Olivia
Online
0xsysenter
@0xsysenter
Joined June 2017
688 Following
154 Followers
1K Posts
Pinned Tweet
New year, new blog! I am pleased to announce my personal blog is now online at: https://t.co/Eu0UoQiTeZ. If you are into reversing and/or iOS, there is already a mini-series of 3 posts regarding iOS apps reverse engineering. More posts and topics will be added in the near future!
We’re opening the Exodus research vault.
Over the coming weeks, we’ll publish technical writeups highlighting vulnerability research, exploit development, and deep reverse engineering from our team.
First up: Michele Campa’s Adobe Acrobat Reader Escript.api use-after-free RCE.
https://t.co/iycMuZQLix
#VulnerabilityResearch #ExploitDevelopment #ReverseEngineering #OffensiveSecurity #CyberSecurity
We achieved a guest-to-host escape by exploiting a QEMU 0-day where the bytes written out of bounds were uncontrolled.
Full breakdown of the technique, glibc allocator behavior, and our heap spray/RIP-control primitive ↓
I don’t want to connect my coffee machine to the wifi network. I don’t want to share the file with OneDrive. I don’t want to download an app to check my car’s fluid levels. I don’t want to scan a QR code to view the restaurant menu. I don’t want to let Google know my location before showing me the search results. I don’t want to include a Teams link on the calendar invite. I don’t want to pay 50 different monthly subscription fees for all my software. I don’t want to upgrade to TurboTax platinum plus audit protection. I don’t want to install the Webex plugin to join the meeting. I don’t want to share my car’s braking data with the actuaries at State Farm. I don’t want to text with your AI chatbot. I don’t want to download the Instagram app to look at your picture. I don’t want to type in my email address to view the content on your company’s website. I don’t want text messages with promo codes. I don’t want to leave your company a five-star Google review in exchange for the chance to win a $20 Starbucks gift card. I don’t want to join your exclusive community in the metaverse. I don’t want AI to help me write my comments on LinkedIn. I don’t even want to be on LinkedIn in the first place.
I just want to pay for a product one time (and only one time), know that it’s going to work flawlessly, press 0 to speak to an operator if I need help, and otherwise be left alone and treated with some small measure of human dignity, if that’s not too much to ask anymore.
Who to follow
André Baptista 
@0xacb
Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
Signal Labs
@signal_labs
Offensive Security Training @ https://t.co/YNoQ3kqJ6Z
Samples: https://t.co/IAsHBhVaH3
Business Inquiries: https://t.co/tRxhJMpyzV
Dinesh Shetty
@Din3zh
Mobile/AI/IoT/Web security; Trainer & Speaker @BlackHat/DefCon/POC/OWASP/Hackfest...; Day job as Director of Security Engineering; #OSCE #OSCP #OSWE #CCISO...
Don't panic now, but LLM-based agent discovered a previously unknown real-world vulnerability. Details in https://t.co/AS4V0J4Mcp
In a new guest blog, @cogallag describes the bug he used to exploit #Oracle #VirtualBox at #Pwn2Own Vancouver. He gives an in-depth analysis of how he used a race condition to win $20,000 at the contest.
https://t.co/yrgXTCj2HV
We're naming names 🔥 because the harm is not hypothetical.
Today we share "Buying Spying", our new report diving into the commercial surveillance/spyware industry. We dive into the players, the campaigns, the spyware, & the harm it perpetuates.
https://t.co/D8Lx4wRrw6
Excellent writeup by @saidelike on exploiting a use-after-free in Linux kernel 5.15 (Ubuntu 22.04) (CVE-2022-32250)
https://t.co/NKTlRmplK6
#Linux #kernel #cybersecurity
Behind Great Walls: LPE in openKylin, a Chinese distro used by large corporates and gov institutions in China 🤠
https://t.co/PeJDfDCnrd
Jailbreaking the Sonos Era 100
https://t.co/CQeOagTCFf
The Era 100 is Sonos’s flagship device, released on March 28th 2023 and is a notable step up from the Sonos One. @NCCGroupInfosec found multiple weaknesses within the bootloader which could lead to full compromise
#sonos
Lots of universal patterns in vulnerability research, which can inform ultra efficient bug hunting.
By way of abstract level knowledge, one tiny tip can suddenly boost your workflows and bring much success
https://t.co/RZCcJt6Llc
Flattered that someone did a writeup for the 2nd hole exploitation technique I used for my CVE-2023-2033 exploit (Korean). Shoutout to the author "Rotiple_"
https://t.co/w6PrZ2Eezl
NEW: Kaspersky releases full details on how they captured the “Triangulation” (suspected US Government) exploits and iPhone spyware targeting their employees. https://t.co/Krladw07eD
This video shows my PoC for libssh CVE-2023-2283 (authentication bypass vuln). The attacker logs in with ED25519 authentication, despite not knowing the private key.
If you missed @saidelike and my @offensive_con talk on Exploit Engineering - Attacking the Linux Kernel it is now up on https://t.co/cGGbit08yZ
Slides: https://t.co/x6XafuC86R
#OffensiveCon23
Apparently, recent Apple Safari in the wild full chain exploit used 3 vulnerabilities:
1/3- Information disclosure within "RegExpGlobalData::performMatch" (CVE-2023-28204):
https://t.co/wOy4Rctzhl
This vulnerability is potentially used to leak information to adjust shellcode.
Here are the slides from @tiraniddo and my talk, "The Print Spooler Bug that Wasn't" this morning at @offensive_con. We take you through our investigation into CVE-2022-41073, an in-the-wild 0-day that Microsoft patched in Nov 2022. #OffensiveCon2023
https://t.co/nM1T5a5XoR
Here are the resources for my talk "Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel" at @offensive_con today.
Write-up: https://t.co/PlA8ailV90
Slides: https://t.co/kZSHsixM4X
PoC for CVE-2022-20421: https://t.co/Pi8qQhJQIZ
#OffensiveCon2023
Leveraging XFG to help with reverse engineering, can your favorite reverse engineering tool do that?
https://t.co/zk3GWyzfiS
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers