Husband | Father | Vet | Threat Intel | Hunter of Threats | Intrusion Analysis. Focused on Malware | Penetration Testing | My opinions plus tweets are my own.
You can explain exactly what CreateProcess does. What happens when you type ls on Linux?
On Aug 17 I'm teaching a 4-hour live tiny masterclass mapping Windows internals onto Linux. Hands-on labs, $59, includes a $59 TrainSec course voucher.
https://t.co/iCxWE7TliB
🤓 After 15 years of threat research, I am building something new!
Today, @SecurityBreakAI officially becomes a company focused on AI Threat Intelligence and AI Security!
The new website is live! Check it out :)
https://t.co/MnKltNrRPV
Congratulations to John Tear & Ahmed Alshammari (@ahmed_vapt) for becoming the first two SANS SEC760 "advanced exploit dev" students to earn the post-course challenge coin. Students must identify multiple Windows Kernel exploit primitives, chaining them together to elevate privs!
I just published the materials of my MIPS reverse engineering workshop from Recon, enjoy :) I've got this strange obsession with cross-architectural malware, and now you can too!
https://t.co/58F6mKWDM1
I am really excited about this one and honored to be presenting our @_CPResearch_ research at @SLEUTHCON next week 🤗💯💪
It's gonna be a ride 😉😁
See you in Washington 💙
@patrickwardle@jbradley89@naehrdine@Helthydriver 6️⃣ "macOS Vulnerability Research"
https://t.co/ySoC88OGPD
Taught by @theevilbit and @gergely_kalman, this *new* training focuses on macOS vulnerability research (VR), with an emphasis on logic flaws and understanding Apple’s unique protections and attack surfaces.
I'm excited to announce that I'll be returning to Vegas for @BlackHatEvents with the FLARE team to help deliver our 4 day advanced class!
This is an almost entirely rewritten course that now features:
✅ Reversing GO and Rust binaries
✅ Leveraging time-travel debugging
✅ Deobfuscating scattered control flow
👉 https://t.co/BRhuHt2dsl
Hope to see you there! DMs are open if you have any questions.
You may have found that some tools offering legacy HTTP+SSE MCP interfaces are fault prone and have connections that break in your agents. I wasted a lot of time on debugging this last year, now I'm publishing some modular middleware to take care of this:
https://t.co/MRzBVJC9FM
The wait is over! mona v3 is now available.
Supports Python 2 & 3,
32- and 64-bit targets,
WinDBG/WinDBGX.
Faster, leaner, broader built for modern Windows debugging and exploit development.
#mona#corelan
https://t.co/8tkCp0wD0C
Sharing is caring 💛
For those who scored #BSidesCharm 2026 training seats, please be in your seats at least 15 minutes prior to session start - if not in seat, you will be considered a NO SHOW and your seat will be given to next in line
AirTouch from @hackthebox_eu is a wireless box featuring SNMP enumeration, WPA2-PSK capture and crack, WireShark traffic decryption, client-side cookie role bypass with a phtml upload, and an evil twin via eaphammer to capture a crackable challenge.
https://t.co/JwFMChHBBJ
I am excited to announce that I will be speaking at @bsidesnash on May 15th. Be sure to attend to see all the latest @volatility 3 plugins against the most sophisticated and devastating malware from the wild!
Memory-only malware leaves no trace on the file system & is commonly used by threat actors ranging from criminal organizations to ransomware operators to APTs. In our @volatility 3 training, students gain deep hands on experience analyzing such threats:
https://t.co/kihCRhwaov
New episode 📢
Ep 172 "SuperBox"
What if there was a device which gave you endless movies and TV shows without ads? Ok great sign me up! In this episode we interview "D3ada55", who found such a device, but as she gazed into it, she discovered it gazing back at her.
https://t.co/FFuZJDUefR
Speakeasy emulator v2.0.0b2 just dropped. Many more improvements by @williballenthin. Please provide feedback before we release v2 in the upcoming weeks.
- https://t.co/7MdrgadxqA
- https://t.co/E4Q9JW0Vq0
Join me tomorrow, April 3rd at 8AM PT for the next @offby1security stream with @psifertex (Jordan Wiens) for a session on "Reversing and Binja: What's New; What's Next!"
https://t.co/BRoM338IiQ