Jann Horn - [email protected] @tehjh
occasional human borrow checker; works at Google Project Zero; personal account; mastodon: [email protected] Joined August 2011-
Tweets5K
-
Followers17K
-
Following235
-
Likes10K
Cryptography / TLS folks might enjoy this: The True Keyless Content Distribution Network! true-keyless.thejh.net
First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! 🔥 AMD have just released updated microcode for affected systems, please update! lock.cmpxchg8b.com/zenbleed.html
What happens when you get @natashenka, @ifsecure, @_fel1x, @i41nbeer and @tehjh working collaboratively on a new attack surface for the team? This: googleprojectzero.blogspot.com/2023/03/multip… The blogpost also includes actions that users can take to protect themselves while waiting for patches.
In this post I'll use CVE-2022-38181, a use-after-free I reported last year in the Arm Mali GPU driver to gain arbitrary kernel code execution and root from untrusted Android app. Not sure if the bug or the disclosure is more interesting: github.blog/2023-01-23-pwn…
Just retweeted by the French Minister for Digital:
Just retweeted by the French Minister for Digital:
well you know you can find me at thejh.net/r/infosec.exch…
Hahahahaha. Comedy.
Excited to announce my first ever P0 blogpost is now public! It details a new exploit strategy on Linux kernel that Jann and I worked together to invent. Thanks to everyone on the P0 team for giving me the opportunity to achieve this dream! googleprojectzero.blogspot.com/2022/12/exploi…
This includes calling out failures and patch gapping is currently a major issue with Android. In this case, 5 Mali GPU vulnerabilities we reported this summer were fixed by ARM but those fixes still haven't made it to end user devices, many months later.
Mind the gap: googleprojectzero.blogspot.com/2022/11/mind-t… Part of project zero's remit is to drive structural improvements across the ecosystem.
oh, fancy, the European Union has their own official Mastodon for official things at social.network.europa.eu/public since April
⚠️⚠️⚠️⚠️ Critical Infrastructure Alert ⚠️⚠️⚠️⚠️ Twitter currently employs 0 furries
cts🌸 @gf_256
52K Followers 624 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboyHalvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |Saar Amar @AmarSaar
18K Followers 362 Following Reversing, exploits, {Windows, Hyper-V, *OS} internals, mitigations. Apple SEAR. Opinions are my own. @[email protected]lcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3Brendan Dolan-Gavitt @moyix
25K Followers 6K Following Associate Professor @ NYU Tandon. Security, RE, ML. PGP https://t.co/3WXr0RfRkv Founder of the MESS Lab: https://t.co/zGycrX3Gmn "an orc smiling into the camera" — CLIPmdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)thaddeus e. grugq the.. @thegrugq
129K Followers 423 Following Hacker :: https://t.co/km8BR8E1Ga :: [email protected] :: PGP https://t.co/dYipV8y3bo :: @warstudies :: https://t.co/H3dWknFCfk :: https://t.co/Z2lWqEVVuah0mbre @h0mbre_
12K Followers 576 Following tryhard at linux kernel && avatar is by Ching Yeh: https://t.co/oanjFPPhe7Alex Plaskett @alexjplaskett
9K Followers 590 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.Maddie Stone @maddiestone
64K Followers 847 Following Security Researcher - Google's Threat Analysis Group | 0days all day. Love all things bytes, assembly, and glitter. she/her.Ange @angealbertini
24K Followers 941 Following File Formats for ever! Corkami, CPS2Shock, PoC||GTFO, Sha1tered. Security engineer @ Google/Mandiant/Flare. He/him.Ivan Fratric 💙💛 @ifsecure
17K Followers 192 Following Security researcher at Google Project Zero. Tweets are my own. Backup @[email protected]Filippo Valsorda @fil.. @FiloSottile
49K Followers 508 Following Cryptogopher / Go crypto maintainer / @kateconger-knower / RC F'13, F2'17 / #BlackLivesMatter / he+him https://t.co/ZE4RtJ1xqD / https://t.co/qfth7zr00W / https://t.co/j1grpEm8uRRichard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHBrandon Falk @gamozolabs
21K Followers 283 Following I find and exploit 0day, develop OSes, hypervisors and emulators, design massively parallel data structures and code, and do precision machining! Optimization❤️Ayush Goyal @sl4y3r__07
36 Followers 134 Following Undergrad at IIT Roorkee, 2nd Year | Interested in learning CS concepts, Windows Internals, low-level stuffs | CTFsmaher azz @maherazz2
206 Followers 168 Following Vulnerability Research & Exploit Dev Second account cuz @azz_maher got blockedice @ice98079542
109 Followers 2K Followingneverm0r @__neverm0r_
4 Followers 529 FollowingBassam Assiri🇸🇦 @BassamAssiri
6K Followers 2K Following Age:20 Certifications: #OSCP #eWPTX #eCDFP #OSWE Python programmer , CTF and Cyber Security Enthusiast #IAUzYStCfDaBGWMTYZ @zYStCfDaBGWMTYZ
0 Followers 389 Followingtester @xxtesterxx
1 Followers 246 FollowingM̶a̶t̶t̶h̶e̶w̶.. @SindSec
321 Followers 2K Following 🏴ℕ𝕠𝕟-ℙ𝕖𝕣𝕞𝕚𝕤𝕤𝕚𝕧𝕖 𝔼𝕟𝕧𝕚𝕣𝕠𝕟𝕞𝕖𝕟𝕥 𝕊𝕡𝕖𝕔𝕚𝕒𝕝𝕚𝕤𝕥⚔️ 💣I Do Bad Things To Bad People With Computers💻 ✉️[email protected]📨Munene👨💻☕�.. @cybermunene
459 Followers 498 Following Informatics and Computer Science grad focusing on programming and cybersecurity | Chess player | CTF player @fr334aksmini | views and opinions are my ownlucky @lucky5502118041
0 Followers 166 FollowingAkshit Singh @akshit_it4ch1
36 Followers 326 Following Reverse engineer and Malware Analyst CTF-Player @InfoSecIITR Sophomore@IITRBrando @_branzo_
731 Followers 2K Following Gentoo, Flatcar and FreeBSD. docker, k8s and stuff. networking addicted.yang wang @_yangwang
6 Followers 146 FollowingPeter Clark @al_saeroth
126 Followers 477 Following R&D Cybersecurity @SandiaLabs, PhD @IowaStateU. CTI + deterrence, interested in RE. KD0LMF. Tweets my own; likes+RT neq endorsements.henrique Daguerre @daguerreotipo_
6 Followers 76 Following Técnico em desenvolvimento de sistemas cursando tecnólogo em ADSPriya 1111 @1111_priya25031
182 Followers 679 Following姬战 @Xiaoai__0
6 Followers 331 FollowingMatan Alfasi @matanalfasi
23 Followers 51 Following build things also break things sometimes both atstRiley @toasterpwn
291 Followers 235 Following 18 | CTF @EmuExploit | pwn/crypto | Security Researcher | https://t.co/dbtTCp0kxGXib @xibalthronaddon
46 Followers 480 Following Former Midnight Sentinel, Lord Carnifex, Bearer of the Black Flame; now, living a peaceful life as a herder of svenska jätteullmaskar in the Scandes.Vie @vie_pls
1K Followers 232 Following Security Engineer @Google red team by day — artist by night — CTFs with @mmm_ctf_team — @UBC alumni — opinions expressed are my ownSaad Munir @SaadMunir678212
1 Followers 173 FollowingBrian Fu @fubof1998
58 Followers 104 FollowingMarko @marko982
42 Followers 1K FollowingDalton @0ptyxx
21 Followers 83 Following husband | father | software engineer & amateur vulnerability researcherrannsakanda @rannsakanda
41 Followers 516 FollowingAniket Gupta @ComputerOfPlane
1 Followers 321 FollowingElAnanyAli @abdallaEg1
36 Followers 677 Following Guardian of the digital realm, slayer of cyber dragons, and occasional breaker of firewalls.hamsterruby @hamsterrubyy
0 Followers 486 Followingcts🌸 @gf_256
52K Followers 624 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboyHalvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.lcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3mdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)Matthew Garrett (@mjg.. @mjg59
29K Followers 310 Following Not here. Fedi: @[email protected] Bsky: @mjg59.eicar-test-file.zip Signal: @mjg.59 Blog: https://t.co/CVivdtMBWeMaddie Stone @maddiestone
64K Followers 847 Following Security Researcher - Google's Threat Analysis Group | 0days all day. Love all things bytes, assembly, and glitter. she/her.Ivan Fratric 💙💛 @ifsecure
17K Followers 192 Following Security researcher at Google Project Zero. Tweets are my own. Backup @[email protected]Brandon Falk @gamozolabs
21K Followers 283 Following I find and exploit 0day, develop OSes, hypervisors and emulators, design massively parallel data structures and code, and do precision machining! Optimization❤️Tavis Ormandy @taviso
127K Followers 645 Following Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine. I'm also @[email protected]David Weston (DWIZZZL.. @dwizzzleMSFT
25K Followers 1K Following Vice President, OS Security and Enterprise @Microsoft || @CISAgov Technical Advisory CommitteeSamuel Groß @5aelo
24K Followers 499 Following V8 Security technical lead. Previously Project Zero. Personal account. Also @[email protected] and https://t.co/aVitnPjBieGareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5Dmitry Vyukov @dvyukov
8K Followers 377 Following I tweet about fuzzing, bugs, sanitizers, security, hardening, kernels, syzkaller, Go, performance, concurrency, lock-free algorithms.Andrey Konovalov @andreyknvl
6K Followers 666 Following Security engineer at https://t.co/027VXUlgOx. Focusing on the Linux kernel. Maintaining @linkersec. Trainings at https://t.co/D5MrxmYimS.Jeff Vander Stoep @jeffvanderstoep
3K Followers 228 Following Android security @google [email protected]Daniel Gruss @lavados
10K Followers 477 Following #InfoSec Professor @ #TUGraz. #meltdown, #spectre, #rowhammer, cache attacks. Produced a side channel security sitcom. @[email protected]nedwill @NedWilliamson
16K Followers 499 Following Project Zero Researcher Discovered SockPuppet, Soundhax https://t.co/16vegpfPXcBrad Spengler @spendergrsec
3K Followers 4 Following President of @opensrcsec, developer of @grsecurity Personal accountTalia Ringer 🟣 �.. @TaliaRinger
26K Followers 6K Following Professor, @plfmse, @IllinoisCS! Proof Automation. @SigplanM & CCF Founder. Israeli-American for peace, equality, & justice. They/היא, ND, bi. די לכיבושPEAR哥🇭🇰🐉 @Peargor
383K Followers 439 Following 啤梨哥 but just call me Pear. Impatient GRADUATED 2D animator from 🇭🇰 Alt: @pearsketch_ Contact: [email protected] -Not taking commissions or sponsors🤍❤️🤍 🇺�.. @vzverovich
11K Followers 192 Following Carbon-based open sourcerer, code necromancer and a former alien. Author of C++20 std::format and https://t.co/etCUwPD4OY. Opinions are not mine.Justine Tunney @JustineTunney
33K Followers 274 Following I built a C library that lets you compile 12kb static binaries that run natively on Linux, Mac, Windows, FreeBSD, OpenBSD, NetBSD and BIOS using just GCC/Clang.The Pocket Report @ThePocketReport
64K Followers 361 Following Bringing you a sub par look at the news in a timely fashion. Send us tips securely on Signal 347.561.8493@[email protected] @zekjur
4K Followers 2 Following I am quitting Twitter in protest. Follow me on Mastodon instead: @[email protected]Kaylin Trychon @KaylinTrychon
3K Followers 2K Following Chaos Causer @chainguard_dev | Comms @SecureAerospace | @GirlSecurity_ Mentor | Prev Security Comms Lead @google | Rule Bender l New EnglanderChristo Grozev @christogrozev
566K Followers 1K Following Investigative journalist (Spiegel, The Insider, ex-Bellingcat), radio investor and hobby coder. Immediate blocks for whataboutism.Stillgelegtes Konto v.. @thleemhuis
544 Followers 172 Following Folgt stattdessen @[email protected]Stillgelegtes Konto v.. @thleemhuisfoss
426 Followers 68 Following Folgt stattdessen @[email protected]Björkus 'No time_t t.. @__phantomderp
13K Followers 1K Following The C Standard Cannot Be Replaced And Will Never Be Destroyed. ➡ https://t.co/IWEB4XZpve | Avatar @KIINGKIISMET | Banner @Reckless_MossWahlrecht.de @Wahlrecht_de
96K Followers 52 Following Wahlen, Wahlrecht, Wahlsysteme und Wahlumfragen • U. a. zur #EUWahl, #ltwsn, #ltwth, #ltwbb • @[email protected] • https://t.co/27LYsQPWoiinfratest dimap @infratestdimap
12K Followers 115 Following Wissen, was Deutschland denkt. Umfrageergebnisse von infratest dimap.Die Bundeswahlleiteri.. @Wahlleitung_de
20K Followers 8 Following Hier informiert die Pressestelle der Bundeswahlleiterin zu Bundestags- und Europawahlen. https://t.co/JHtsL7HvRcStadtpolizei Zürich @StadtpolizeiZH
108K Followers 85 Following Im Notfall IMMER 117! Hier twittern: ^br / ^hö / ^ma / ^mo / ^su / ^sa / ^spa / ^sc / ^si / ^vo / ^wa. Kein 24/7-Monitoring! https://t.co/OFokG0KYkuBettina Kohlrausch @BettiKohlrausch
5K Followers 943 Following Director at @wsiinstitut | Professor for social transformation @unipb | feminist | research on work and social integration| Industrial CitizenshipIgor Bogdanov @IgorBog61650384
1K Followers 136 Following Introverted blue teamer and hobbiest hardware researcher - I like to find out how things work, and prevent others from breaking them.grief seed oil disres.. @softminus
9K Followers 7K Following Maudit le cœur qui dans la poitrine prend peur!Megan Ben Dor Ruthven @_mbdr_
8K Followers 859 Following Prevent COVID. Senior Software Engineer @Google's Threat Analysis Group, previously @GoogleAI, #AndroidSecurity. Expressing own opinions. she/her/y'allSebastian Dullien @SDullien
19K Followers 2K Following Director at @imkflash. Professor for International Economics at HTW Berlin - University of Applied Sciences. Father of two. @[email protected]BAG – OFSP – UFSP @BAG_OFSP_UFSP
189K Followers 279 Following Bundesamt für #Gesundheit BAG – Office fédéral de la #santépublique OFSP – Ufficio federale della #sanitàpubblica UFSPMark Ermolov @_markel___
10K Followers 134 Following I'm researching security of Intel's platforms. I'm not working for IntelSophie, indistinguish.. @SchmiegSophie
8K Followers 627 Following Leading Cryptography (ISE) at Google. Algebraic Geometer. All opinions are my own. Schatzführerin des Oxfordkommakomitees. @[email protected]Francesco Gualazzi @inge4pres
702 Followers 1K Following CloudNative and DevOps enthusiast 🚀 👨🏻💻 Engineer @elastic #o11y - Opinions expressed here are my own and do not represent my employerTim Rühsen @ruehsen
322 Followers 161 Following Maintainer of GNU Wget, libidn, libidn2, Author of GNU Wget2, libpsl. GSOC mentor. Working @Elastic (Universal Profiling)Stephanie @stephboomsma
212 Followers 214 Following Interested in tech, knitting and sometimes combining the twoKP Singh @__kpsingh
425 Followers 104 Following Works at Google on Linux Kernel + Security (he/him). Views are my own.Victor Michel @vic_mic_
113 Followers 122 Following Not interested in edgelord-owned public discourse, but you can still find me at @[email protected] :)florian @0x0F10
298 Followers 187 Following bits and bytes who happens to be also a trained lifeguardX keeps serving me this video so I succumbed The premise is that Mr Beast and crew are helicoptered into an abandoned city and have to survive for 7 days, seems like a fun concept… but I recognized the “abandoned city” as Kupari Croatia, which is neither abandoned nor a city,…
I attempted to survive 7 days in an abandoned city... can't believe places like this exist
To stop the speculation and DM's I am receiving. I chose to quit my role at LTT because it, and the working environment I was facing, were ruining my mental health. The number of daily items the Social media role at the time was expected to fill was incredibly high.
ive heard several barbie girl/cruel angel's thesis mashups but this one whips the most ass
that the AN/APR-25 S/C/X-band radar warning receiver (used in anger by military aviators to avoid flying telephone poles and/or to locate the responsible radars) was based on radar detectors for motorists (to avoid speeding tickets) is actually so quintessentially American
@RealDanODowd @GerberKawasaki Was in SB for the weekend and drove the same route. This is from yesterday in the evening…
Es ist jetzt übrigens der Punkt erreicht, wo Agenturen anfragen ob ich bezahlte Werbung in meine Youtube-Videos einweben möchte. Also ab 10k Abonnenten wird man wohl als groß genug für sowas erachtet.
Es ist übrigens gar nicht so einfach, streikbedingt den Bahnbetrieb einzustellen. Das Bahnstromnetz bricht wegen Unterlast zusammen, wenn es nicht genug benutzt wird. Deswegen kann DB Netz sogar anordnen, dass man fahren muss, um Last im Bahnstromnetz zu verursachen.
my son knows the word "boss" from Minecraft and has really gotten the wrong idea about what my job entails
@tehjh "Wer hat denn da schon wieder die Bremsprobe vergeigt?"
Recent MangaDex-related stuff
In this post I'll use CVE-2022-38181, a use-after-free I reported last year in the Arm Mali GPU driver to gain arbitrary kernel code execution and root from untrusted Android app. Not sure if the bug or the disclosure is more interesting: github.blog/2023-01-23-pwn…