Florian
@floesen_
Followers
1,779
Following
96
Media
2
Statuses
70
Passionate about reverse engineering and low level development. @the_secret_club
Joined October 2020
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Brazil
• 1115918 Tweets
Elon Musk
• 704860 Tweets
Alexandre de Moraes
• 466558 Tweets
Sterling
• 244010 Tweets
Bluesky
• 205644 Tweets
Adeus Twitter
• 158314 Tweets
Politico
• 154986 Tweets
Xandão
• 153409 Tweets
#مولد_ولي_العهد
• 135912 Tweets
#BUS1stFANCON_KnockKnockKnock
• 88887 Tweets
Tchau
• 84171 Tweets
Temple
• 59559 Tweets
Caitlin Clark
• 52020 Tweets
VPNs
• 50126 Tweets
#SmackDown
• 36513 Tweets
ブラジル
• 33982 Tweets
Angel Reese
• 28799 Tweets
Michigan State
• 23155 Tweets
Oklahoma
• 20616 Tweets
O Santos
• 19970 Tweets
野菜の日
• 16670 Tweets
#INZM_30Mviews
• 16569 Tweets
Andrade
• 13408 Tweets
Djokovic
• 12058 Tweets
Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled.
8
185
516
Good news! Valve fixed my recent exploit and gave me permissions to disclose details. That being said, I am working on a detailed technical write-up which I am going to release soon. Stay tuned!
5
26
284
A bug allows any user to crash the Windows Event Log service of any other Windows 10/Server 2022 machine on the same domain. According to MSRC, the bug does not meet the bar for servicing and therefore they allowed me to publish a proof of concept.
14
101
265
I believe some things need to be clarified regarding my source engine exploit.
First of all, I decided not to put people at risk by disclosing technical details before this gets fixed.
(1/4)
2
11
75
Recently, I've seen some people complaining about long response times at bugbounty programs. Let's play a game, can you beat one of my "recent" gems? A wormable, single click RCE affecting every Steam user that owns atleast one Source engine game - NOT resolved for 500+ days.
5
8
56
After all, I am not trying to harm anybody. I just want to see this bug getting fixed. Then, I can release a write-up that some people hopefully find interesting!
(4/4)
4
1
49
I tried to reach out to Valve countless of times since then. Although they did pay me a bounty 6 months ago, I am left without any clear response. I feel like this bug is never going to be fixed as long as it is not addressed publicly.
(3/4)
3
1
51
It's disclosure time! I hope you enjoy my write-up.
4
9
48
I submitted the bug at H1 roughly 2 years ago and it got verified/triaged after a couple of months. That being said, I think it is reasonable to say that Valve had plenty of time to fix this issue.
(2/4)
1
2
41
"When we posted that this exploit affects every source engine game one should understand this as 'every game might theoretically be affected as it is a bug in the engine and not something game specific.'" - Thank you for including this, as many people seem to have misunderstood!
NEW: Hackers could take over 'Counter Strike' players' computers with a Steam invite.
The bug is still unpatched, even though researcher reported it almost two years ago.
2
65
107
1
9
18
Also, make sure to check out the exploit code if you are interested:
0
3
16
@GabrielLandau
I did report it and they didn’t seem to care. It got a low severity assigned and therefore it doesn’t meet the bar for servicing.
0
0
7
@mr_phrazer
I am very glad that I attended your workshop today! Highly recommending it to everybody who is interested in code (de-)obfuscation. :)
0
1
7
@Jean_Maes_1994
Any approach that enables you to execute your code in the lsass.exe process should work fine.
1
0
6
@thexpaw
@the_secret_club
I do have a H1 ticket assigned, the bug got triaged a couple of months after submission and actually a bounty has already been paid too. While the guy working at H1 occasionally responds to my messages, Valve never showed up again after paying the bounty.
2
0
5
If performed remotely, the DoS does not work on clients that have the Remote Event Log feature blocked in their firewall. Whether this is the case, I guess, depends on many factors such as the domain group policies for example.
1
0
5
@wdormann
@the_secret_club
@hasherezade
They aren't really actively preventing me. I am just waiting for them to fix this because I think it is unreasonable to disclose anything before. Even though in my opinion Valve deserved it, it is not worth putting millions of people at risk.
0
0
5
2
99
214
0
1
4
@Tyler_McV
@the_secret_club
They are preventing me from disclosing it by not fixing it. There is an open H1 ticket, the bug has been triaged, and also a bounty was paid. It is safe to say that this bug has been communicated to them at least 1 1/2 years ago.
0
0
4
@rvandenbrink
@thegrugq
Impact should be the same as the LogCrusher bug from late 2022. MS stated that this bug doesn't require immediate action but will be fixed in the future. Then they claimed it was a duplicate of another bug from 2022 (coincidence?) that didn't meet the requirements for servicing.
1
0
4
@grant_consultin
@the_secret_club
POC with an additional write-up will be released as soon as this gets fixed.
0
0
3
@XMPPwocky
@vm_call
Yes they are, however, this exploit does not make use of them. Once this bug gets resolved, I will definitely write a blogpost about it.
0
0
3
@yarden_shafir
@GabrielLandau
I actually got a trick up my sleeve to kill LSASS as unprivileged user regardless of LSA protection but it doesn’t help. The registration is locked in.
1
0
2
@garrynewman
@gmodofficial
I'd love to see this fixed in Garry's Mod, but at the same time I'd rather not share technical details without consulting Valve before. I am sorry.
1
0
2
@MSTRMN_
@daax_rynd
Yeah, that's understandable. In my case it's not that Valve didn't respond at all, they just kept telling me "that they are currently working on it".
1
0
2
@luminouslutrine
@the_secret_club
I published the details on the secret club blog some time ago.
1
0
2
0
0
1
@JLLeitschuh
@the_secret_club
@ulldma
Thanks for the nice offer! By now, the vulnerability has been fixed and I also released a detailed write-up. Feel free to check my last tweets for further information.
0
0
1
@JustNickTV
Well, I don't think so. I mean I did not disclose details thus I do not see any reasons for them to take it back in the first place.
0
0
1
@ConcealedBones
@JustNickTV
The bug itself is extremely easy to fix. I even offered them my help and made several suggestions on what to do. I know for a fact that they know how to fix this, but I can't elaborate on this at the moment, sorry.
1
0
1