XORcat ☕️

@XORcat
50 Followers
37 Following
55 Posts
Moved to https://infosec.exchange/@xorcat
New Accounthttps://infosec.exchange/@xorcat
XORcat ☕️Jun 19, 2019

Interesting read!

“DroneShield Counterdrone Handbook”

https://static1.squarespace.com/static/585cdf2d9de4bb6fe49034aa/t/5cfdfa715d605c0001e12376/1560148607521/DroneShield+Counterdrone+Handbook+v2.0.pdf

XORcat ☕️Jun 19, 2019

In March 2019, I discovered five vulnerabilities in Fortinet's FCM-MB40 security camera, the most severe leading to remote command execution as root.

90 days are up, and here we are (unfortunately, without a patch).

https://xor.cat/2019/06/19/fortinet-forticam-vulns/

Fortinet FortiCam FCM-MB40 - Multiple Vulnerabilities

RCE, CSRF, hardcoded keys, insecure credential storage, and more

XORcat ☕️Jun 15, 2019

RT @[email protected]
This comment describing how Microsoft responded to a security disclosure in 2010 is incredible:

https://news.ycombinator.com/item?id=20171450

I think you must be talking about CVE-2010-0232, it wasn't 90 days, it was more ... | Hacker News

XORcat ☕️Jun 5, 2019
“set nomodeline”
---
RT @[email protected]
Arbitrary code execution vulnerability in Vim < 8.1.1365 and Neovim < 0.3.6 via modelines. 😬 Also, why you should not use Vim with default config, or cat without -v. https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
https://twitter.com/rawsec/status/1135895908594409472
numirias/security

Some of my security stuff and vulnerabilities. Nothing advanced. More to come. - numirias/security

XORcat ☕️May 28, 2019

RT @[email protected]
Darknet Diaries ep 39 is here. Find out the mystery behind @[email protected].

Some security conference drama you probably didn't hear about.

Listen on @[email protected].

https://darknetdiaries.com/episode/39/

3 Alarm Lamp Scooter – Darknet Diaries

A talk at Defcon challenged people to find a way to destroy a hard drive. A young man was inspired by this challenge and was determined to find a way to destroy a hard drive. But this is not a typical young man, with a typical plan.

XORcat ☕️May 23, 2019
Hmmm. 🤔
XORcat ☕️May 22, 2019
RT @[email protected]
curl 7.65.0 is here! 50 contributors, did 3 changes, 119 bug-fixes include two security related ones. In 56 days. https://daniel.haxx.se/blog/2019/05/22/curl-7-65-0-dances-in/
curl 7.65.0 dances in | daniel.haxx.se

daniel.haxx.se
XORcat ☕️May 21, 2019
RT @[email protected]
Sometimes when I drop a keylogger on a sysadmin, I read back the log and think: "man, I know exactly how you feel".
XORcat ☕️Apr 5, 2017
@softcreeper
XORcat ☕️Apr 5, 2017
Relationships are hard 😞
Thankfully, a blat in the mountains clears even the foggiest head