Gaurav Baruah
@_gauravb_
vuln excavationist | Pwn2Own (partial) winner 😜
You might like
PSA: Beware of paying any money to crack.sh. Their password cracking queue is stuck and no one bothers responding to emails or tweets 🤦♂️ I have been trying for a week to contact them and finally had to resort to initiating a chargeback on my card today.
Never quite believed the phrase “third time’s a charm” until yesterday while watching the p2o draw. Got picked first in my category this year after participating for the past 2 yrs and having vuln collisions each time😆
another year, another collision 😂 #VulnCollisionLife
Another partial collision. One of the bugs used by @_gauravb_ to gain code execution on the #Cisco RV340 was previously known. He still earns $22,500 and 2.5 Master of Pwn points. #Pwn2Own #P2OAustin
Looking for hackers to join our Cyber Offense Program. Apply direct or DM. databricks.com/company/career…
databricks.com
Current job openings at Databricks | Databricks
Explore career opportunities at Databricks. Discover open positions and join our team to innovate in data, analytics, and AI.
A Eulogy for Patch-Gapping Chrome, with a special send-off exploit by @_2can and @sherl0ck__ of our nDay Team blog.exodusintel.com/2020/02/24/a-e…
blog.exodusintel.com
A EULOGY FOR PATCH-GAPPING CHROME - Exodus Intelligence
Authors: István Kurucsai and Vignesh S Rao In 2019 we looked at patch gapping Chrome on two separate occasions. The conclusion was that exploiting 1day vulnerabilities well before the fixes were...
Patch-gapping in practice: Google Chrome edition (by @_2can of our nDay team) blog.exodusintel.com/2019/09/09/pat…
We’re still growing, and looking for more elite researchers. Check out the job openings at exodusintel.com/careers.html
Check out part 2 (The SBX) of the blog post by @ax330d for his winning Pwn2Own entry on Edge blog.exodusintel.com/2019/05/27/pwn… #pwn2own #vulnerability #exploit #0day
Check out part 1 of the blog post by @ax330d for his winning Pwn2Own entry on Edge (sbx part2 coming next) blog.exodusintel.com/2019/05/19/pwn… #exploit #vulnerability #pwn2own
.@tekwizz123 of our Nday team exploits the recently patched CVE-2019-0808 win32k bug to escape the chrome sandbox blog.exodusintel.com/2019/05/17/win…
blog.exodusintel.com
Windows Within Windows - Escaping The Chrome Sandbox With a Win32k NDay - Exodus Intelligence
This post explores a recently patched Win32k vulnerability (CVE-2019-0808) that was used in the wild with CVE-2019-5786 to provide a full Google Chrome sandbox escape chain. Overview On March 7th...
If you're at zer0con this week, stop by and check out @externalist talk on exploiting Magellan bug on Chrome
So @_2can of our nDay team is back at it - this time with a chrome 1day exploit that targets the latest stable version blog.exodusintel.com/2019/04/03/a-w…
blog.exodusintel.com
A window of opportunity: exploiting a Chrome 1day vulnerability
This post explores the possibility of developing a working exploit for a vulnerability already patched in the v8 source tree before the fix makes it into a stable Chrome release.
@_2can of our Nday team takes a closer look at the recently patched Chrome vulnerability spotted in the wild (exploit included) blog.exodusintel.com/2019/02/20/cve…
@Externalist of our Nday Team details exploiting the recently patched Magellan bug on 64-bit Chrome Desktop (exploit included) blog.exodusintel.com/2019/01/22/exp…
blog.exodusintel.com
Exploiting the Magellan bug on 64-bit Chrome Desktop
In this post, we show how to reverse engineer the Magellan bug from the patch and exploit it on a 64bit desktop environment.
Here's a high level outline of what I'll be teaching. My goal is to convey the thought process behind identifying vulnerabilities within embedded devices and developing exploits for them. Device 1 - MIPS (Real-time OS) [Outline Pending] Device 2 - ARMv7 (Linux)
![b1ack0wl's tweet image. Here's a high level outline of what I'll be teaching. My goal is to convey the thought process behind identifying vulnerabilities within embedded devices and developing exploits for them.
Device 1 - MIPS (Real-time OS) [Outline Pending]
Device 2 - ARMv7 (Linux)](https://pbs.twimg.com/media/Dr_AYjlU0AAsOO4.jpg)
@_2can of our N-day team busts some myths regarding security fixes: blog.exodusintel.com/2018/10/16/hpe…
blog.exodusintel.com
HPE IMC: A Case Study On The Reliability of Security Fixes
This post highlights several mistakes in the patches released for vulnerabilities affecting various services of HPE Intelligent Management Center, with a focus on its native binaries.
After a good amount of feedback and requests, we have decided to move our Intro to Embedded System training back to Feb 18, 2019. We have also extended the early ticket discount to reflect the new dates. blog.exodusintel.com/2018/09/05/int…
“Any fool can write code that a computer can understand. Good programmers write code that humans can understand.” – Martin Fowler
@_gauravb_ and @tekwizz123 from our N-Day team on the accuracy of public advisories: blog.exodusintel.com/2018/09/13/to-…
blog.exodusintel.com
To ../ or not to ../, that is the question
This blogpost details an incorrect root cause analysis of a (supposedly) patched vulnerability in Advantech WebAccess which underwent multiple rounds of public analysis.
Our Nday team has uncovered a failed patch in @McAfee TrueKey. It has been reported and a patch was attempted. Read more: blog.exodusintel.com/?p=1280
United States Trends
- 1. $BNKK 1,002 posts
- 2. Pond 206K posts
- 3. #MondayMotivation 38.1K posts
- 4. Happy 250th 6,071 posts
- 5. $LMT $450.50 Lockheed F-35 1,109 posts
- 6. Good Monday 42.9K posts
- 7. Go Birds 4,458 posts
- 8. $SENS $0.70 Senseonics CGM 1,126 posts
- 9. Semper Fi 5,807 posts
- 10. $APDN $0.20 Applied DNA 1,101 posts
- 11. Obamacare 216K posts
- 12. Victory Monday 2,142 posts
- 13. Rudy Giuliani 27.6K posts
- 14. Edmund Fitzgerald 5,073 posts
- 15. #Talus_Labs N/A
- 16. #SoloLaUniónNosHaráLibres 1,957 posts
- 17. #MondayVibes 2,944 posts
- 18. #USMC 1,010 posts
- 19. Devil Dogs 1,680 posts
- 20. Veterans Day 21.2K posts
You might like
-
Jeremy Fetiveau
@__x86 -
maxpl0it
@maxpl0it -
Thach Nguyen Hoang 🇻🇳
@hi_im_d4rkn3ss -
POC_Crew
@POC_Crew -
Cedric Halbronn
@saidelike -
Đào Trọng Nghĩa
@nghiadt1098 -
Lays
@_L4ys -
Hossein Lotfi
@hosselot -
The Dustin Childs
@dustin_childs -
Phạm Hồng Phi 🇻🇳
@4nhdaden -
[email protected]
@CodeColorist -
Lucas Leong
@_wmliang_ -
Matthias Kaiser
@matthias_kaiser -
Jun Kokatsu
@shhnjk -
disclose.io (infosec.exchange/@disclose)
@disclose_io
Something went wrong.
Something went wrong.