Olivia
Online
Delphos Labs
@DelphosLabs
AI for compiled code – no source needed. Analyze malware & third-party software. Unlock natural language summaries, component manifests, security mitigations.
Joined July 2024
27 Following
73 Followers
25 Posts
DirtyCBC: Local root shell on Linux using a page-cache poisoning primitive in AF_RXRPC’s RxGK path (@DelphosLabs).
https://t.co/JVV2flSBO4
#infosec
One of our security researchers demonstrated a local root shell on Linux using a page-cache poisoning primitive in AF_RXRPC’s RxGK path.
We call it DirtyCBC: a sibling to DirtyFrag in the broader CopyFail / DirtyFrag / Fragnesia family. The issue is fixed on mainline.
The candidate path was surfaced through Delphos’s agentic analysis workflow, then manually verified and exploited end to end.
AES-256 was not broken. It just wasn’t the boundary that mattered.
RxGK decrypted data in place before authentication completed.
Under the right conditions, that write could land in the page cache. The HMAC check still failed and the connection was aborted, but the page-cache mutation had already happened.
Two RESPONSE packets were enough to place a tiny ELF into the cached first page of a readable SUID-root binary. The file on disk stayed unchanged. The next exec produced a root shell.
Full writeup and PoC on the Delphos Labs GitHub.
https://t.co/gmCEub1v2t
If you hear “agentic” three times on the RSAC floor, a startup gets funded.
Just kidding.
What is true? Security is moving from hype to implementation.
Filmed live at @OneRSAC for The Phish Bowl, featuring @DelphosLabs Co-founder, @caleb_fenton.🎙️
https://t.co/wW5JcrxQpI
Stay tuned.
Our automated reverse engineering systems are starting to find vulnerabilities. First of many.
All black box. Only the compiled binary.
Identified using code reasoning.
Responsible disclosure underway.
🎃 Happy Halloween from the Delphos Labs team!
“Ghosts in the Machine” 👻
The only things scarier than hackers? Our Halloween costumes. 💀 Even people who work in the shadows of code need a frightfully good time. No incidents were reported, just excellent costumes.
My employer, @DelphosLabs, is surveying the RE community to optimize the impact of our future development. It's only open for one more week. Last chance to participate! We'd love to learn more about you, your needs, or feedback on the public beta! Try it! https://t.co/nDd91mqGTC
What keeps CISOs up at night?
AI risk. Vulnerability management.
Staying resilient when the pressure’s real.
New threats move fast.
Regulators are louder.
Consumers are losing patience.
Boards want answers.
And AI makes it easier than ever for anyone to write an exploit.
We unpacked all this with CISOs & Security Leaders at our @BlackHatEvents breakfast.
Big thanks to @AverlonAI for co-hosting.
The best convos weren’t on stage — and we’re just getting started.
#BlackHat2025 #BlackHat #Cybersecurity
Security leaders aren’t just fighting attackers,
they’re navigating shrinking timelines, mounting expectations, and unclear signals.
The risks are evolving.
Are your defenses?
Software keeps shipping.
Resilience can’t be an afterthought.
We flagged this binary as Conti-style ransomware before checking threat intel.
All automated.
No unpacking. No signatures. Just behavior:
Threaded loader. AES/RSA encryption. Dynamic API calls.
It screamed “Conti” before we did.
Patterns > signatures.
https://t.co/2np5MeSlaM
XZ backdoor (https://t.co/Te6s0hxcaZ.5.6.1) fully exposed in minutes with Delphos Labs.
Black-box binaries? No more.
Traditional tools would still be unpacking.
That’s software, verified.
Black-box binaries? Over. We ran the xz-utils backdoor (https://t.co/Ugc99PADpt.5.6.1) through our AI and it lit up: runtime JMP patching, custom byte-table crypto, encrypted IPC—caught in minutes. Full teardown 👉 https://t.co/S8vCdeznQd
What would you audit next? #xzbackdoor #ReverseEngineering
🔍 Binary highlight: polished Linux daemon that keylogs X11 + hijacks bash TTYs via ptrace, proxies with a PTY, and exfils keystrokes in raw AF_PACKET frames—no C2, no crypto. Delphos flagged the whole implant in a couple minutes. This went undetected for a while and was setting in my bag of stuff to test against. Really pleased with the result. This is just the free version :) @DelphosLabs
Sample: https://t.co/XWNJ8UOX8g
#ReverseEngineering #LinuxMalware
Binary highlight: “Cyberpunk 7777 / QubePi” ELF. Text-menu game with hard-coded Postgres creds. Every login/chat/coord sent in clear on 5432—no TLS, no sanitization. Delphos auto-exposed the creds & flow in minutes.
Sample: https://t.co/pe4YmTEB5O
#ReverseEngineering
Binary highlight: Modded DXGI.dll that spoofs an RTX 4090, hooks DXGI, and reroutes DLSS to OptiScaler’s FSR/XeSS. Hard to spot—but Delphos auto-flagged it and generated a clear write-up in a couple minutes. Sample: https://t.co/7PY6tBeG7o #ReverseEngineering via @DelphosLabs
📣Survey Alert: Reverse engineers, vuln hunters & malware analysts: help shape automated reverse engineering.
Take a quick survey & tell us what frustrates you the most & what to automate next. 👉https://t.co/Gh0Cpf2Cm5
First look 👉 https://t.co/YZqEGD9YxT #ReverseEngineering
If any of y'all are reverse engineers, my company is trying to automate all the tedium. We could really use your input on what tools you use and what your workflow looks like. We have a survey here: https://t.co/qNHrsT7CCW
Machine Learning Meets Malware. If cognition becomes an API call and malware can be reverse-engineered by an LLM, then what’s left of “zero trust”?
Caleb Fenton joined @patio11 for a chat on AI, nation-states, and the new front in software security.
🎧https://t.co/FcExUUt6tz
@farairesearch @NWeiss Grateful to the @farairesearch team and everyone working to advance safe AI and secure infrastructure.
This isn’t just about today’s risks, it’s about protecting tomorrow’s AI-powered world.
AI is lowering the barrier to attack.
“AI tools are reducing the skill, time, and effort required to create functional cyber capabilities.” — Anthropic & CSET
Nation-state-level offense is now within reach of bad actors. Defenders need better tools, fast.
@farairesearch @NWeiss That’s why we built Delphos Labs.
We equip defenders to analyze compiled code, detect vulnerabilities without source code, and validate software that powers critical systems—before attackers do.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers