On the 18th of November I submitted a ticket to the Monero HackerOne Bug Bounty program. This is the ticket regarding ‘GarlicRust’, a vulnerability I publicly disclosed in my previous b…| Eyal Itkin
The GarlicRust vulnerability, a.k.a CVE 2017-17066, is a major info-leak vulnerability in C++ implementations of the I2P router. The vulnerability was found in i2pd and kovri, as part of the Monero…| Eyal Itkin
In the previous post I demonstrated how to bypass Microsoft’s RFG, a.k.a. “Shadow Stack”, assuming we can locate the shadow stack. In this post I’ll fill up the missing deta…| Eyal Itkin
Last post we discussed format string implementation vulnerabilities, and focused on the vulnerabilities in the (C/M)Ruby implementation. Since shopify integrated MRuby in a VM-like scenario, we wil…| Eyal Itkin