XORcat ☕️

@XORcat
50 Followers
37 Following
55 Posts
Moved to https://infosec.exchange/@xorcat
New Accounthttps://infosec.exchange/@xorcat
XORcat ☕️Jun 24, 2019
Just an FYI, I’ve moved over to @xorcat - see you there!
XORcat ☕️Jun 23, 2019
**Without looking**, what does `etc` mean? Context: *nix
XORcat ☕️Jun 20, 2019

"... turn on for 8 seconds ..."
---
RT @[email protected]
This (real) video from GE on how to reset their "C" light bulbs is the most incredible how-to video you'll ever see.

They want to see how far they can push their customers before they snap. https://youtu.be/1BB6wj6RyKo
https://twitter.com/NumbersMuncher/status/1141527175394410498

UPDATED: How to: Reset C by GE Light Bulbs

YouTube
XORcat ☕️Jun 19, 2019

RT @[email protected]
Finally #gobuster v3.0.0 is up! Thanks to everyone who contributed and for @[email protected] putting so much into it.

Binaries can be found here: https://github.com/OJ/gobuster/releases/tag/v3.0.0
Be sure to read the README, as a lot has changed, including the CLI: https://github.com/OJ/gobuster

OJ/gobuster

Directory/File, DNS and VHost busting tool written in Go - OJ/gobuster

XORcat ☕️Jun 19, 2019

Interesting read!

“DroneShield Counterdrone Handbook”

https://static1.squarespace.com/static/585cdf2d9de4bb6fe49034aa/t/5cfdfa715d605c0001e12376/1560148607521/DroneShield+Counterdrone+Handbook+v2.0.pdf

XORcat ☕️Jun 19, 2019

In March 2019, I discovered five vulnerabilities in Fortinet's FCM-MB40 security camera, the most severe leading to remote command execution as root.

90 days are up, and here we are (unfortunately, without a patch).

https://xor.cat/2019/06/19/fortinet-forticam-vulns/

Fortinet FortiCam FCM-MB40 - Multiple Vulnerabilities

RCE, CSRF, hardcoded keys, insecure credential storage, and more

XORcat ☕️Jun 17, 2019
RT @[email protected]
.@[email protected] got SYSTEM in the wrong neighbourhood https://www.youtube.com/watch?v=8rwITeY5h1Q
do you ever look at someone and wonder what is going on inside getsystem

YouTube
XORcat ☕️Jun 15, 2019

RT @[email protected]
This comment describing how Microsoft responded to a security disclosure in 2010 is incredible:

https://news.ycombinator.com/item?id=20171450

I think you must be talking about CVE-2010-0232, it wasn't 90 days, it was more ... | Hacker News

XORcat ☕️Jun 5, 2019
“set nomodeline”
---
RT @[email protected]
Arbitrary code execution vulnerability in Vim < 8.1.1365 and Neovim < 0.3.6 via modelines. 😬 Also, why you should not use Vim with default config, or cat without -v. https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
https://twitter.com/rawsec/status/1135895908594409472
numirias/security

Some of my security stuff and vulnerabilities. Nothing advanced. More to come. - numirias/security

XORcat ☕️May 28, 2019

RT @[email protected]
Darknet Diaries ep 39 is here. Find out the mystery behind @[email protected].

Some security conference drama you probably didn't hear about.

Listen on @[email protected].

https://darknetdiaries.com/episode/39/

3 Alarm Lamp Scooter – Darknet Diaries

A talk at Defcon challenged people to find a way to destroy a hard drive. A young man was inspired by this challenge and was determined to find a way to destroy a hard drive. But this is not a typical young man, with a typical plan.