I‘m now on Mastodon as well, you can add me at @intrigus@infosec.exchange.

Really enjoyed this year's Google CTF together with @fluxfingers. Especially the pwn "Unicornel TrustZone" challenge was nice. Writeup soonish 😀.

RT @KITCTF: Hey, GPN CTF is back!. Can you break the CTF monopoly? The only property worth owning is the top spot on our CTF leaderboard. '….

Last year I played Realworld CTF and solved "Protected by JavaSE" together with I-Al-Istannen. We exploited XXE in @github's CodeQL using the unintended CVE-2024-25129. I wrote about the (un)intended solution and how to use CodeQL to find bugs in CodeQL 😂.

When you look at a CVE's patch for more than a few seconds and get a new CVE for free :sigh:.

(3/3).In the end, all you have to do is to change a single stack pointer move and `nop` a loop and go from the right image to the far better left image 🎉. I've also written about this in a bit more detail:.

(2/3).I was playing DEFCON CTF Quals last week and the `loader` binary of the `callmerust` challenge had some not so pretty decompilation so I chose to investigate and fix it.

(1/3).Stack probing (to protect against stack clash attacks) in binaries leads to not so pretty decompilation in @NSAGov's Ghidra and @vector35's Binary Ninja, but there is an easy fix 🥳.

GitHub's award that recognizes my contributions to open source security through my various workshops and my tireless help with people learning CodeQL or just answering their questions (plus some very nice swag) has arrived 🥳

RT @KITCTF: This Thursday, @intrigus_ will present the results of his master's thesis on bounded verification of the range analysis in v8's….

Really excited for this one!.

Woah, I totally didn't expect this 😯.I wouldn't be where I'm now without the help of @HauwaOtori, @XCorail and @nicowaisman to name just three. Thank you for bringing me to GitHub+SF, encouraging me to do my first conference talk and letting a random run queries on ALL of lgtm.

RT @KITCTF: Join us this Thursday, when @ju256_ will talk about how to escape V8's new heap sandbox. As always: 7pm -120, 50.34.

RT @KITCTF: GPN CTF starts in less than two days 😲 but don't worry, we made sure you will have a banger CTF experience ᯓ★🎧. Start Fri, 10am….

RT @BlazingWindSec: Learn to audit applications for vulnerabilities with CodeQL and find them in thousands of GitHub repositories at once.….

RT @KITCTF: After learning how to reverse engineer binaries, @intrigus_ and Lennard will continue on this Thursday with an introduction on….

RT @KITCTF: We played at @redrocket_ctf's @CyberSecRumble and got 8th place internationally and 2nd in Germany! Looking forward to meet you….

RT @KITCTF: Listen up! Can you hear the sound of flags? We are composing another edition of GPN CTF. There will be some banger challenges.….

RT @GHSecurityLab: FROM code SELECT vulnerability! Grab a spot for @intrigus_'s CodeQL workshop at @nullcon Berlin this Friday. Without pri….

Want to know how to reverse engineer a Mach-O binary that breaks all tools?.Checkout my writeup for the "Injecting commands" challenge from Braeker CTF 2024!.

RT @nullcon: An interesting workshop by @intrigus_ at #NullconBerlin2024. 🔹 Use #CodeQL libraries for C/C++.🔹 Learn to build, structure que….