Sign in with Twitter

Username:

stephen @_tsuro Zurich, Switzerland

CTF player with Eat, Sleep, Pwn, Repeat. Security engineer at Google.

423 Following   5,417 Followers   790 Tweets

Joined Twitter 8/28/11


The slides from the @offensive_con talk @NetanelBenSimon & I gave, "Bug on the Windshield - Fuzzing the Windows ke… https://t.co/jhiJR9iPDq
Retweeted by stephen
2/18
2020
@andreasdotorg @DoktorCyber https://t.co/zK2vzSiZcU
2/16
2020
@borrello_pietro @ProjectZeroBugs Thanks Pietro! I used your poc in my slides today too, I hope I pronounced your name ok :) @ProjectZeroBugs Excellent write-up on a #RIDL attack. "To protect against attacks on affected CPUs make sure you… https://t.co/0C1fI3F73z
Retweeted by stephenProject zero guest blog post: "Escaping the Chrome Sandbox with RIDL" by Stephen Röttger (@_tsuro)-- https://t.co/VGXWGTIzy6
Retweeted by stephen"it's not a real vulnerability if it doesn't have a logo" @_tsuro @offensive_con https://t.co/IAF8CcqIUV
Retweeted by stephenhttps://t.co/t9dZENyxEL
Retweeted by stephen
2/15
2020
The video of my BlueHatIL talk is now online! Check out how I attack other websites from inside the Safari Sandbox… https://t.co/NVIle5B3kr
Retweeted by stephenGot @EatSleepPwnRpt's tshirt @offensive_con 😎 https://t.co/AYTP7rIhKX
Retweeted by stephen
2/14
2020
Here is my writeup and POC for a new attack on #Shadowsocks. MITM Attacker can modify traffic in real time like the… https://t.co/E7bLAiGcqx
Retweeted by stephen
2/12
2020
Hey @EdOverflow - the NSA uses security.txt https://t.co/g7FlUtLSWG https://t.co/vr6eawJCBa
Retweeted by stephenPointer Compression in V8 (and what it means for browser exploits) https://t.co/ugmsJEFEp5
Retweeted by stephen
2/3
2020
We sent this #zombieload PoC to Intel on May 16, just hours after we got access to the patches. The #zombieload pap… https://t.co/ruXxOYhroF
Retweeted by stephen
1/28
2020
Finally, the wait is over! We present CacheOut, a new speculative execution attack to leak data on Intel CPUs:… https://t.co/R0BmPleILj
Retweeted by stephen
1/27
2020
Week has passed... If you said 20+ you were right. 30 on dashboard (open+pending) https://t.co/7DO16l2Gal My loca… https://t.co/B1LDy2ayVO
Retweeted by stephen
1/21
2020
@gynvael You won't believe what happened next!
1/17
2020
Assert yourself on the browser playground with @mmolgtm ’s guide to hunting Chrome IPC sandbox escapes: https://t.co/f0dVLvCKgb
Retweeted by stephen
1/16
2020
Brace yourselves, more netfilter bugs are coming! https://t.co/pRVbRit88k Bets on number of bugs in the first week
Retweeted by stephen
1/15
2020
I'm reliably informed that the washington post don't know what they're talking about, it's not an authenticode issu… https://t.co/5WI4AZWgj1
Retweeted by stephen
1/14
2020
here’s something that’s been stressing me out a lot for a while, that I should probably keep to myself, but can’t s… https://t.co/19f5udcySa
Retweeted by stephen
1/13
2020
@LBlackarch There are two really good writeups on this bug. https://t.co/FBUNo4txVv by @anbiondo and… https://t.co/JvpJ3Xg8cZ
1/11
2020
I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit ov… https://t.co/6TIu3xzspk
Retweeted by stephen
1/9
2020
Full analysis and exploit for Windows kernel ws2ifsl use-after-free (CVE-2019-1215) by our researcher @flxflndy https://t.co/w2IvTGNSPd
Retweeted by stephen
1/8
2020
@the_st0rm 2) When running on a full Linux distro there was more stuff that is arguably not an issue, e.g. you coul… https://t.co/dpN2pqU1yJ @the_st0rm 1) on infrastructure services for which I knew they have to access user files and for which I expected v… https://t.co/Uabs1GUOU2 @the_st0rm After logging it's mostly manual analysis. Either the filename or the backtrace would give me something… https://t.co/iYxSopnjnF
1/7
2020
I gave a lightning talk at the #36c3 on PathAuditor: https://t.co/1jwMoyZJEJ The main point I tried to make is tha… https://t.co/Fohd2XdLEB
1/6
2019
For all women interested in playing the #36c3ctf - There will be a short introduction at the blckpwny tables at 21:… https://t.co/QMaLV035YE
Retweeted by stephenYou want to play some #CTF before 2019 ends? #36c3 got you covered! #36c3ctf -> https://t.co/XrEyNBOQHu (powered b… https://t.co/6hSc5pZchk
Retweeted by stephenOn my way to #36c3 \o/. Hit me up if you want to chat about CTFs, Chrome exploitation or any other security topics!
12/27
2019
Ever wondered what makes a CTF challenge good? I've asked myself that many times. I wrote this to help me answer th… https://t.co/9Bvbeu5mym
Retweeted by stephen
12/24
2019
Simplest and strangest sandbox escape I've found in Chrome was just derestricted https://t.co/16y37B3vGq
Retweeted by stephen
12/18
2019
Can also be used as a straight sbx escape given a Spidermonkey bug: just set a malicious WPAD script via preference… https://t.co/NNvSaivrxB
Retweeted by stephen
12/16
2019
I repropose my notes about x86, Linux and virtualization in a single text file (~2500 lines only) for my fellow stu… https://t.co/IjhW9bOFsd
Retweeted by stephen
12/14
2019
I see a lot of complaints in my Twitter stream about academic conferences rejecting papers. I think many somewhat m… https://t.co/upGoxsdKgP
Retweeted by stephen
12/11
2019
Learn how found and exploited SockPuppet for iOS 12.4, featuring a bonus collaboration with LiveOverflow!… https://t.co/UfEoNXCk2p
Retweeted by stephen
12/10
2019
@AmarSaar Thanks!More than happy to come back to this great group next year 🚀 Pls use and tell us about the bugs you find! https://t.co/3gS0HKpXhh
Retweeted by stephenWe open sourced PathAuditor: a tool for Linux that @rozek_marta and I worked on this summer. Tl;dr: you can use it… https://t.co/n5g1cyTnCOPopping Calc with Hardware Vulnerabilities by @_tsuro https://t.co/HxJ0g9WvY6
Retweeted by stephenMy OffensiveCon talk got accepted \o/ https://t.co/oinoFMpsEqI love the direction of @RealWorldCTF and I would like to see more real world targets in other CTFs as well. In par… https://t.co/foO187JW22
12/9
2019
https://t.co/mlXlWzp7KX
Retweeted by stephen
12/7
2019
Better late than never. Official writeup repo from A*0*E release, along with the aforementioned tricky exp in the g… https://t.co/DU1e0Zmq8R
Retweeted by stephen
12/4
2019
PCB design + firmware source for my #GoogleCTF finals challenge 'having a blast' is now open source -… https://t.co/K6AFNXwAzi
Retweeted by stephen
11/21
2019
I presented about Site Isolation in Google's event called #bugSWAT🙂 / "The world of Site Isolation and compromised… https://t.co/DF72hiIc6K
Retweeted by stephen
11/20
2019
I made sandbox-RIDL and sandbox-procbox this year. In the first, you just had to write an exploit for RIDL and the… https://t.co/C9KLFlrkA6We just released the challenges of this year's #GoogleCTF finals together with a short write up of the intended sol… https://t.co/2r8Qlxof7C
11/19
2019
@tiraniddo @thegrugq @kernelpool And also because we just want to win the championship. So not mean to burn more si… https://t.co/ljf6zEQOSK
Retweeted by stephenSome number reviews for the two-day #TFC 2019 PWN contest: 17 teams delivered 28 on-site demonstrations with 20 su… https://t.co/S7mfLcfn7L
Retweeted by stephen
11/17
2019
Brief review for #TFC Day 1: 20 demonstrations, with 13 being successful, 5 teams gained bonus. 6 targets were tak… https://t.co/Xzhxbldg7j
Retweeted by stephenExploit against #Chrome are verified to be effective. Team 0x34567a61 @Xbalien29 @leonwxqian and Team ddd @ExpSkyhttps://t.co/makhU2LLfX
Retweeted by stephenApplause to 360Vulcan @Xiaowei__ He has successfully escaped from the #qemu-kvm, and execute arbitrary code on Ubun… https://t.co/rTqIbxYS3o
Retweeted by stephen
11/16
2019
Intel are disclosing 77 vulns today (https://t.co/5o4kjTPLp5), some in their CPUs - HW bugs are always painful, but… https://t.co/GuWZlV1Rv6
Retweeted by stephen @TechCrunch @vu5ec @noopwafel @sirmc @pit_frg @kavehrazavi @c_giuffrida @herbertbos RIDL actually works on Cascade… https://t.co/NRCCrCDTb2
Retweeted by stephen @_tsuro @dsredford We finally released some of our PoCs and #ridl test suite (after a long embargo):… https://t.co/EWhydoBssr
Retweeted by stephen
11/12
2019
my exploit for gomium browser #GoogleCTF 2019 Finals https://t.co/wqA5mK2Gzf
Retweeted by stephenExploiting Race Conditions Using the Scheduler https://t.co/nRZNvmQI1F by @tehjh from P0 Detailed explanation of 3… https://t.co/uqPKGZHF5G
Retweeted by stephen
11/8
2019
PacSec 2019 Church of Hacking: Chatting with Chrome security team, they noted it looks like Pwn2Own bugs using Chro… https://t.co/KfhFea9iZX
Retweeted by stephen
11/7
2019
Here is my writeup for gomium from #GoogleCTF 2019 finals. https://t.co/qtBCDpgWWO
Retweeted by stephen @borrello_pietro @Oranav @andreafioraldi @dsredford Apologies for missing this. It's a really cool exploit and I ca… https://t.co/0uOL8gT6ZtFYI: I just slightly cleaned up my RIDL exploit and added more comments to assembly, hopefully it's less magic now… https://t.co/POPCB7DGB9
Retweeted by stephen
11/6
2019
@dmxcsnsbh Yes, go for it. Your exploit was really cool! @_tsuro @dsredford https://t.co/ys3iGfQnOv
Retweeted by stephen @AmarSaar And we don't know any other solutions but if you find one let us know. Though we did have to run it on a… https://t.co/K9sBgJg6lw @AmarSaar Not my challenge but let me answer as far as I know :). The oob was unintended and we missed it during th… https://t.co/tyLA9KkqlE @yuvalof and I solved RIDL during #GoogleCTF for @pastenctf. Here's our solution. https://t.co/CuUtgSf8b0 ... I sti… https://t.co/k26PE7nDaa
Retweeted by stephen @_tsuro My very hacky solution: https://t.co/eWQ0shqAhz I'll try to post cleaned-up version later, but no promise ;)
Retweeted by stephenThough maybe @p4_team will be fasterI couldn't find a working RIDL exploit on the internet so I made it a challenge at the #GoogleCTF. 5/10 teams solve… https://t.co/qkTns6a2E0
11/4
2019
@taviso as for side-channels, I don't think it's hypothetical at all, and more of a "we'll pretend it's hypothetica… https://t.co/b272hw9YzV
Retweeted by stephen
11/3
2019
I published my slides at CODE BLUE 2019: "Let's Make Windows Defender Angry: Antivirus can be an oracle!" This pres… https://t.co/thTx5SNbqL
Retweeted by stephenOn my way to London for #ESCAL8 and the #GoogleCTF finals. Super hyped :)
11/1
2019
Research went better than expected. No manual work was involved in creating this screenshot. All type information w… https://t.co/jj6iFWMkOy
Retweeted by stephen
10/28
2019
I wonder what the performance impact of this is. I failed at finding any benchmarks with a quick Google search. Eve… https://t.co/KGPGufoKpu1) if you try to protect indirect branches, you really don't want to whitelist _all_ functions since that makes the… https://t.co/cGYgA2ZcHZI just upgraded to Ubuntu 19.10 and noticed that they enable -fcf-protection by default in gcc which adds an endbr6… https://t.co/kFYEjRbokf
10/27
2019
@shhnjk And for digging deeper there's the Mojo bindings for javascript that are fun to play with: https://t.co/DN0gWm7ePzYou aren’t familiar with memory corruption or IPC, but still interest in testing Site Isolation? Check out my WinDb… https://t.co/7MpXqNRbJt
Retweeted by stephen
10/18
2019
I'm ecstatic that we have gotten to a very good state with site isolation in Chrome - https://t.co/XhnFTtHrip. More… https://t.co/so5lx3NFYZ
Retweeted by stephen
10/17
2019
@bkth_ @RealWorldCTF That wouldn't be real world anymore thoughFirst Blood!!! Flux Repeat solves the browser exploitation challenge "accessible". #realworldctf https://t.co/FUx4cKfpZs
Retweeted by stephen
9/14
2019
Patch-gapping in practice: Google Chrome edition (by @_2can of our nDay team) https://t.co/weB7xd1hYl
Retweeted by stephen
9/9
2019
More creative misuse of Windows Defender's JavaScript engine in CTF challenges written by @t0nk42: https://t.co/jCdpxQxUn3
Retweeted by stephen
9/5
2019
Introducing a new tag to my blog: "0day" https://t.co/LZQ72Kixmf Thanks @Apple and @LinusHenze Don't worry, it can… https://t.co/qmLLlALd9H
Retweeted by stephen
9/4
2019
@Zerodium https://t.co/NNDl0BqdKx
Retweeted by stephen
9/3
2019
In multiple recent disclosure discussions on Twitter, I had said I will write a longer blog post about my views. I… https://t.co/xPDwEOQJd7
Retweeted by stephenThis is my writeup for my challenge for #googlectf Quals - monochromatic. https://t.co/BfTcRWFVct This challenge… https://t.co/eSypI6xpyx
Retweeted by stephen
8/17
2019
I'm publishing some 🔥 research today, a major design flaw in Windows that's existed for almost *two decades*. I wro… https://t.co/H75emhcWAZ
Retweeted by stephen
8/13
2019
Paged Out! #1 is out! (and it's free to download!) https://t.co/XT3HXa7gH3 There are 57 articles in 12 categories:… https://t.co/jl6MGQV4H6
Retweeted by stephen
8/11
2019
2019 Real World CTF is coming soon. R U Ready for it? On-line qualification round begins at Sept. 14, 10:00 am, 201… https://t.co/ykpurUlrSb
Retweeted by stephen
8/9
2019
Stuck in the sandbox? We've got your back! Deep dive analysis and full exploit of a Chrome IndexedDB race condition… https://t.co/lzsMvQBNOZ
Retweeted by stephenPWNIES
Retweeted by stephen
8/8
2019
https://t.co/9qglwzICWR — what a great mess 🙄
Retweeted by stephen
8/7
2019
Paged Out Issue #1 is coming in the next few days, be sure to check it out!📄💥 https://t.co/ujWMenTJtm
Retweeted by stephenWhen reading my twitter feed I get a little bit sad that I'm not going to Vegas this year. ... I really wanted to… https://t.co/jvCeTC3iQH
8/6
2019
@resonanttoe @chief_x86 11.4
8/5
2019
Well, I'm on episode 5 of #GoGoSquid - a Chinese show about two CTF teams fighting for winning the world championships.
Retweeted by stephen
8/4
2019
On behalf of the Loyal Order of Water Buffalos that makes up the Pwnie judging committee I am pleased to announce t… https://t.co/8nv35hhTkF
Retweeted by stephenWhy so little love for browser bugs at the pwnies?
8/3
2019

0