Log inSign up
itszn
1,328 posts
Image
user avatar
itszn
@itszn13
Amy | Security researcher @ OpenAI | stackchk.fail/ctf.txt | bsky: nyanbox.stackchk.fail | LLM ART: bsky.app/profile/altern…
she/her
Joined June 2011
737
Following
10.7K
Followers
RepliesRepliesMediaMedia

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Pinned
    user avatar
    itszn
    @itszn13
    Jan 12
    When MicroQuickJS released, I spent 8.5 hours to summon an Exploit for it. Here is the Fault: var arr = new Array(30) var attack = { valueOf: function() { arr.length = 0 arr.length = 3 return 10 } } arr.splice(attack, 30) I document the full Ritual Process below
    Image
    user avatar
    itszn
    @itszn13
    Dec 24, 2025
    New JS engine, old JS vulns :) Found a bug and wrote an exploit in 8 hours 645da364a8089c43953b345d3004fc76148cb2f136f74e211429ddc8452846d1 exp-shell.js ./mqjs ./exp-shell.js LEAKED: 77b6 1c5ff205 LIBC BASE: 77b6 1d600000 STACK PTR: 7ffd 143e1bb8 WROTE ROP CHAIN $ whoami nyan
    30K
  • user avatar
    itszn
    @itszn13
    Mar 21, 2025
    Claude reversing a binary using Binary Ninja via MCP while I get a snack @bl4sty @ziyadedher @vector35
    Image
    00:00
    user avatar
    blasty
    @bl4sty
    Mar 21, 2025
    who's building the IDA Pro MCP? "please annotate the shit out of this monolithic 64MiB firmware binary while I get some coffee, will ya?"
    226K
  • user avatar
    itszn
    @itszn13
    Jul 6, 2019
    Decided to take @qwertyoruiopz's nday and write a full exploit for it. Here is a exploit for iOS 12.3.1 doing SOP bypass via arbitrary read/write
    Image
    00:00
  • user avatar
    itszn
    @itszn13
    Feb 29, 2020
    Scientists say that Dark Matter takes up 85% of matter in our universe. But what they don't know is that it is made up entirely of Page Tables that keep track of the rest of the matter
  • user avatar
    itszn
    @itszn13
    Mar 1, 2020
    You can see the heap bof at the end of the payload, where they are still using aaaaaaaaaaaaa to pad. What is this? A CTF exploit?
    user avatar
    AIfredo 0rtega
    @ortegaalfredo
    Feb 28, 2020
    This is the complete DNA of the Coronavirus (SARS-CoV-2). We are being attacked by a 8 kilobytes virus. Remember this when you hate on computers security. (source: ncbi.nlm.nih.gov/nuccore/MN9089… )
    Image
  • user avatar
    itszn
    @itszn13
    Oct 10, 2019
    If you ever tried to perform XSS without parenthesis, you may have realized that eval`payload` does not work. However you can do this instead: Function`alert\`xss\````
  • user avatar
    itszn
    @itszn13
    Sep 8, 2019
    Here is my exploit for the ChakraCore JIT exploit challenge for @TrendMicroCTF 2019 Was fun to take a break from V8 and JavaScriptCore
    Image
    Trendmicro CTF ChakraCore exploit
    From gist.github.com
  • user avatar
    itszn
    @itszn13
    Jun 16, 2021
    Have ever wanted to learn how to bypass PAC, but you don't have the hardware or time to set up emulation? You are in luck! We now have an *in browser* intro PAC exploitation challenge you can play right now!
    user avatar
    RET2 Systems
    @ret2systems
    Jun 16, 2021
    Exploiting the notoriously unsafe gets() on a PAC-protected ARM64 binary, how hard could it be? Check out our latest blogpost to find out: blog.ret2.io/2021/06/16/int…
    Image
    GIF
  • user avatar
    itszn
    @itszn13
    Aug 29, 2024
    Today is the 10 year anniversary of the first time I ever pwned anything! My first exploit was a simple stack smash, overwrite return ptr, jump to admin function. This was an in internal recruiting CTF by @gaasedelen for the RPISEC Before that day I had never even considered
    24K
  • user avatar
    itszn
    @itszn13
    Dec 24, 2021
    Tricky JavaScript Syntax - Without trying it, what will this function return:
    function foo(a1, a2) {   if (a1) return {     if (a2) {       return 'bar';     }   } } let answer = foo(1,1)
  • user avatar
    itszn
    @itszn13
    Feb 14, 2020
    The video of my BlueHatIL talk is now online! Check out how I attack other websites from inside the Safari Sandbox Forget the Sandbox Escape: Abusing Browsers from Code Execution
    Image
    BlueHat IL 2020 - Amy Burnett - Forget the Sandbox Escape: Abusing Browsers from Code Execution
    From youtube.com
  • user avatar
    itszn
    @itszn13
    Jan 20, 2020
    Been waiting to announce: I'll be presenting "Forget the Sandbox Escape: Abusing Browsers from Code Execution" at this year's BluehatIL This talk will look at what attacks you can pull off in browsers without needing a sandbox escape I will also be demoing a POC of persistence
    user avatar
    BlueHat IL
    @BlueHatIL
    Jan 20, 2020
    The wait is finally over! Registration & schedule for #BlueHatIL 2020 are live. Places are limited so register NOW: bluehatil.com
    Image
  • user avatar
    itszn
    @itszn13
    Aug 13, 2020
    Watch it to the end to see real pwning :)
    Image
    00:00
  • user avatar
    itszn
    @itszn13
    Jun 18, 2020
    Is this what people mean when they talk about free speech?
    Image
Advertisement
Advertisement