Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
retr0reg Profile picture
retr0reg
@retr0reg
15 | c/python threat-researcher. I do research in different areas. CVEs in transformers, tensorflow, llamafile, llama-cpp-python…
Nov 13 10 tweets 4 min read
Interesting Gmail Prv-Esc Exploit you can exploit most organization that use @GoogleWorkspace, and won't be fixed indicated by Google.

I found this unintentional when working on SMTP/ DMARC, and accidentally forged my head-of-school's gmail account, bypassed access-control, and sent a trolling mail to all student of the school.Image To being with, Properly set DMARC/SPF Protection will disable this exploitation. However, the DMARC/SPF Protection is NOT on by default for every Workspace (It's hard to configure and even if SPF on 90% of the DMARC will be set to none, which make no use), making 95% vulnerable!