hex nomad @hexnomad
Joined June 2013-
Tweets601
-
Followers1K
-
Following0
-
Likes1K
@halvarflake Not a cafe, but many of our favourite UK pubs had playgrounds.
Introduction to Windows Cryptographic Services RCE CVE-2024-29050 v-v.space/2024/08/23/CVE…
Micropatches were released for Windows Cryptographic Services Remote Code Execution Vulnerability (CVE-2024-29050)
I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: securityintelligence.com/x-force/little…
In the wake of the CrowdStrike crash event, some interesting articles have been published that explore some perspectives of security vendors in the Windows kernel. I penned a blog for another perspective. @Sean_Endicott_ @happygeek @AndrewWrites fieldeffect.com/blog/the-brass…
My take on this: “… appears to be starting a conversation about…” is corporate speak for “there’s nothing we can do about this and we’re waiting this out”. There’s currently no alternative to running Windows EDRs in kernel mode and there’s not going to be one any time soon.
via @verge – due to the recent CrowdStrike incident Microsoft is discussing migrating security products away from the Windows kernel and into other spaces such as VBS Enclaves or Microsoft Azure Attestation CrowdStrike accidentally leveled the playing field for Threat Actors
After over a decade in cybersecurity I sometimes forget that a lot of tech probably has never heard of Crowdstrike (as is now apparent by all the posts) You’ve probably also not heard of @fieldeffectsoft so here is your chance (no I don’t work for them) fieldeffect.com/blog/recoverin…
Maybe companies shouldn’t have gotten rid of QA teams because “devs can write unit tests and that’s basically the same thing”?
kernel driver dev is hard!! this is why the osr guys are so mean
RCE in SSH, this is a thing of beauty qualys.com/2024/07/01/cve…
@GabrielLandau @hasherezade @reconmtl @BlueHatIL Great talk and research! Definitely got a lot of ideas after listening to it
Thanks to everyone who attended my @reconmtl and @BlueHatIL talks! The exploit and slides are here: github.com/gabriellandau/… If you took any photos during either of the talks, please share them here. Also, please don't hesitate to stop me to say hi!
When embarking on a new vulnerability research project it is important to perform extensive background research into the area to gather as much info as possible to supplement and guide @j00ru describes these learning resources for the Windows Registry: googleprojectzero.blogspot.com/2024/06/the-wi…
Sassy, tongue-in-cheek, but honest recounting of the recent Mitre MDR evaluations:
Very happy to share some thoughts and an inside look at the Field Effect experience of our first participation in a MITRE Engenuity ATT&CK Managed Services Evaluation. So proud of the team, details here: fieldeffect.com/blog/recoverin…
The cynic in me is saying that if you are a secret agent on a counterterrorism mission, it's kinda your job not to have your secret equipment confiscated by the mall cop on the segway, so I think the lady doth protest too much. (Random subtweet)
New blog post "Google: Stop Burning Counterterrorism Operations" My reflection on an incident where Project Zero and TAG knowingly shut down an active Western counterterrorism cyber operation, and the real-world harm that could have resulted from it. poppopret.org/2024/06/24/goo…
New Project Zero blog post by Sergei Glazunov and Mark Brand: Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models googleprojectzero.blogspot.com/2024/06/projec…
Great bug, great talk! I’m sure I’m not the only one who looked at the binder code and missed this :)
Attacking Android Binder: Analysis and Exploitation of CVE-2023-20938 An article by @abc_sup, Gulshan Singh, and @vxradius about exploiting a vulnerability in the Android Binder device driver that leads to a slab use-after-free. androidoffsec.withgoogle.com/posts/attackin…
@guhe120 This happened. It turns out maintaining consistency at 4x-6x the previous volume is a really hard problem. Honestly, a misc CVE field is the least of my worries- inconsistencies in what's considered an "Important" vulnerability is what keeps me up at night 🥲
@chompie1337 Nice work!! And not surprised, I don’t think I’ve ever reported a bug that had all the details correct in the MS bulletin.
chompie @chompie1337
89K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
mdowd @mdowd
33K Followers 754 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
Matt Holland @notnotaspy
2K Followers 144 Following Founder and CEO of @fieldeffectsoft - Co-Founder of Linchpin Labs (now @TrenchantARC) - opinions are my own, and likely wrong
mRr3b00t @UK_Daniel_Card
123K Followers 8K Following Department of Cyber WAR. Member of the Counter Spider Collective. Wielder of AI to defend in Cyber Space. Ralph Vibe Specialist. VibeOps Operator!
Rodrigo Branco @bsdaemon
13K Followers 4K Following Chief Architect, Security Research of BigTech Advisor of Grsecurity. BYOS Commitee Member of OffensiveCon, Langsec, DistrictCon, Secdev
Will Dormann is on Ma... @wdormann
27K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Axel Souchet @0vercl0k
13K Followers 583 Following ¯\_(ツ)_/¯, blogging on https://t.co/36oOc8Mgha and posting codes on https://t.co/P83Oen94Rc.
Oliver Lyak @ly4k_
9K Followers 267 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KI
Julien | MrTuxracer �... @MrTuxracer
39K Followers 443 Following Founder of @rcesecurity | #BugBounty | @Hacker0x01 MVH && H1-Elite | $1,5+ Mio in Bounties | Mobile Hacker | @[email protected]
Alex Matrosov @matrosov
20K Followers 2K Following Security REsearch @Anthropicai · Breaking & Fixing AI Failure Modes | Founder @binarly_io · @SBOM_Tools · @REhints | Author “Rootkits & Bootkits" (https://t.co/1wd2dfYHY6)
Ivan Melnik @IMelnik88079
3 Followers 52 Following
Young Purr🇮🇷 @Iced_Paw
24 Followers 182 Following Child of persia. Possessed by Mobile security, Hellcat and orange cats *** Stack Smashing Detected *** Segmentation fault
joseph9wso @joseph9wso
1 Followers 291 Following
gk98 @98erKAG
41 Followers 2K Following
Bheema @0x5hax
19 Followers 1K Following
/𝚌𝚛𝚔/.𝚓�... @JamRoot0
70 Followers 5K Following Mail Cracker | Tech Enthusiast | RedDevil | MAKE AMERICA GREAT AGAIN!!!🇺🇸 📷♟️♞🎲⚽🏀🎱🎳🏑🛹🎾🏸🏏🏓👨💻💻👾🎭🍾🥃🥂🍻🎸 🎶 🎵🎻🎹🦅🐦🔥🦇🕷️🐞🏴☠️🃏🎩
twis @Twis65640Twis
2 Followers 523 Following
kuvee04 @GamingFreeFire1
41 Followers 840 Following
Scorpiobaobao @Scorpiobaobao1
4 Followers 547 Following
0xEBFB @0xEBFB
0 Followers 292 Following
Carolina Zarate @zaratec4
892 Followers 294 Following Computer security researcher, CTF (PPP/MMM/BBB), CMU alum x2. Just a lil friend excited about security. 🦆 @[email protected]
D4m0n @d4m0n_8
780 Followers 685 Following Vulnerability Researcher & Exploit Developer | Pwn2Own Winner
Yuu @sumaka0322
0 Followers 965 Following
laIala @inv0o0ker
0 Followers 18 Following
pi uui @uui_pi
34 Followers 2K Following
tron swanson @a_h_a_b_
470 Followers 3K Following
Rotem Zucker @RotemZucker
0 Followers 77 Following
itzik shpitzik @ItzikShpitzik
0 Followers 33 Following
annagrammatica1 @annagrammatica1
8 Followers 422 Following
Boris Larin @oct0xor
19K Followers 705 Following Former console hacker (PS3/PS4). Hunting in the wild 0-days at Kaspersky GReAT. All tweets are my own.
xiang yu @yuxiang202411
0 Followers 39 Following
GKarAnThe0nly1 @GeKarantzas
2K Followers 2K Following George Karantzas. - Est. 2001. - BSc Student@UniPi. - Opinions are my own.
GenichiOniFy Ol @genichionify
0 Followers 16 Following
Ju1y @Jack_Ju1y
115 Followers 246 Following Building @TapNow_AI | Developer of @planori_app | Author of linkook | OSCE3 & OSCP Certified
yfo25277 @yfo25277
2 Followers 444 Following
ay666 @ay666247553
0 Followers 36 Following
j0wzin @j0wzin
1 Followers 73 Following
Yonatan Amiga @AmigaYonatan
2 Followers 71 Following
devanits98 @devanits9817220
52 Followers 5K Following
hdt @powerinsea
165 Followers 1K Following
annumeena @annumeena19
75 Followers 8K Following
quiclearner @realquiclearn
8 Followers 1K Following
Danis Jiang @danis_jiang
3K Followers 1K Following Yuhao Jiang / former ctfer @ Vidar-Team / Security Researcher @ Ant Group Light-Year Security Lab / GeekPwn 2022 / Pwnie Awards 2023 / Tianfu Cup 2023Trends for United States
You might like
