LCFR
@lcfr_eth
Followers
3K
Following
33K
Media
6
Statuses
37
RIP to a real one, you will be missed @steaIth To the people who follow who weren't around the scene and have only ever heard of CDC by chance. I suggest looking up team-teso(7350) & ADM. The juarez stash these groups had back in the day would have made the NSA jealous.
Stealth died 😢 A member of Team-Teso, Phrack staff, and many other groups. A true hacker—perhaps as true as a hacker can ever be. WE MISS YOU. 🩷 More: https://t.co/Jx0JYfrjnG <stealth> we had joy we had fun we had a rootshell on a sun.
1
1
17
the year is 2030 - reth is now an lkm/driver implementing its own mmap handler. exploits are now spraying pages and reading/writing past mmap chunk boundaries like its 2010. double-free? nah double-spends because we thought we cleared that memory.
want to compete with solana? fix the EVM memory model. https://t.co/il4E6NQcEp
1
0
6
Posting a throwback to some old web2->web3 boundry crossing bounties I reported years ago as duplicate ENS names are being discussed again (using unicode). First was registering invalid names with script tags that would be parsed by @etherscan even though they were invalid as
ens.domains
In April 2022, we were informed of a vulnerability in our subgraph implementation by community contributor lcfr
2
1
24
🚨 We got RCE on Solana 🚨 Finally revealing FULL details about the RCE vulnerability we found 2 years ago. Found it. Lost it. Exploited it anyway. 🔬 Here’s what real-world bug hunting looks like:
anatomi.st
Battle‑tested researchers securing billions in on‑chain value.
4
33
136
Follow up to the post from yesterday. Posting a https://t.co/GjLnSUpEDy script I use to search basic things - based on something I saw @bantg post somewhere awhile back. https://t.co/nMAD30apSe Can get the number of contracts + extract all current contract addresses (can
Just use cryo and save them all as parquets and use python to query the data? cryo contracts --rpc http://127.0.0.1:8545 --blocks 0 -c 999999 -o ${contract_dir}
3
3
18
Just use cryo and save them all as parquets and use python to query the data? cryo contracts --rpc http://127.0.0.1:8545 --blocks 0 -c 999999 -o ${contract_dir}
With an Erigon full node running on the same server as our code and running `trace_block` for every block starting from genesis, we successfully retrieved all deployed contracts and their bytecodes in around five days!
2
1
43
dev.to
The YAML (YAML Ain't Markup Language) library in Python has been identified as having vulnerabilities...
SlowMist released a new report on how north korea is attacking CEXs They pretend to be a legit team and contact CEX employees, paying them for help debugging code Then the code to debug uses dependencies that have vulnerabilities, so when executed it hacks the victim's PC
0
0
5
Timelines like this (from: https://t.co/JCRz9pLMdd) are why companies use #grsecurity, where the ROP, DirtyPipe, msg_msg, modprobe_path, etc techniques are all long dead:
2
6
23
easy bypass for some distros that ship php w/ ffi enabled (debian). adding prctl to the script can still be bypassed.
My short post about Generic bpftrace-based RCE/webshell prevention technique for critical #Linux network services https://t.co/RKXFYHTFLg
0
1
8