Instance Logo

threatactor.club

joernchen :cute_dumpster_fire: . @joern,

Short #introduction ahead:

I’m joern and I like to cause dumpster fires. I’m looking back to > 10 years of security consulting and since about three years I’m doing security research over at GitLab.

You can find an almost up to date list of some of the IT security related stuff I did in the past at https://0day.click/page/references/.

Fun fact: @fabs named his SAST tool joern after me :trollface:. Find it at https://joern.io

The exploit I’m most proud of is the one for CVE-2012-0809, a format string issue in sudo. You can find it here: https://gist.github.com/joernchen/618a8940894084102fe2

The most notable shell I popped was on on www.ccc.de, which was due to https://github.com/hukl/cccms/blob/220c6f7bdfc0da33d4284495d6954b2b89f224f6/config/initializers/session_store.rb#L9 :lolol:

Also I did a lot of Ruby on Rails hacking in the early 2010s and wrote about it in http://phrack.org/issues/69/12.html#article

Besides hacking and reading other people’s code I’m practicing Brazilian jiu-jitsu a lot in my spare time.

#introductions #security #infosec #hacking

Open thread
lit . @ll1t,

@joern didn’t we drop the terribly derogatory term dumpster fire in favor of thermal refuse utilization? j/k

Open thread
joernchen :cute_dumpster_fire: . @joern,
BJJ Toggle visibility

@TabascoEye no it’s mostly rolling on the floor while cuddling sweaty middle aged men in pajamas

pic related

Me doing BJJ. More specifically getting submitted with a bow and arrow choke
Open thread