Olivia
Online
sailay(valen)
@404death
Just an idiot, a tiny presence in an infinite universe. S-1-5-7
Joined April 2013
699 Following
4.7K Followers
4.3K Posts
Pinned Tweet
Skip the LSASS theatre ... walk the $MFT, take the hive, leave no minidump behind.
Someone tell Microsoft they forgot to add RoguePlanet
https://t.co/xo7xLTuDWq
https://t.co/AeIdwj23cp
Your agents can install and use it with `pip install declib && decompiler install-skill`. Find the code here:
https://t.co/kP1wMmSp6S
Happy hacking! I plan on using it for more multi-binary targets where many decompilers can help (see other research).
Who to follow
BRute Logic
@BRuteLogic
#CyberSec #AI | #XSS #SQLi #SSRF | #Bypass #Recon | @KN0X55 | https://t.co/u13UVOyMLH | https://t.co/9vBkBKbtTw | https://t.co/rPNLkkPaWM | https://t.co/NjpWguuoov
Swissky
@pentest_swissky
RedTeam | Pentest
Author of PayloadsAllTheThings & SSRFmap
https://t.co/w1ZLRqoafG
Orange Tsai 🍊
@orange_8361
This is 🍊
@WeirdQuadratic dafuq, what kinda toxic ppl send something like this shit ? How do people even go out of their way to harass someone who has nothing to do with them? omfg
My Windows reverse engineering and exploit research workflow has been:
1. Pick a binary to research like tcpip.sys
2. Use https://t.co/fOxBB6tEsN to automate seeing existing binary versions, download, and generate diffs from them
3. Load the resulting .binexport's and .bindiff into an LLM and ask it to analyze
4. Look up the build number of previous Windows version that old binary existed in from https://t.co/U788ndiJbj such as 26100.8328 and create a VM from it
5. Write code and test, working backwards from LLM analysis
If you’re not up to speed with the risks of malicious vscode extensions, just a reminder, we blogged about this 3 years ago - https://t.co/JSbFwV5NoO @MDSecLabs
It's confirmed, CVE-2020-17103 patch is ineffective and the vulnerability still exists,
A weaponized PoC can be found here -
https://t.co/7hnamkLsS1
Tested against fully patched Windows 11 and Server 2025 machines.
Two more zerodays - https://t.co/kUgSQqq0s8
Warning: Long Tweet!
I've been thinking a lot about the forthcoming knowledge gap in hacking and vulnerability research, though it applies far beyond just that.
One part that makes me a bit sad is that those coming into the field in the future will never know what it was like during the early days of going to DEF CON, sitting at tables or in hotel rooms with like-minded individuals to work through solving problems both together and individually, and being forced to use your brains and your knowledge... Never giving up! I'm sure that for many of us that the amount of time spent on manually reversing, debugging, coding, etc... could be quantified in literal years of our time spent on this planet. But it was always worth it... Or at least always a learning opportunity!
At the same time it's incredibly exciting to be alive having that same knowledge in the AI-era! I don't know that I've been this "energized" about the industry in a long time. I needed to write a Python app today to work with Ollama, a model, and Streamlit that would have taken me days on my own. Instead, I created it far faster than I could have on my own, and after only a couple iterations I had something solid and working well using AI.
My point however, is that I've been struggling with trying to answer a couple of questions:
1) How will those coming into the field gain the necessary knowledge in coding, reversing, debugging, etc... to be effective, to identify hallucinations, to understand the who, what, where, when, and why, and to identify new classes of vulnerabilities if AI is performing all of the work and everything is handed up on a silver platter?
2) How important is it for those coming into the field to need to understand those things? ...and if still important now, for how long?
I have more questions of course but those are two of the big ones...
A lot of the things that I'm able to automate now are of course due to AI first and foremost, but there's the big secondary piece. It's the fact that I've been doing vulnerability research for a very long time and I know a lot of the who, what, where, when, and why...
I've decided that on the @offby1security channel I'm going to start a new set of pre-recorded videos, separate from the weekly streams, where I simply cover foundational things that you cannot easily learn without having the practical experience. I need to put more thought into it but will figure it out through experimentation. Even if it only helps a small number of up and comers it's worth it to me.
I'm a firm believer that even with all of the AI and automation options that paying your dues in understanding how things work "under the hood" remains crucial. If ever there was a time to not be complacent... it's now!
I think that with this gap, and the decline in junior positions and apprenticeships, that Universities are going to need to figure out new ways to help prepare students for this new era.
Sorry if I'm coming across all "philosophical" but this has been nagging me for some time now. If you agree or disagree I'd love to hear your thoughts on the matter as I'm still trying to land on an answer.
I published a new "security research" post, and for once, it’s not about Windows 😅
This time I took a look at the myAudi connected vehicle platform and its APIs..🤓
Curiosity drives security research, no matter the target
Read it here 👇
https://t.co/QLYEHaMI29
First blog post in the new series. Just really short and basic as an introductino post. I don't really have a direction in mind for this series, but lets just generate scripts with Claude, and try to find 0days without getting too technical, hehe: https://t.co/6i9lnqqb9W
Building the 0-Day Machine: Autonomous Vulnerability Research with Claude Code & MCP. 🤖💀
https://t.co/YitxAQCPX6
In response to CVE-2026-33825 (BlueHammer patch),
The RedSun, a new unpatched windows defender EoP vulnerability has been publicly disclosed and can be found here -
https://t.co/4nRcWSbuBv
New Mimikatz
Researchers took an old version of Mimikatz and taught it how to dump credentials from the latest operating systems!
The research: https://t.co/JxZwg135Mr
The repo:
https://t.co/Lpsu09AMng
#redteam #pentesting
Last Seen Users on Sotwe
El culito más hambriento de CDMX
Seen from Mexico
haayes
Seen from Malaysia
N A I P O N _🧸
Seen from Thailand
สาวใหญ่
Seen from Thailand
🪖MilitaryNewsUA🇺🇦
Seen from Kuwait
rin
Seen from Turkey
แนวครอบครัว {ลูกเย็ดแม่แท้ๆ}
Seen from Thailand
yujin
Seen from Indonesia
Hamdard
Seen from France
Dul Ebrar
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers