Saif Noor Prottoy ⚔️
@saifnoorprottoy.bsky.social
building security startup(s) @ 🛠️ https://gitlab.com/elixir-networks
I love how interesting names pop up all over computer science, whether it’s a catchy software brand, a security tool, or a clever research paper title. In the morning I just woke up with the story that a top tier data company snapped up a startup whose whole identity was a bakery treat.
December 8, 2025 at 6:50 AM
I love how interesting names pop up all over computer science, whether it’s a catchy software brand, a security tool, or a clever research paper title. In the morning I just woke up with the story that a top tier data company snapped up a startup whose whole identity was a bakery treat.
looking back if I think carefully Google was not the first search engine, right? we had AOL yahoo and many more, what made Google a behemoth is their dedication towards fundamental scientific research and transferring that knowledge rapidly into a live product at same time building an ambitious team
November 15, 2025 at 4:34 PM
looking back if I think carefully Google was not the first search engine, right? we had AOL yahoo and many more, what made Google a behemoth is their dedication towards fundamental scientific research and transferring that knowledge rapidly into a live product at same time building an ambitious team
Mr. Huang met his lawyer to incorporate the company. The lawyer asked how much capital he had available, and Mr. Huang contributed $200, purchasing a 20 % stake in Nvidia. keep building
November 7, 2025 at 10:29 AM
Mr. Huang met his lawyer to incorporate the company. The lawyer asked how much capital he had available, and Mr. Huang contributed $200, purchasing a 20 % stake in Nvidia. keep building
Reposted by Saif Noor Prottoy ⚔️
At USENIX Security? Then check out:
Studying the Use of CVEs in Academia, won distinguished paper award www.usenix.org/conference/u...
Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON www.usenix.org/conference/u...
Big thanks to all co-authors!!
Studying the Use of CVEs in Academia, won distinguished paper award www.usenix.org/conference/u...
Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON www.usenix.org/conference/u...
Big thanks to all co-authors!!
August 13, 2025 at 10:30 PM
At USENIX Security? Then check out:
Studying the Use of CVEs in Academia, won distinguished paper award www.usenix.org/conference/u...
Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON www.usenix.org/conference/u...
Big thanks to all co-authors!!
Studying the Use of CVEs in Academia, won distinguished paper award www.usenix.org/conference/u...
Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON www.usenix.org/conference/u...
Big thanks to all co-authors!!
Reposted by Saif Noor Prottoy ⚔️
Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: youtu.be/zoAITq7jUM8. It has been a pleasure; awesome conference, brilliant people. Slides and paper: www.danielklischies.net/research/bas...
OffensiveCon25 - Daniel Klischies and David Hirsch
YouTube video by OffensiveCon
youtu.be
May 28, 2025 at 11:21 AM
Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: youtu.be/zoAITq7jUM8. It has been a pleasure; awesome conference, brilliant people. Slides and paper: www.danielklischies.net/research/bas...
Reposted by Saif Noor Prottoy ⚔️
Talk Tomorrow: "Scalable Static Analysis and High-Performance Logic Programming" (github.com/kmicinski/mi...)
github.com
October 28, 2025 at 6:58 PM
Talk Tomorrow: "Scalable Static Analysis and High-Performance Logic Programming" (github.com/kmicinski/mi...)
Reposted by Saif Noor Prottoy ⚔️
Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hij...
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hij...
The Key to COMpromise - Pwning AVs and EDRs by Hijacking COM Interfaces, Part 1
In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you've never heard of this, no worries. We introduce all r...
neodyme.io
January 15, 2025 at 3:11 PM
Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hij...
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hij...
Reposted by Saif Noor Prottoy ⚔️
Important news: Microsoft is working to bring SMAP into Windows
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
BlueHat 2024: S09: Pointer Problems – Why We’re Refactoring the Windows Kernel
YouTube video by Microsoft Security Response Center (MSRC)
www.youtube.com
December 16, 2024 at 4:29 AM
Important news: Microsoft is working to bring SMAP into Windows
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
Reposted by Saif Noor Prottoy ⚔️
I was the victim as awell - pwned via a modified rustc wrapper on a repo that the rust-analyzer run automatically upon opening. So, beware what repo you clone and open :)
I don't often post about my work but bughunters.google.com/blog/6355265... is actually super cool thing my team is doing. These short term redteams focused on just stealing our passwords were always amazing to highlight how severely broken complex systems are. The internal writeups are so, so fun!
Blog: The Great Google Password Heist: 15 years of hacking passwords to test our security (and build team culture!)
The Leaving Tradition in Google's security team, which could be described as a type of small-scale offensive security exercise, is a great (and fun) example of team culture. Curious? See this blog pos...
bughunters.google.com
December 4, 2024 at 7:14 PM
I was the victim as awell - pwned via a modified rustc wrapper on a repo that the rust-analyzer run automatically upon opening. So, beware what repo you clone and open :)
Reposted by Saif Noor Prottoy ⚔️
If you enjoy programming and lower levels of the stack, this is a talk you want to watch:
www.youtube.com/watch?v=WDfr...
www.youtube.com/watch?v=WDfr...
Eon: An Amiga 500 Demo - Andreas Fredriksson
YouTube video by Handmade Cities
www.youtube.com
November 30, 2024 at 8:55 AM
If you enjoy programming and lower levels of the stack, this is a talk you want to watch:
www.youtube.com/watch?v=WDfr...
www.youtube.com/watch?v=WDfr...
Reposted by Saif Noor Prottoy ⚔️
Fantastic write-up by @ricercasec.bsky.social on SMBGhost pre-auth; also covers the difficulties with modern exploitation on Windows: ricercasecurity.blogspot.com/2020/04/ill-...
"I'll ask your body": SMBGhost pre-auth RCE abusing Direct Memory Access structs
Posted by hugeh0ge, Ricerca Security NOTE: We have decided to make our PoC exclusively available to our customers to avoid abuse by scr...
ricercasecurity.blogspot.com
December 1, 2024 at 6:33 AM
Fantastic write-up by @ricercasec.bsky.social on SMBGhost pre-auth; also covers the difficulties with modern exploitation on Windows: ricercasecurity.blogspot.com/2020/04/ill-...
Reposted by Saif Noor Prottoy ⚔️
Attacking hypervisors - A practical case [Pwn2Own Vancouver 2024]
Attacking hypervisors - A practical case [Pwn2Own Vancouver 2024]
www.reversetactics.com
November 26, 2024 at 8:09 AM
Attacking hypervisors - A practical case [Pwn2Own Vancouver 2024]
Reposted by Saif Noor Prottoy ⚔️
Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels
www.usenix.org/system/files...
www.usenix.org/system/files...
November 26, 2024 at 2:13 PM
Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels
www.usenix.org/system/files...
www.usenix.org/system/files...