McCaulay (@_mccaulay) 's Twitter Profile
McCaulay

@_mccaulay

Security Researcher | OSCP | CRT | Pwn2Own

ID: 1268890167919681541

linkhttps://mccaulay.co.uk/ calendar_today05-06-2020 12:59:35

302 Tweet

3,3K Followers

168 Following

NCC Group Research & Technology (@nccgroupinfosec) 's Twitter Profile Photo

An update (1.5.1) has been released for Phoenix Contact CHARX SEC-3100 EV Charging Controllers which addresses vulnerabilities NCC Group EDG (Alex Plaskett McCaulay) exploited at Pwn2Own Automotive 2014. cert.vde.com/en/advisories/… phoenixcontact.com/en-gb/products…

blasty (@bl4sty) 's Twitter Profile Photo

some people asked for the code .. so I decided to quickly refactor my scrappy paramiko script and turned it into an ssh agent implementation that works with a vanilla openssh client that has a single line patched out. github.com/blasty/JiaTans…

some people asked for the code .. so I decided to quickly refactor my scrappy paramiko script and turned it into an ssh agent implementation that works with a vanilla openssh client that has a single line patched out. github.com/blasty/JiaTans…
Zuk (@ihackbanme) 's Twitter Profile Photo

This dude found a kernel RCE on PS5 via the network (!!!). “Heartbleed”-like attack using an ancient bug from 2006. Disclosed via HackerOne to Sony. This bug allows 3rd parties to clone games (!), cheat, or APTs to persist by compromising PS5/PS4. What did he get? $12.5k 🤦‍♂️

fidgeting bits (@fidgetingbits) 's Twitter Profile Photo

Just published some notes about porting a redis exploit to work on the musl mallocng heap: research.nccgroup.com/2024/06/11/pum…

TheZDIBugs (@thezdibugs) 's Twitter Profile Photo

[ZDI-24-845|CVE-2024-23960] (Pwn2Own) Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability (CVSS 4.6; Credit: NCC Group EDG (@nccgroupinfosec McCaulay Alex Plaskett)) zerodayinitiative.com/advisories/ZDI…

TheZDIBugs (@thezdibugs) 's Twitter Profile Photo

[ZDI-24-867|CVE-2024-25994] (Pwn2Own) Phoenix Contact CHARX SEC-3100 CharxUpdateAgent Unrestricted File Upload Remote Code Execution Vulnerability (CVSS 5.3; Credit: NCC Group EDG (@nccgroupinfosec McCaulay Alex Plaskett)) zerodayinitiative.com/advisories/ZDI…

Cyber Saiyan / RomHack Conference, Training, Camp (@cybersaiyanit) 's Twitter Profile Photo

#RomHack2024 🎟️ conference tickets 🎟️ available right now romhack.io/tickets The #agenda is online, check this year’s edition incredible lineup romhack.io/agenda ⬇️⬇️

#RomHack2024 🎟️ conference tickets 🎟️ available right now
romhack.io/tickets

The #agenda is online, check this year’s edition incredible lineup
romhack.io/agenda

⬇️⬇️
Cyber Saiyan / RomHack Conference, Training, Camp (@cybersaiyanit) 's Twitter Profile Photo

The before-lunch #RomHack2024 speakers will be Alex Plaskett Alex Plaskett & McCaulay Hudson McCaulay starting @ 11:55 (18 Sept) 🚗 Revving up: the journey to pwn2own automotive 2024 🚗 ⬇️

The before-lunch #RomHack2024 speakers will be Alex Plaskett <a href="/alexjplaskett/">Alex Plaskett</a> &amp; McCaulay Hudson <a href="/_mccaulay/">McCaulay</a> starting @ 11:55 (18 Sept)

🚗 Revving up: the journey to pwn2own automotive 2024 🚗

⬇️
RET2 Systems (@ret2systems) 's Twitter Profile Photo

A few months back we submitted two exploit chains to the first ever Pwn2Own Automotive competition. We just released a blogpost (part 1 of 2) detailing the bugs we abused to remotely exploit the Phoenix CHARX industrial EV charger and win $60,000 🔥🔥 blog.ret2.io/2024/07/17/pwn…

Alex Plaskett (@alexjplaskett) 's Twitter Profile Photo

Happy to also be speaking at 44CON with McCaulay on “Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 2024” in September! 44con.com/44con-2024-tal…

TheZDIBugs (@thezdibugs) 's Twitter Profile Photo

[ZDI-24-1044|CVE-2024-23929] (0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Directory Traversal Arbitrary File Creation Vulnerability (CVSS 7.3; Credit: NCC Group EDG (@nccgroupinfosec McCaulay Alex Plaskett)) zerodayinitiative.com/advisories/ZDI…

Alex Plaskett (@alexjplaskett) 's Twitter Profile Photo

🇬🇧Next week, Thursday the 19th 17:00 GMT McCaulay and myself will be presenting "Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 2024" at @44con in London 🇬🇧 Will be good to catch up with the UK crowd!

🇬🇧Next week, Thursday the 19th 17:00 GMT <a href="/_mccaulay/">McCaulay</a> and myself will be presenting "Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 2024" at @44con in London 🇬🇧

Will be good to catch up with the UK crowd!
NCC Group Research & Technology (@nccgroupinfosec) 's Twitter Profile Photo

Don't forget tomorrow at 17:00GMT Alex Plaskett and McCaulay will present at @44con on Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 2024! #Pwn2Own #CyberSecurity #infosec #EVSecurity #VulnerabilityResearch

Don't forget tomorrow at 17:00GMT <a href="/alexjplaskett/">Alex Plaskett</a> and <a href="/_mccaulay/">McCaulay</a> will present at @44con on Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 2024!
#Pwn2Own #CyberSecurity #infosec #EVSecurity #VulnerabilityResearch