Simon Scannell

@scannell_simon

I like to learn by breaking things. Vulnerability Research

~
scannell.io
Регистриран през октомври 2018 г.
4 Снимки и видеоклипове Снимки и видеоклипове

туита

Блокираш @scannell_simon

Наистина ли искаш да видиш тези туитове? Това няма да разблокира @scannell_simon

  1. Закачен туит
    14.05

    Really happy to publish something again. I have to admit I'm proud of the info leak, it enabled the exploit to be 100% reliable. We might publish the exploit code soon

    Counter-Strike Global Offsets: reliable remote code execution by (Guest article)
    1 reply 3 ретуита 22 харесва
    Отмяна
  2. ретуитна
    12.10

    Our research team enjoyed a great and presented "A Common Bypass Pattern to Exploit Modern Web Apps". Stay tuned for the slides.

    Thank you all for coming to and for those who followed the presentations via our online stream as well! See you next year with new exciting content! Photos from Friday:
    4 ретуита 13 харесва
    Отмяна
  3. 11.10

    It was a pleasure!

    Thank you all for coming to and for those who followed the presentations via our online stream as well! See you next year with new exciting content! Photos from Friday:
    1 ретуит 13 харесва
    Отмяна
  4. ретуитна
    4.10

    will talk about A Common Bypass Pattern to Exploit Modern Web Apps at . Make sure to get your ticket on time:

    1 ретуит 2 харесва
    Отмяна
  5. ретуитна
    14.08

    The plural of regex is regrets

    55 replies 1 524 ретуита 7 300 харесва
    Отмяна
  6. ретуитна
    12.08

    MyBB fixed a Persistent XSS (CVE-2021-27279) in MyBB < 1.8.25 found by our researcher Igor Sak-Sakovskiy. RCE is possible when chained with CVE-2021-27890, reported by Simon Scannell & Carl Smith. Advisory:

    3 replies 38 ретуита 79 харесва
    Показване на тази нишка
    Показване на тази нишка
    Отмяна
  7. ретуитна
    5.08

    Tired of hopping between boring programs? We are looking for full-time and vulnerability researchers to join our R&D team and uncover impactful bugs in popular open-source projects:

    20 ретуита 25 харесва
    Отмяна
  8. ретуитна
    2.08

    We are excited that our security researchers and are honored with a nomination for this year's ... - Best Client-Side Bug (RCE through CS:GO) - Best Privilege Escalation Bug (CVE-2020-27194) - Most Under-Hyped Research (Composer)

    Announcing the 2021 Pwnie Award nominations:
    4 ретуита 27 харесва
    Отмяна
  9. ретуитна
    29.07

    So excited to finally release my blog post- Kernel Pwning with eBPF: a Love Story. I cover eBPF, the verifier, debugging, exploitation, mitigations and other cool findings! I do root cause analysis and exploit CVE-2021-3490 for LPE with PoC included.

    41 replies 612 ретуита 1 834 харесва
    Показване на тази нишка
    Показване на тази нишка
    Отмяна
  10. ретуитна
    28.07

    We discovered a and code vulnerability in Zimbra webmail that could enable attackers to steal all emails of an organization by sending one malicious email. Learn more in our new blog post:

    8 ретуита 8 харесва
    Отмяна
  11. 27.07

    Really happy to have published something again, especially web stuff! pre-auth Stored XSS in email body + SSRF

    2 replies 42 ретуита 114 харесва
    Отмяна
  12. ретуитна
    14.07

    Yet another Linux kernel exploitation write-up! CVE-2021-22555: Turning \x00\x00 into 10000$

    15 replies 443 ретуита 1 300 харесва
    Отмяна
  13. ретуитна
    18.05

    My first blog post as a vulnerability researcher is up 🎉 Check it out to learn about blind and error-based NoSQL injections in RocketChat that ended up giving me RCE!

    NoSQL Injections in 3.12.1 allowed to take over the chat server. Learn more about these code vulnerabilities and how to prevent them:
    4 ретуита 23 харесва
    Отмяна
  14. ретуитна
    16.05

    Just published the source code for both proxy and pocs

    Counter-Strike Global Offsets: reliable remote code execution by (Guest article)
    11 ретуита 17 харесва
    Отмяна
  15. ретуитна
    15.05

    I've written multiple OSes, dozens of compilers, and even developed entirely new algorithms. I'm a high-school dropout.

    TikTok comment “you can be a programmer the word engineer needs a degree”
    🤯 RT this if you’re an engineer working on OS, compilers, APIs, algorithms without an engineering degree! 💅
    Показване на тази нишка
    6 replies 37 ретуита 285 харесва
    Отмяна
  16. ретуитна
    27.04

    XXE Vulnerability in <5.7.1: Learn what attackers were able to do and how to patch your code.

    4 replies 192 ретуита 384 харесва
    Отмяна
  17. ретуитна
    13.04

    You can read about our work in the latest VICE article

    7 replies 17 ретуита 96 харесва
    Отмяна
  18. ретуитна
    12.04

    I wonder if it's possible to challenge H1 legally for enforcing unlimited NDA on those bug reports while never acting on them? do you know of any precedent?

    Valve ignoring security researchers is not just specific to the secret club. Here we see Bien Pham demonstrate his Remote Code Execution exploit that has not been patched for over a year.
    3 replies 8 ретуита 37 харесва
    Показване на тази нишка
    Показване на тази нишка
    Отмяна
  19. ретуитна
    12.04

    Valve ignoring security researchers is not just specific to the secret club. Here we see Bien Pham demonstrate his Remote Code Execution exploit that has not been patched for over a year.

    0:37
    As you may know, recently posted videos about Source Engine games RCE. I was also ignored by Valve for a year. Here's the demonstration of my report. RCE can be achieved by connecting to a malicious server, then the chain will be completed when game is restarted.
    Показване на тази нишка
    11 replies 113 ретуита 397 харесва
    Отмяна
  20. ретуитна
    11.04

    Two years ago, slidybat reported a remote code execution affecting Team Fortress 2. It can be triggered by joining a community server. It has yet to be patched.

    8 replies 111 ретуита 424 харесва
    Показване на тази нишка
    Показване на тази нишка
    Отмяна

Потребителят @scannell_simon още не е туитвал.

Изглежда зареждането отнема известно време.

Twitter може да е претоварен или да изпитва моментно затруднение. Опитай отново или виж Twitter Status за повече информация.

    Може също да харесаш

    ·