Share this page!

Simone Margaritelli Profile picture
Twitter logo
Aug 29 8 tweets 2 min read
You can force any v8/Electron process to execute arbitrary js code (child_process, http, etc) by forcefully enabling and abusing the builtin debug mechanism ... here's VS Code executing Calc, but I suspect any Electron app is susceptible 🔥 it works with SIP enabled on macOS Image
funnily i found out about this stuff while trying to hook vscode api calls in order to develop a security mechanism for the extensions ...
facepalm.png Image
🔥🔥🔥 HOLY SH1T this works with ANY nodejs based process, even when the debugger is not explicitly enabled 🔥🔥🔥 Image
i don't understand what's the point of port randomization if you can infer by diffing open ports before and after SIGURS1, as I don't get the point of session id randomization if it's available via GET <port>/json ...
works with Discord, Slack and more
Source code -> github.com/evilsocket/jsc…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Simone Margaritelli

Simone Margaritelli Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @evilsocket

Simone Margaritelli Profile picture
Jun 13
my dream project is connecting a plant or fungus with electrodes as inputs of an artificial neural network, the outputs would activate wheels to move the thing around. given enough NN complexity and proper model, would the thing start showing behaviours?

royalsocietypublishing.org/doi/10.1098/rs…
like: would some plants optimize actions over time to follow direct sunlight? would some maybe start going away from wifi signals or other RF that damages them? who knows what other kind of stuff these "neuro-augmented" plants would present!!! 🤯
the idea also includes using some sort of stress-signal to optimize the fitness function of a deep reinf. learning model, or something like that ... one day i'll throw a few bucks at the medical equipment that's being mentioned on the research and go entirely mad biologist ......
Read 6 tweets
Simone Margaritelli Profile picture
Aug 27, 2021
today i had some fun working on medusa, a fast and secure multi protocol honeypot that can mimic realistic devices running ssh, telnet, http or other tcp servers.

github.com/evilsocket/med…
The plan is to implement tools like `medusa-shodan` that can "clone" a device from its shodan data. Aldo `medusa-nmap` to do the same by parsing an nmap scan report.
ah! that was fast ...
Read 7 tweets
Simone Margaritelli Profile picture
Jul 28, 2021
Oh, look at that! Two years of basically no in real life conferences and yet researches have been shared, cool hacks have been made and overall information didn't stop circulating ... so who's the real beneficiary of them, the hackers, the community or the sponsors/organizers?
i mean yeah it's cool having an excuse to meet with friends who live far from us, but that's all it is imo, and that could happen regardless of conferences organizers and sponsors ... so what's the point?
as someone who've learned from .txt files and who cares a lot about signal/noise ratio in information, i've been living the infosec conferences world for the last 5+ years and i do not believe that they actually add any value to the learning process. They slow it down actually.
Read 4 tweets
Simone Margaritelli Profile picture
Apr 22, 2021
By pure chance I just found a way to kernel panic my Mac via network packets. I can reproduce it every time ... I guess I’ll learn XNU debugging
how the hell do i debug this?
first thing i learn: in recent macOS versions kernel panic logs are not where every google result will tell you, however there's this nice hidden file that will point you to the right ones :D
Read 4 tweets
Simone Margaritelli Profile picture
Apr 21, 2021
is compulsive coding a thing?
training a new model on GB of data, for hours now, the GPUs work so hard i can smell them ... will it work? did i waste the last 2 weeks in a pointless feature engineering that'll lead to nowhere? the only thing i know is that i won't stop until i know if it works
this is real empowerment, learning new things and *creating* new things, either they'll work or not, it's better than just pontificating on twitter anyway</pontificating on twitter>
Read 4 tweets
Simone Margaritelli Profile picture
Apr 17, 2021
I said I would have written a blog post about this release, but i'm playing with another project this weekend so I'll just write a bit here about the new features.
First of all, this release fixes several bugs in the WiFi module, so that the captured handshakes can now be processed by newer tools. Massive thanks to Mike / ZerBea for his help <3 Next ...
This is the first release supporting IPv6, both at the core level (net.recon, net.probe, syn.scan, etc) but also attack wise. NDP (both neighbour and RA) spoofing has been reintroduced and improved. A bit more about this techniques here alcide.io/new-kubernetes…
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(