Etienne Stalmans

@_staaldraad

Security researcher and breaker of things. &

staaldraad.github.io
Beigetreten März 2010
210 Fotos und Videos Fotos und Videos

Tweets

Du hast @_staaldraad blockiert

Bist du sicher, dass du diese Tweets sehen willst? Das Ansehen von Tweets wird @_staaldraad nicht entblocken.

  1. Angehefteter Tweet
    15. Dez. 2020

    Excited to share a writeup of my latest bug - priv escalation in Postgresql (CVE-2020-25695)

    7 Antworten 137 Retweets 357 Gefällt mir
    Rückgängig machen
  2. vor 11 Stunden

    Come work with me at ! Ever wanted to solve tough security problems at scale? Keen on learning how to secure 6 different cloud platforms at once? Do you want the support and freedom to find creative solutions? The chance to give back to open source? DMs are open too

    Hiring for a bunch of infosec jobs - let me know if you're interested in security operations or security development positions here at
    3 Retweets 8 Gefällt mir
    Rückgängig machen
  3. 3. Okt.

    Solution: you need CAP_SYS_PTRACE. "Permission to dereference or read (readlink(2)) the symbolic links in this directory is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2)"

    screenshot showing that CAP_SYS_PTRACE allows reading of symlinks in /proc/<pid>/fd
    4 Gefällt mir
    Diesen Thread anzeigen
    Diesen Thread anzeigen
    Rückgängig machen
  4. 3. Okt.

    Does anyone know which capability I need to resolve a fd in /proc? Neither CAP_DAC_OVERRIDE or CAP_DAC_READ_SEARCH seem to do the trick. With them set I can at least get into the /proc/1/fd/ but readlink doesn't work.

    screenshot showing various attempts to set linux capabilities to allow reading of a fd by unprivileged user
    2 Antworten 2 Retweets 2 Gefällt mir
    Diesen Thread anzeigen
    Diesen Thread anzeigen
    Rückgängig machen
  5. 30. Aug.

    Huh, unexpected CVE is nice. Fun with squashfs - probably most useful in messing with ctf players / binwalkers ;)

    4 Retweets 9 Gefällt mir
    Rückgängig machen
  6. 24. Aug.

    `git push heroku main` 💜💜💜

    8 Gefällt mir
    Rückgängig machen
  7. hat retweetet
    27. Juli

    🦡✨🛠️ Excited to announce Metabadger - a tool to help prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2). Huge thanks to and for the support in bringing this to life

    5 Antworten 34 Retweets 77 Gefällt mir
    Rückgängig machen
  8. 27. Juli

    Working away in the background 🦀🧡

    8 Gefällt mir
    Diesen Thread anzeigen
    Diesen Thread anzeigen
    Rückgängig machen
  9. 27. Juli

    Started out the week with a solution that worked. After a few iterations and amazing input, we have something a 100x better and which will allow us to make security changes that are “invisible” to the platform. Everything keeps working as before, just with layers of security…

    1 Antwort 10 Gefällt mir
    Diesen Thread anzeigen
    Diesen Thread anzeigen
    Rückgängig machen
  10. 27. Juli

    What I’m really enjoying in my role at is the opportunity to make small, non-obvious, and incremental changes that ultimately result in significantly improving security. Having smart people apply the multiplier effect to those changes is just the cherry on top 🙌🧡

    1 Antwort 18 Gefällt mir
    Diesen Thread anzeigen
    Diesen Thread anzeigen
    Rückgängig machen
  11. hat retweetet
    1. Juli

    Friendly reminder, I'm still looking for a new teammate!

    12 Retweets 19 Gefällt mir
    Rückgängig machen
  12. hat retweetet
    29. Juni

    An EPYC escape: Case-study of a KVM breakout

    6 Antworten 226 Retweets 517 Gefällt mir
    Rückgängig machen
  13. 22. Juni

    Absolutely build tools! Or don't, seriously, do what works for you. We all learn differently, some people need to sit in a classroom, others self learn from books. Same applies to this domain, we all build those neural pathways in our own unique way.

    Bart simpson writing on chalkboard: "I will not build tools until I understand the domain"
    Repeat after me
    16 Gefällt mir
    Rückgängig machen
  14. 4. Juni

    I've now had a full month to sus it out; Aiven is fantastic and my team is brilliant. If you fancy a challenge and an opportunity to have a real impact, why not join the team? Not sure this is for you? My DMs are open.

    2 Retweets 14 Gefällt mir
    Rückgängig machen
  15. 25. Mai

    A bit of a different post from the usual. Lately I've been thinking a lot about how we communicate in security/engineering; accessibility is something we mostly overlook or ignore. A few naive thoughts on the topic:

    2 Antworten 3 Retweets 12 Gefällt mir
    Rückgängig machen
  16. 19. Mai

    Come join us! 🦀 Solve hard problems, work with extremely smart folks, make a real difference and give back to opensource. I'm having a blast 🚀

    Also why it’s a great place to work and actually get things done. You want to get paid to work on and do cool things in security? Talk to me about positions we are hiring for! Looking specifically for SecOps and SecDev people with a passion for doing cool things!
    6 Retweets 13 Gefällt mir
    Rückgängig machen
  17. 3. Mai

    Extremely excited to be joining ! The future is open and I'm looking forward to this journey of not only securing our platform and customers, but also contributing back to

    24 Antworten 4 Retweets 69 Gefällt mir
    Rückgängig machen
  18. hat retweetet
    1. Apr.

    Anyone need a new job? or would be perfect! I promise.

    11 Retweets 7 Gefällt mir
    Rückgängig machen
  19. 26. März

    Over the last few years I've gotten to see the value of a strong threat modeling program. I've put some of my thoughts and opinions on this into writing. I feel this covers some of the lesser discussed aspects and what has worked well (or not);

    8 Antworten 32 Retweets 75 Gefällt mir
    Rückgängig machen
  20. 5. März

    This is a fantastic talk and even if you only adopt one of these suggestions, your relationship between security and engineering will be the better for it. 💜

    Black Hat USA 2020 videos are out on YouTube! Excited to share our talk
    Diesen Thread anzeigen
    2 Antworten 7 Retweets 15 Gefällt mir
    Rückgängig machen
  21. hat retweetet
    4. März

    Application Security at Stripe has a few roles open at various levels. If you're looking to make a move check these openings and feel free to reach out, DMs are open!

    2 Retweets 5 Gefällt mir
    Rückgängig machen

@_staaldraad hat noch nichts getwittert.

Das Laden scheint etwas zu dauern.

Twitter ist möglicherweise überlastet oder hat einen vorübergehenden Schluckauf. Probiere es erneut oder besuche Twitter Status für weitere Informationen.

    Vielleicht gefällt dir auch

    ·