Simon Scannell

@scannell_simon

I like to learn by breaking things. Vulnerability Research

~
scannell.io
Joined October 2018
4 Photos and videos Photos and videos

Tweets

You blocked @scannell_simon

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @scannell_simon

  1. Pinned Tweet
    Jan 1

    I published my exploit for this here: Happy new year everyone!

    0:29
    Last week, Ubuntu 20.10 was released. Feel free to read my post on how I fuzzed eBPF, as well as a vulnerability breakdown of CVE-2020-27194 which is exploitable on the new Ubuntu release. (You can just skip to the vuln write up).
    2 replies 84 retweets 311 likes
    Undo
  2. Retweeted
    Aug 14

    The plural of regex is regrets

    55 replies 1,517 retweets 7,276 likes
    Undo
  3. Retweeted
    Aug 12

    MyBB fixed a Persistent XSS (CVE-2021-27279) in MyBB < 1.8.25 found by our researcher Igor Sak-Sakovskiy. RCE is possible when chained with CVE-2021-27890, reported by Simon Scannell & Carl Smith. Advisory:

    3 replies 38 retweets 77 likes
    Show this thread
    Show this thread
    Undo
  4. Retweeted
    Aug 5

    Tired of hopping between boring programs? We are looking for full-time and vulnerability researchers to join our R&D team and uncover impactful bugs in popular open-source projects:

    11 retweets 21 likes
    Undo
  5. Retweeted
    Aug 2

    We are excited that our security researchers and are honored with a nomination for this year's ... - Best Client-Side Bug (RCE through CS:GO) - Best Privilege Escalation Bug (CVE-2020-27194) - Most Under-Hyped Research (Composer)

    Announcing the 2021 Pwnie Award nominations:
    4 retweets 27 likes
    Undo
  6. Retweeted
    Jul 29

    So excited to finally release my blog post- Kernel Pwning with eBPF: a Love Story. I cover eBPF, the verifier, debugging, exploitation, mitigations and other cool findings! I do root cause analysis and exploit CVE-2021-3490 for LPE with PoC included.

    38 replies 585 retweets 1,715 likes
    Show this thread
    Show this thread
    Undo
  7. Retweeted
    Jul 28

    We discovered a and code vulnerability in Zimbra webmail that could enable attackers to steal all emails of an organization by sending one malicious email. Learn more in our new blog post:

    8 retweets 9 likes
    Undo
  8. Jul 27

    Really happy to have published something again, especially web stuff! pre-auth Stored XSS in email body + SSRF

    2 replies 42 retweets 114 likes
    Undo
  9. Retweeted
    Jul 14

    Yet another Linux kernel exploitation write-up! CVE-2021-22555: Turning \x00\x00 into 10000$

    14 replies 433 retweets 1,264 likes
    Undo
  10. Retweeted
    May 18

    My first blog post as a vulnerability researcher is up 🎉 Check it out to learn about blind and error-based NoSQL injections in RocketChat that ended up giving me RCE!

    NoSQL Injections in 3.12.1 allowed to take over the chat server. Learn more about these code vulnerabilities and how to prevent them:
    4 retweets 24 likes
    Undo
  11. Retweeted
    May 16

    Just published the source code for both proxy and pocs

    Counter-Strike Global Offsets: reliable remote code execution by (Guest article)
    11 retweets 17 likes
    Undo
  12. Retweeted
    May 15

    I've written multiple OSes, dozens of compilers, and even developed entirely new algorithms. I'm a high-school dropout.

    TikTok comment “you can be a programmer the word engineer needs a degree”
    🤯 RT this if you’re an engineer working on OS, compilers, APIs, algorithms without an engineering degree! 💅
    Show this thread
    6 replies 37 retweets 285 likes
    Undo
  13. May 14

    Really happy to publish something again. I have to admit I'm proud of the info leak, it enabled the exploit to be 100% reliable. We might publish the exploit code soon

    Counter-Strike Global Offsets: reliable remote code execution by (Guest article)
    1 reply 3 retweets 22 likes
    Undo
  14. Retweeted
    Apr 27

    XXE Vulnerability in <5.7.1: Learn what attackers were able to do and how to patch your code.

    4 replies 193 retweets 383 likes
    Undo
  15. Retweeted
    Apr 13

    You can read about our work in the latest VICE article

    7 replies 17 retweets 97 likes
    Undo
  16. Retweeted
    Apr 12

    I wonder if it's possible to challenge H1 legally for enforcing unlimited NDA on those bug reports while never acting on them? do you know of any precedent?

    Valve ignoring security researchers is not just specific to the secret club. Here we see Bien Pham demonstrate his Remote Code Execution exploit that has not been patched for over a year.
    3 replies 8 retweets 37 likes
    Show this thread
    Show this thread
    Undo
  17. Retweeted
    Apr 12

    Valve ignoring security researchers is not just specific to the secret club. Here we see Bien Pham demonstrate his Remote Code Execution exploit that has not been patched for over a year.

    0:37
    As you may know, recently posted videos about Source Engine games RCE. I was also ignored by Valve for a year. Here's the demonstration of my report. RCE can be achieved by connecting to a malicious server, then the chain will be completed when game is restarted.
    Show this thread
    11 replies 114 retweets 398 likes
    Undo
  18. Retweeted
    Apr 11

    Two years ago, slidybat reported a remote code execution affecting Team Fortress 2. It can be triggered by joining a community server. It has yet to be patched.

    8 replies 112 retweets 426 likes
    Show this thread
    Show this thread
    Undo
  19. Apr 10

    looking forward to the blog post on this one, should it ever be fixed! :)

    0:11
    On the topic of our previous thread, we have showcasing their remote code execution 0-day for CS:GO. This has been reported to Valve months ago, but they have neither paid them nor acknowledged the exploit.
    Show this thread
    1 retweet 12 likes
    Undo
  20. Retweeted
    Mar 18

    MyBB Remote Code Execution Chain (CVE-2021-27889, CVE-2021-27890) A guest post by our research friends and who found critical code vulnerabilities in the MyBB forum.

    1 reply 23 retweets 34 likes
    Undo
  21. Retweeted
    Jan 29

    I were able in collaboration with to create a working Proof of Concept exploit for the new sudo CVE-2021-3156. Tested just in Ubuntu 20.04.1 LTS, in other distros offsets may change. PoC available:

    19 replies 499 retweets 1,246 likes
    Undo

@scannell_simon hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·