David Baker Effendi
@SDBakerEffendi
Followers
90
Following
6K
Media
2
Statuses
68
RT @BSidesCapeTown: π€ BSides 2024 SPEAKER ANNOUNCEMENT π€. "Attacking Pipelines: Large Scale Exploitation of Workflow Files" Presented by Daβ¦.
0
4
0
RT @BSidesCapeTown: πππ’πππ¬ πππ©π ππ¨π°π§ is proud to announce @whirlylabs as one of our SILVER Sponsors this year! . -β¦.
0
6
0
RT @arancaytar: @__femb0t "done right, a compiler should be able to simply figure out if a program will halt; it's not that hard".
0
10
0
RT @PentesterLab: Articles worth reading discovered last week: . π π π .
github.blog
Using CVE-2023-43641 as an example, Iβll explain how to develop an exploit for a memory corruption vulnerability on Linux. The exploit has to bypass several mitigations to achieve code execution.
0
10
0
The cat's out of the bag! The sha256 sums we tweeted coming up to the event were the PoC exploits we presented at @BSidesCapeTown. We only had so much time, and so many more gadgets to show, but we're confident we made our point - don't use `readObject`!.
We presented the first iteration of our work on mining Java deserialization gadgets at BSides Cape Town. This includes exploit chains against ZK framework and Groovy. Slides are available at - recording will follow.
0
4
5
Definitely get this guy a cold one!.
Meet the Team. BSides does not happen without our Volunteers. We will be sharing some posts highlighting our incredible volunteers. Be sure to say thanks and buy them a cold one!. Thanks for your dedication and effort, @davey_lups. #BSidesCapeTown2023
0
1
1
For anyone wondering about these cryptic SHA256 tweets, these are mostly timestamps to prove when we found a vulnerability that hasnβt been made public. The exploit being what is hashed. Of course, these are all planned for our presentation at @BSidesCapeTown on 2 Dec π€.
SHA256 of a payload for a deserialization gadget leading to an RCE. No CVE reported on Maven Central (yet). db1a5b64b709c1beb905eb4230a0bcb09eaddef0c687d8118462202a808ad72e.
0
3
6
SHA256 of a payload for a deserialization gadget leading to an RCE. No CVE reported on Maven Central (yet). db1a5b64b709c1beb905eb4230a0bcb09eaddef0c687d8118462202a808ad72e.
0
0
2
Just leaving this timestamp here, in case it becomes something significant later: 9faa3a41234b6712357b0d2b51e047fa91653d0e16ed4226a2fdd39da9e3f9fe.
2
0
3
RT @wakil_saheeba: I recently had a 3 hour long discussion with a bunch of ppl who bought in the propaganda.Making this thread for those whβ¦.
0
39K
0
Weβve rebuilt and specialised some components of what we do in the Joern project to bring you a powerful Java gadget chain detection tool!.
BSides Cape Town is excited to announce our next speaker!. Speaker: David Baker Effendi / Fabian Yamaguchi .Title: Forging Chains: The Java Blacksmith. Track and timing to follow!.Follow them on X: @SDBakerEffendi / @fabsx00 . Tickets on Sale Now!.
1
0
3
RT @fabsx00: Yay! Our proposal for @BSidesCapeTown was accepted! @SDBakerEffendi and I will be speaking about the real-world challenges ofβ¦.
0
3
0
RT @pr0me: The more you see, the more you can analyze!. We just put our work on inferring missing types with LLMs for #StaticAnalysis on @hβ¦.
huggingface.co
0
5
0
RT @chrisalbon: 2022: βWOW you can write a prompt and an AI will draw it!β. 2028: βYou want to write a prompt? First you need to hire 10-15β¦.
0
2K
0
RT @fabsx00: Since dlink never got back to us, here's the recording of last year's conclusion lecture where I walk students through the disβ¦.
drive.google.com
0
39
0