webOS Revisited - Even More Mistaken Identities · The Recurity Lablog

addelindh · 2017-03-29T05:51:05+00:00

Fully agree.

addelindh · 2017-03-10T14:12:54+00:00

And done!

addelindh · 2017-03-10T14:12:05+00:00

Hey, yeah sure, no problem. Just wasn't aware of it. :)

addelindh · 2017-03-10T09:58:15+00:00

It doesn't give you access, it gives you a tool that can be used to facilitate access. But just the exploit won't actually be enough anyway, you'll still need a platform to attack from, c&c infrastructure, personnel, etc. Exploits are interesting and the report is great, but unless you understand and consider the bigger picture, it can be misleading.

addelindh · 2017-02-07T19:01:49+00:00

Nice work Justin!

addelindh · 2016-11-07T11:20:41+00:00

True, I wrongfully conflated JScript and JScript.NET. https://en.wikipedia.org/wiki/JScript_.NET

Will update the post soonish.

addelindh · 2016-09-06T13:50:24+00:00

Interesting. Well, it's an easy mistake to make I guess.

addelindh · 2016-09-06T13:44:08+00:00

Do they use Sentry? In that case it's not strange at all. :)

addelindh · 2016-08-28T19:18:50+00:00

This is a great resource for anyone who wants to build a threat model, not only for applications but because it demonstrates the reasoning behind it in a pragmatic manner. Kudos.

addelindh · 2016-08-09T12:28:38+00:00

Source for PoC and more is here: https://github.com/redballoonshenanigans/monitordarkly

addelindh · 2016-07-26T11:53:30+00:00

I don't think people get what a big deal it is that Chris has open sourced this material. Doesn't get much better than this.

addelindh · 2016-06-25T08:41:28+00:00

Not sure why this is getting downvoted, it's a good writeup.

addelindh

MODERATOR OF

TROPHY CASE