Chris Lyne
@lynerc
Followers
529
Following
802
Media
5
Statuses
303
Security researcher. Tennis player. Bourbon taster. Animal lover. Lawn care nut. Opinions are my own.
Joined January 2011
Bank of America warns customers of data breach after vendor hack - @serghei
https://t.co/vMrzk8gMgD
https://t.co/vMrzk8gMgD
bleepingcomputer.com
Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.
2
143
212
Do you enjoy capture the flag contests and solving hard problems? Check out Praetorian's cyber tech challenges! Solve problems. Get hired! https://t.co/AVqwYcYJ5e
0
1
1
Because inadvertent secrets disclosure is a common attack path into an org, we developed Nosey Parker—a ML powered scanner for locating secrets. With a precision of 98.5%, Nosey Parker is an order of magnitude better than existing secrets solutions https://t.co/CgLBUGr8aQ
0
4
7
Found some issues in Gryphon routers that let you root other people's devices across the internet through a shared Gryphon VPN service: https://t.co/QLIRRyDVTa
1
4
5
I'm really excited for this video! I got a chance to collab with @LiveOverflow and share the process for discovering the localhost bypass for CVE-2021-45046 with code review and differential fuzzing. :)
After the log4shell vulnerability was patched with version 2.15, another CVE was assigned. Let's have a closer look at the localhost JNDI connections bypass and learn about fuzzing Java applications. https://t.co/yXpXLqrYZm
1
2
18
I'd like to share this to demonstrate this is what I sacrificed to stay sharp in infosec. Blue is the ideal line, yellow is the actual. My arms started to feel numb. My doc said I was about a few years away to need a surgery. If you do a lot late night hacking, think about this.
52
167
669
Anyone have training recommendations for thick client pen testing / bug hunting?
0
1
0
Second in a set of wicked twin blogs by @lynerc & @CE2Wells : Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082) by @CE2Wells
link.medium.com
A couple months back, Chris Lyne and I had a look at ManageEngine ServiceDesk Plus. This product consists of a server / agent model in…
0
2
3
First in a set of wicked twin blogs by @lynerc & @CE2Wells : Stored XSS to RCE Chain as SYSTEM in ManageEngine ServiceDesk Plus by @lynerc
link.medium.com
Gaining SYSTEM access via the help desk software
0
5
11
Found a couple bugs in some Buffalo routers, one of which happened to affect a bunch more devices. https://t.co/ySft5EP299
link.medium.com
A walkthrough of my first experience in router hacking
1
7
15
Super excited to present my research @IoTvillage #defcon29!
Catch @kojenov's #iotvillage talk first thing Sat morning (Aug 7) at 10am PT @defcon! All talks will be streamed on our Twitch: https://t.co/k01S0DrBeG To view our entire #defcon29 talk schedule, visit: https://t.co/y7MP4h9bN2
0
4
9
“Examining Crypto and Bypassing Authentication in Schneider Electric PLCs (M340/M580)” by Nicholas Miles https://t.co/BcdfPWqNxp
2
5
9
New blog from @tenablesecurity researcher @clairetills on the proof-of-concept exploit for CVE-2020-3850, a cross-site scripting vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense software web services.
charge.tenable.com
Charge
0
3
2
0
7
6
Did a writeup on leveraging a small bug in a Power Apps page to steal auth tokens, emails, and more from Microsoft Teams users via malicious tabs. https://t.co/gZ6DfopgPs
0
11
13
We have issued a security advisory for a low-severity vulnerability in the journalist web application (fixed in SecureDrop 1.8.2). We would like to thank the @TenableSecurity team for their responsible disclosure. You can find more information at: https://t.co/OnjEWqFJjJ
securedrop.org
On May 10, 2021, the Tenable team informed us of a CSRF vulnerability on SecureDrop’s Journalist Interface. Details are now available on their advisories page.
1
3
6