udunadan

@[email protected]
145 Followers
62 Following
74 Posts
An open-eyed man falling into the well of weird warring state machines. I mostly speak on (offensive) cybersecurity issues.
twitterhttps://twitter.com/udunadan
age keyage1cvckqvwfqcx76mnppys8zleaxjwrnp7s7upktlydkhh7l8wns5ws9qpad4
old postshttps://ioc.exchange/@udunadan
Show threadudunadanJan 13, 2025
@qwertyoruiop JS engines written in C++, one might want to add :)
udunadanJan 25, 2024
mistymntncopJan 25, 2024
Exploit for CVE-2022-4262. Fukin finally! Shoutout to @_clem1
for finding the ITW exploit. And shoutout to @5aelo, @bjrjk, @alisaesage for their RCA's and prior analysis of the vuln :).
https://github.com/mistymntncop/CVE-2022-4262
GitHub - mistymntncop/CVE-2022-4262

Contribute to mistymntncop/CVE-2022-4262 development by creating an account on GitHub.

GitHub
Show threadudunadanJan 20, 2024
@raptor single stepping a concurrent system like kernel may be deceptive but overall I agree.
Show threadudunadanJan 14, 2024

@mdowd now imagine if that was built from one byte overflow

What a weird situation that would be

udunadanJan 13, 2024
Rare footage of a vulnerability researcher seeing his bug being reported by someone else
udunadanJan 13, 2024
Sometimes I think the only substantial progress I've made in developing code review skills is due to switching between completely different programs and applying novel experience I got studying one to another.
Show threadudunadanJan 13, 2024
This is one of the hardest parts because all you're left with is sitting and thinking. No code to look up. Just trying to be creative. Immediate block on all progress, no automatable or repetitive steps. Swimming alone in the ocean of possibilities with zero of them in sight.
udunadanJan 13, 2024
Me trying to figure out how to trigger a complex condition in the program
udunadanJan 8, 2024
Whenever I see that a finding was done with the help of an automated tool, it gives me hope: automation is limited, there is a chance for me to think deeply and manually review stuff. But when it's a manual thing done by somebody more qualified, there is less hope there. Even if you are less qualified (which isn't guaranteed and is a dynamic variable in a dynamic space in itself), you can outpace other actors by allocating more time since it's finite thing. But I still hold that it is less optimistic thing than competing with automation.
udunadanJan 8, 2024
Many eyes bias (thinking there are a lot of analysts looking at what you're looking, with similar ideas) is hard to bypass at times because once you gain technical understanding of a piece of program, it seems obvious and easy to understand, while it may not be a case at all.