Lemon
@Lemonitup
Followers
897
Following
398
Media
44
Statuses
307
Principal Security Engineer @ Red Threat https://t.co/qGxQnY0KNq
Oklahoma, USA
Joined November 2014
RT @DistrictCon: ❗ Most Impactful System ❗ .WINNER: @Lemonitup: bypassing authentication prompts on an Intelight X-1 traffic control system….
0
2
0
RT @DistrictCon: @seeinglogic @InterruptLabs @vigilant_labs @Bugcrowd @ex0dus_0x @Ninja3047_ @annatea16 @maxpl0it @LabsSsd 1️⃣2️⃣ Intelight….
0
4
0
Friendly reminder: You can actually buy industrial hardware like crane controllers online and test them for security vulnerabilities. This version allows you to capture and replay button presses.
0
1
8
Help me, Obi-Wan Kenobi. I'm afraid Princess Leia has been turned to the Dark Side.
0
0
2
The worst part about Responsible Disclosure is the “Responsible” part. I want to share my findings now, but I guess I’ll wait until the patch drops!. COMPLETELY unrelated, the top song for the day is “It’s getting hot in here”.
0
0
4
RT @RachelTobac: Are you ready to play a game, @defcon? Our 1st Clue Hunt clue is ready for you. Winners get the challenge coin that screws….
0
13
0
RT @thehackermaker: In this episode of The Phillip Wylie Show, @PhillipWylie's guest is Andrew Lemon (@Lemonitup). .
0
3
0
My research on Traffic Control Systems is live!.
NEW: A researcher found traffic light controllers on the internet with no authentication at all, potentially allowing hackers to create traffic jams. Researcher says that company who make the devices threatened legal action instead of working to fix.
4
5
26
Does anyone have a big list of all the security conferences, maybe a website or twitter account?.
1
0
3
Got a new controller in the mail today now I just have to figure out how to power it up.
1
0
5
If you thought the response from the vendor was lame, wait until you see how easy the “exploit” is.
3
3
91
I received my first cease and desist for responsibly disclosing a critical vulnerability that gives a remote unauthenticated attacker full access to modify a traffic controller and change stoplights. Does this make me a Security Researcher now?
216
341
5K
First time I've seen a threat actor leveraging keyemu in the wild. Can't wait to try it on a pentest. Turns out the technique was released years ago in this github repo:
0
2
7
Anyone know the SLA time on a P1 for @Fortinet I’ve called 4 times this morning and keep getting told they’ll call back later.
0
0
2
I probably should have checked the weather forecast before driving 4 hours.
1
0
4
Tired of just grabbing a screenshot after compromising a crestron unit on a pentest?. Introducing party mode, a surefire way to spice up your debrief meeting. Finish your presentation. Hit the button and moonwalk out the door.
0
2
5
Happy 1st birthday to Red Threat!. Thanks to all of our friends and family that supported us in making this dream a reality.
0
0
10