Post by joernchen :cute_dumpster_fire: (@joern@threatactor.club)

:cute_dumpster_fire:

Jan 24, 18:45

Sometimes you just need to look at the right spot and have a good guts feeling to find vulns.

https://about.gitlab.com/blog/2023/01/24/git-security-audit/

Jan 24, 2023, 18:45

2

18

21

lit @ll1t@mastodon.social

Jan 26, 05:51

@joern @thorkson sometimes you only have to spend a decade or two to develop a good guts feeling to find vulns. :) Cool finding and nice writeup!

Jan 26, 2023, 05:51

1

0

1

Thorkson Ericsson

@thorkson@infosec.exchange

Jan 26, 07:31

@ll1t
@joern I am still waiting for the "guts feeling" ISO norm or "vuln research with guts - for dummies" ;-)

Jan 26, 2023, 07:31

2

0

1

:cute_dumpster_fire:

Jan 26, 08:20

@ll1t @thorkson well I kinda did a training on that a while back

https://code-audit-training.gitlab.io/

Jan 26, 2023, 08:20

0

0

1

lit @ll1t@mastodon.social

Jan 26, 07:36

@thorkson @joern still have to see the book, but pretty confident the norms must be out there. Should be ISO 31337 for vuln research via code auditing and ISO 73313 for vuln research using reverse engineering, respectively. ;P

Jan 26, 2023, 07:36

0

0

1

@anticomputer@emacs.ch

Jan 24, 21:15

@joern nice finds!

Jan 24, 2023, 21:15

0

0

0