Log inOpen app
blasty
4,485 posts
user avatar
blasty
@bl4sty
irresponsible disclosure aficionado
The Netherlands
haxx.in
Joined April 2009
1,151
Following
17.4K
Followers
user avatar
@bl4sty

See blasty’s full profile

Open X

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • user avatar
    blasty
    @bl4sty
    Jul 11, 2023
    wholesome yet dystopian
    133
    10K
    174K
    5.5M
  • user avatar
    blasty
    @bl4sty
    Apr 6, 2024
    the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n
    30
    954
    5.1K
    873K
  • user avatar
    blasty
    @bl4sty
    Apr 6, 2024
    Replying to @bl4sty
    auth bypass confirmed! > INFO:paramiko.transport:Authentication (password) successful! mm_keyallowed_backdoor cmd 1 allows to override the response for mm_answer_authpassword with a custom one. if you set it to { u32(9), u8(13), u32(1), u32(0) } you can login with any pass 🤓
    12
    135
    1.1K
    110K
  • user avatar
    blasty
    @bl4sty
    Apr 2, 2024
    xz bd engineer 1: bro, we need a way to probe the address space to make sure we never SEGV sshd xz bd engineer 2: we'll just do a pselect syscall with empty fd sets, a timeout of 1 nanosecond and the addr we want to probe is passed as the sigmask pointer, EFAULT means unmapped
    20
    126
    940
    164K
  • user avatar
    blasty
    @bl4sty
    Jan 10, 2023
    Decided to publish the Lexmark printer exploit + writeup + tools instead of sell it for peanuts. 0day at the time of writing: github.com/blasty/lexmark -- enjoy!
    GitHub - blasty/lexmark
    From github.com
    17
    275
    919
    147K
  • user avatar
    blasty
    @bl4sty
    Mar 29, 2024
    nothing to see here, just properly documenting the fixed defects in the backdoor code 😂
    2
    110
    799
    89K
  • user avatar
    blasty
    @bl4sty
    Mar 7, 2022
    Hacked up a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary. haxx.in/files/dirtypip…
    9
    296
    766
  • user avatar
    blasty
    @bl4sty
    Jul 11, 2023
    Replying to @bl4sty
    .. since this tweet is ballin' slightly outta control: 1) image was stolen from @[email protected] on the fediverse, not my neighbourhood (SF) 2) all the printers I currently own will only display this quirky animation: x.com/thezdi/status/… -- who do I contact??
    user avatar
    TrendAI Zero Day Initiative
    @thezdi
    Dec 8, 2022
    While @bl4sty only scored a COLLISION (non-unique bug) - Peter definitely gets a boatload of STYLE POINTS for this hack on a Canon printer @ #P2OToronto #Pwn2Own
    00:00
    4
    15
    717
    445K
  • user avatar
    blasty
    @bl4sty
    Mar 29, 2024
    Replying to @bl4sty
    you gotta appreciate the way they shipped the backdoored object file. added some "test" data to the source tree that gets unxz'd and (dd) carved in a specific way, that is fed into a deobfuscator written in.. awk script and the result gets unxz'd again
    7
    122
    679
    108K
  • user avatar
    blasty
    @bl4sty
    Apr 6, 2024
    Replying to @bl4sty
    whoever designed this stuff had to take a deep dive into openSSH(d) internals (and so did I for the past couple of days, oof) .. hats off, once again :)
    5
    19
    618
    76K
  • user avatar
    blasty
    @bl4sty
    Mar 25, 2025
    Here we can see @AnthropicAI's claude (Sonnet 3.7 model) talking to IDA pro to reverse engineer a CTF task I made for @PotluckCTF, it does pretty well! It manages to get a grasp of the entire custom VM instruction set, file format, syscall interface etc.🤓 The MCP server is
    00:00
    18
    126
    682
    61K
  • user avatar
    blasty
    @bl4sty
    Jan 25, 2022
    haxx.in/files/blasty-v… enjoy, my fellow scriptkiddies
    13
    187
    632
  • user avatar
    blasty
    @bl4sty
    Feb 6, 2018
    *facepalm*
    27
    274
    564
  • user avatar
    blasty
    @bl4sty
    Mar 7, 2022
    Dirty Pipe PoC (dirtypipe.cm4all.com) works beautifully. 🤑
    1
    162
    525