Olivia
Online
Alice Climent
@AliceCliment
Malware and EDR stuff @harfanglab 🤓 || PTC || Sister of @h313n_0f_t0r & @lauriewired
xchg eax, eax
Joined November 2018
280 Following
3.4K Followers
2.1K Posts
Pinned Tweet
Curious about what's happening in the Windows Kernel after a Syscall?
I just wrote this post following the worfkflow from the Syscall instruction to the target kernel routine ⬇️
https://t.co/PDc5eXZCyk
Thanks again to @Set_hyx for the proofreading!
The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at https://t.co/bGCIjBfD3C. Launched with:
- Malware Analysis Crash Course
- Go Reversing Reference
- Intro to TTD
I have created a website, where you can share your sample analysis (via links or posts) and search samples for training based on tags and difficulty.
If you write analysis blogs, you can share them there.
https://t.co/9jlkRxfYW5
🚨 A new investigation jointly published by @insidestory_gr @haaretzcom & WAV Research Collective with the technical assistance of @Amnesty has exposed the internal operations of Intellexa, a company notorious for selling Predator spyware.
https://t.co/bjW0GClCSC
You don't have to write super sophisticated malware with 9000 different evasion techniques
Just name it important_file.pdf.exe and have it prompt for UAC. They'll probably allow it
My blog is back online \o/
The new domain is https://t.co/DqSbvPWZ2I
@duckyctf Thna' you 🙏
@artem_i_baranov Absolutely!
I just realized something. The advisory says:
"This issue does not add additional capabilities to an attacker with administrative privileges to damage the attacked system."
Well, that's not true. The PoC allows an attacker to remove EDR/AV files (exe, dll, drivers) and
🤩🔥🔥🔥🤩
Windows Rootkits and Bootkits Guide is available in an eye-friendly design and colors 🕶️🎆🎄 https://t.co/2rUVybPDQV
@artem_i_baranov 4.4 according to them. They choose None for availability. For me it's High 🤷♀️
https://t.co/bOvVKFQPl7
@artem_i_baranov No... But I submited a CVE request to MITRE yesterday.
We'll see 🤷♀️
@artem_i_baranov Yes ! I just need to find the time to write it 😄
@artem_i_baranov yes and no. Usually vuln that need admin priv are not eligible for the bounty (which was ok with me because I wasn't asking/seeking any bounty. However after they analyze my report and PoC they decided to give me 1000€. Which was pretty cool of them !
a registry key, they are able to remove any AV/EDR on a Windows machine. BYOVD Style ( but without interacting directly with the driver though 😅).
If I found the time I'll write a blog post about this vuln
without any tools.
The PoC is using the driver indirectly (via specificaly crafted data in registry keys) to remove ANY files or registry keys after a reboot.
So yes, it adds new capabilities for the attackers to damage the system. Because with just the driver load and data in
Last Seen Users on Sotwe
𓆩 بدر البدور 𓆪
Seen from Egypt
... (evrensel sitem)
Seen from Turkey
TÛRK,ÍFŚÄ
Seen from Germany
Deadlift Dan
Seen from Ukraine
Nude paylaşım 😍
Seen from Turkey
mun 
Seen from Turkey
เสียวโว้ย💦
Seen from Thailand
Türk Sex
Seen from Turkey
U g h t e a Ngeunah
Seen from France
mamajhoe_part2
Seen from Netherlands
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers