Log inSign up
raptor
13.3K posts
user avatar
raptor
@0xdea
When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
Europe
0xdeadbeef.info
Joined July 2010
17
Following
14.1K
Followers

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Pinned
    user avatar
    raptor
    @0xdea
    Oct 5, 2021
    It finally happened… I’ve been published on #Phrack! After more than five years since the last issue, #Phrack70 is out, featuring my article “Exploiting a Format String Bug in Solaris CDE”! I guess I can retire now 🐛 phrack.org/issues/70/13.h…
  • user avatar
    raptor
    @0xdea
    Oct 9, 2022
    CVE-2022-26766: the CoreTrust bug "For years, macOS allowed any root certificate when checking code signatures, making code signing completely useless." // bug discovered by @LinusHenze // writeup by @zhuowei worthdoingbadly.com/coretrust/
  • user avatar
    raptor
    @0xdea
    Dec 5, 2018
    “unprivileged users with UID > INT_MAX can successfully execute any systemctl command” 😱 github.com/systemd/system…
  • user avatar
    raptor
    @0xdea
    Dec 8, 2022
    Sniffing SSH passwords TL;DR # pgrep -l sshd 6235 sshd # strace -f -p 6235 -e trace=write -o capture networklogician.com/2021/04/17/sni…
  • user avatar
    raptor
    @0xdea
    Jul 7, 2022
    Automating binary vulnerability discovery with Ghidra and @semgrep, by yours truly 💚 security.humanativaspa.it/automating-bin…
  • user avatar
    raptor
    @0xdea
    Jul 22, 2015
    "The SQL injection is mitigated client-side" @vendorexcuses @Hackerfessions @thegrugq @SwiftOnSecurity @owasp
  • user avatar
    raptor
    @0xdea
    Dec 30, 2017
    Command line Russian roulette #donttrythisathome
  • user avatar
    raptor
    @0xdea
    Oct 18, 2021
    As it turns out, a non-negligible number of people in infosec don’t know what L0phtCrack is and, I assume by extension, what L0pht is. I suppose it’s somewhat normal but it shouldn’t be. Our roots are important. We should not forget them. I think.
  • user avatar
    raptor
    @0xdea
    May 25, 2021
    The upcoming #Ghidra version 10 is full of new juicy features! Including the much anticipated debugger… github.com/NationalSecuri…
  • user avatar
    raptor
    @0xdea
    Dec 26, 2022
    Good primer on #windows access token abuse by @Defte_ @sensepost @orangecyberdef Abusing Windows’ tokens to compromise #activedirectory without touching LSASS sensepost.com/blog/2022/abus… Tool release: github.com/sensepost/impe…
    53K
  • user avatar
    raptor
    @0xdea
    Jul 28, 2021
    Replying to @ParchmentScroll and @thegrugq
    👆
  • user avatar
    raptor
    @0xdea
    Feb 3, 2019
    This remains a pretty accurate definition of hacking 🤟
    user avatar
    Jerry Gamblin
    @JGamblin
    Mar 25, 2017
    Sometimes, hacking is just someone spending more time on something than anyone else might reasonably expect.
  • user avatar
    raptor
    @0xdea
    Sep 11, 2022
    Always a great read: dolosgroup.io/blog/2021/7/9/… “We took a locked down FDE laptop, sniffed the BitLocker decryption key coming out of the TPM, backdoored a virtualized image, and used its VPN auto-connect feature to attack the internal corporate network.”
  • user avatar
    raptor
    @0xdea
    Jun 28, 2021
    Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent 🤨
    GitHub - irsl/gcp-dhcp-takeover-code-exec: Google Compute Engine (GCE) VM takeover via DHCP flood -...
    From github.com