DoJ officially announces that “good faith” computer security research won’t be prosecuted
5
26
1
124
new vim escape just dropped
Got a CVE in vim :)
13
76
4
494
unfortunately the lack of consequences has only emboldened me
5
4
93