Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
AIfredo 0rtega Profile picture
AIfredo 0rtega
@ortegaalfredo
Software Developer - Security researcher - Cybergaucho - @xy@mastodon.social AI-related: https://t.co/hhQltrgzKS https://t.co/ibyCcAp6zv
Nov 21 5 tweets 2 min read
Last week the @FFmpeg account began taunting security researchers. Foolish thing to do, as it ignores the asymmetry of their attack surface vs ours.

So as an exercise I found a stack-based buffer overflow on software that he wrote. Took me ~20 mins to find it. Thread 🧵(1/5) First, I noticed the FFMpeg account is not controlled by an active developer of FFMpeg, but apparently by several guys, one of them named Keiran. Weird, but it is not important.
The keirank github user has very few commits, and none on FFMPEG, but Upipe, a video processing software from his company.
So lets check his most recent commit "Validate num_delta_pocs to avoid a stack smash". (2/5)Image
Feb 28, 2020 6 tweets 3 min read
This is the complete DNA of the Coronavirus (SARS-CoV-2). We are being attacked by a 8 kilobytes virus. Remember this when you hate on computers security. (source: ncbi.nlm.nih.gov/nuccore/MN9089… ) It has remote exploitation, persistence, AV evasion and works on multiple incompatible platforms (bats, humans, dogs, etc) all in 7.25 KB. Ah but I'm sure you write very tight shellcodes.