Vlad Ionescu

@[email protected]
269 Followers
150 Following
26 Posts
Offensive Security Lead and stuff

Vlad IonescuMay 17, 2023
Alex GantmanMay 17, 2023
Vlad Ionescu and Ryan Hall talking about secure boot vulnerabilities. #qpss23
Show threadVlad IonescuDec 20, 2022
cc Manish @r34p3r welcome to Mastodon 🙂
Vlad IonescuDec 19, 2022

Manish wrote about bypassing macOS EDR in-memory execution detections, and how to catch binaries trying to do just that (hint: yara).

Apple removing kexts really hurt security tools on this platform, and they haven't made up for that loss

https://rtx.meta.security/post-exploitation/2022/12/19/In-Memory-Execution-in-macOS.html

In-Memory Execution in macOS: the Old and the New

Technical writeups by Meta’s Security folks, including Red Team.

Meta Red Team X
Show threadVlad IonescuNov 26, 2022
@deviantollam is there something that is more effective than Schlage Primus for cat burglars? I might need to upgrade
Vlad IonescuNov 26, 2022

Came home after being gone all day to a cat

I don’t (didn’t?) have a cat

This would be weird if it wasn’t the third time it has happened, each with a different cat over the years

Vlad IonescuNov 22, 2022
@vladaionescu
Vlad IonescuNov 14, 2022
Vlad IonescuNov 14, 2022
@paco If you think accessing user's data is silly and exaggerating and that social media is only for shooting the shit and posting cat pictures, I uh, am not sure I like where the direction of trust and safety on this instance is going.
Vlad IonescuNov 14, 2022
Show threadVlad IonescuNov 14, 2022

@apiratemoo nice!

Something I always appreciated at $work is when an employee accesses your account (internal account, on-platform account, whatever) you get either a message asking you to approve/deny the action, or at least a notification. As a Red Teamer this has caught me a couple times when I thought I was being sneaky only to trigger that and have the target escalate the event to blue team.

I'd like to see that implemented here (inb4 send PR ​). It makes auditors think a little harder before accessing user data, and gives users both peace of mind and recourse.

It'll probably be bypassable if you have direct DB access, so that's not great, but hopefully the number of people with that access is < the number of moderators. Harm reduction.

Vlad IonescuNov 10, 2022

Hi friends old and new. #introduction I’m Vlad, Red Teamer/hacker who likes picking fights with $B companies and governments. I built Red Team X at Meta where we do a bit of that; formerly NCC Group and Mandiant and some other places.

I live in Oregon and like the snow and mountain biking, and most birds.

I’m friendly but grew up on the East Coast so the PNW is a fun cultural adjustment 🙃

Show threadVlad IonescuNov 10, 2022

And RCE as SYSTEM due to a poorly designed cryptosystem which became evident once the sample was decompiled :)

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-vmc4-wm3f-w3fr

ControlUp Agent (cuAgent) Unauthenticated Remote Code Execution as "NT AUTHORITY\SYSTEM"

## Vulnerability Description: A remote, unauthenticated attacker can send a specially crafted payload to a computer running Smart-X ControlUp cuAgent. The cuAgent software will receive the payload...

GitHub