user avatar
Solar Designer
@solardiz
@Openwall founder, @oss_security maintainer, @lkrg_org co-author, @CtrlIQ Linux security engineer. RTs don't imply agreement with points of view.
openwall.com
Joined August 2012
1,385
Following
13.2K
Followers
  • user avatar
    Solar Designer
    @solardiz
    Feb 26, 2023
    6-part blog series on UEFI firmware bug hunting by @assaf_carlsbad @liba2k at @LabsSentinel: Part 1 sentinelone.com/labs/moving-fr… Part 2 sentinelone.com/labs/moving-fr… Part 3 sentinelone.com/labs/moving-fr… Part 4 sentinelone.com/labs/adventure… Part 5 sentinelone.com/labs/zen-and-t… Part 6 sentinelone.com/labs/another-b…
    25K
  • user avatar
    Solar Designer
    @solardiz
    Dec 6, 2016
    CVE-2016-8655 Linux AF_PACKET race condition (local root). Found by Philip Pettersson. Exploit for Ubuntu tomorrow. openwall.com/lists/oss-secu…
  • user avatar
    Solar Designer
    @solardiz
    May 21, 2017
    C/C++ "Undefined Behavior in 2017" slides by @johnregehr cs.utah.edu/~regehr/ub-201… from Qualcomm's #QPSIsummit qct-qualcomm.secure.force.com/QCTConference/…
  • user avatar
    Solar Designer
    @solardiz
    Mar 30, 2017
    CVE-2017-7184 Linux kernel privesc demo'ed by @ChaitinTech in #Pwn2Own is now public openwall.com/lists/oss-secu…
    user avatar
    TrendAI Zero Day Initiative
    @thezdi
    Mar 15, 2017
    We've seen folks pop calc, and folks pop calc in scientific mode, but xcalc is a first for #Pwn2Own - thanks to @ChaitinTech. #P2O
  • user avatar
    Solar Designer
    @solardiz
    Feb 10, 2014
    Online C to multi-arch asm: gcc.godbolt.org (x86, ARM, AVR, MSP430), decompiler.fit.vutbr.cz/decompilation/ (x86, ARM, MIPS) h/t @filcab @agelastic
    gcc.godbolt.org
    Compiler Explorer
  • user avatar
    Solar Designer
    @solardiz
    Jun 8, 2023
    As reminded by @chompie1337's tweet of her talk's video (highly recommended!), if you missed (the stream of) my talk "15+ years of oss-security" at SSTIC you can watch the recording here: sstic.org/2023/presentat…
    user avatar
    chompie
    @chompie1337
    Jun 8, 2023
    If you missed the stream of my talk “Deep Attack Surfaces, Shallow Bugs” at SSTIC you can watch the recording here: sstic.org/2023/presentat…
    chompie giving a talk at SSTIC, a French security conference
    36K
  • user avatar
    Solar Designer
    @solardiz
    Dec 9, 2023
    CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS
    24K
  • user avatar
    Solar Designer
    @solardiz
    Jan 26, 2016
    Zsun WiFi SD card reader ($11 from Banggood) hacked to run OpenWrt, can make a WiFi AP/client/repeater wiki.hackerspace.pl/projects:zsun-…
  • user avatar
    Solar Designer
    @solardiz
    Oct 24, 2016
    vDSO is the scariest #DirtyCOW attack target so far: sandbox, container escape w/o shared files, KSM. "sysctl -w kernel.vdso=0" if you have.
  • user avatar
    Solar Designer
    @solardiz
    Aug 12, 2016
    Stratified Synthesis: Automatically Learning the x86-64 Instruction Set stefanheule.com/s/projects/str… paper, slides, code, data h/t @embarbosa
    stefanheule.com
    Strata Artifact
    Main landing page for the strata research project
  • user avatar
    Solar Designer
    @solardiz
    May 8, 2016
    Thank you all for the memories and kind words you tweeted in response to my Phrack prophile. Kudos to Phrack Staff for keeping Phrack alive.
  • user avatar
    Solar Designer
    @solardiz
    Feb 19, 2017
    NetBSD leaks 249 bytes over Ethernet (ARP) ftp.netbsd.org/pub/NetBSD/sec… Linux <2.0.40 leaks 20 bytes over Internet (ICMP) lists.openwall.net/full-disclosur…
  • user avatar
    Solar Designer
    @solardiz
    May 7, 2016
    There's a surprisingly well-researched prophile on me in latest Phrack phrack.org/issues/69/2.ht…
  • user avatar
    Solar Designer
    @solardiz
    Jun 25, 2017
    Cracking DES-based crypt(3) openwall.com/lists/john-use… and bcrypt (new!) openwall.com/lists/john-use… on ZTEX 1.15y quad-@FPGA_boards in @QubesOS VM