Olivia
Online
Denis Skvortcov
@Denis_Skvortcov
Independent information security researcher • Lead application security researcher at AppSec @Kaspersky • OSCP OSWE
Joined August 2020
105 Following
636 Followers
92 Posts
Pinned Tweet
I’ve written my first blog post - write-up for CVE-2021-23874! How to enumerate COM-objects attack surface, explore implemented functionality and exploit it https://t.co/Yx9SYiukXl
CimFS: Crashing in memory, Finding SYSTEM! @cplearns2h4ck dug into Microsoft CimFS, found a sneaky 0-day, and guess what? The fix by Microsoft was just locking the door 🔐on unprivileged users. 😂
Dive into the adventure with us: https://t.co/7g30HpmFzG
🔥 Last barrier destroyed: The compromise of Fuse Encryption Key in Intel CPUs!
Full story by our researcher @_markel___
https://t.co/bOpUh9E9XB
Excellent write-up on CVE-2024-38063 by Marcus Hutchins.
https://t.co/jCIyZ8pB6F
This was my first time ever reversing tcpip.sys and despite making many mistakes along the way I have learned a ton.
Today, Angelboy (@scwuaptx) revealed his Kernel Streaming research! 🚀 Check out how he uncovered this overlooked attack surface, leading to pwning Windows 11 at #Pwn2Own Vancouver 2024:
https://t.co/sPrNqjPoDO
#WindowsKernel #MSRC
Our team has uncovered multiple memory corruption vulnerabilities in FreeRDP and Suricata. These flaws could potentially expose users to significant security risks. Read the full report in blog post to understand the issues and how to protect your systems https://t.co/vK7ImtmlI8
The time has come, and with it your reading material for the week.
Phrack #71 is officially released ONLINE! Let us know what you think!
https://t.co/BRnK9lnGjI
🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!
I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz
In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. https://t.co/Flsas2jJtv
🔮NEW RCA!! A few hours after it was patched, TAG found an ITW exploit sample for CVE-2023-36802. @benoitsevens analyzed it in detail ✨
https://t.co/uPkFuA5KPm
Who needs a 0-click when you have MITM? ✨ Working with @billmarczak & @citizenlab we discovered 3 iOS and 1 Chrome 0-day from Intellexa, used to install Predator spyware in Egypt 🇪🇬
https://t.co/5KF5v4xEnr
Excited to share my hardest research about UAC 🤯
"Bypassing UAC with SSPI Datagram Contexts" 🔥
Enjoy the read! 👇
https://t.co/cHhBeJmXQS
finally... hello, PS5 PSP :)
First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! 🔥 AMD have just released updated microcode for affected systems, please update! https://t.co/NVPWFpVopz
I’ve found new vulnerability CVE-2023-1586 in Avast Anti-Virus restore malware functionality that could allow an attacker to gain SYSTEM privileges and execute arbitrary code! Details in my new short post https://t.co/5xYHPavQgi
Thanks to everyone who attended my Black Hat Asia talk! You can find the slides here: https://t.co/WSlY8GQRh6
Did you know that just a few month ago, if Avast quarantined your malware, it wasn't a problem, it was the opportunity.. to gain SYSTEM privileges and execute arbitrary code! Details of exploit chain CVE-2023-1585 and CVE-2023-1587 in my new post https://t.co/APH64sEz0U
Root cause and exploitation analysis of CVE-2022-45770 is now available in English and without a paywall - https://t.co/4pkQpDMeS8. Enjoy reading!
My former colleague just published walkthrough about @AdGuard kernel driver CVE-2022-45770 identification and exploitation. Fascinating reading and good introduction to windows kernel exploitation https://t.co/QDtd9GPEvD
Time for a new blogpost! Let's do a CHERIoT walkthrough - including a straightforward setup, understanding how we kill bug classes and mitigating attacks on our minimal TCB through practical examples, and more fun! https://t.co/GjeX2ntZUK
@timmisiak Indeed it works and seems simpler. Thank you 😊
(1/4) Just read the very useful article by @timmisiak
https://t.co/ifXE5wKkg4
This post is a really good cheatsheet on remote usermode debugging but I think there is missing super valuable (at least for vulnresearch) method of debugging system services
@timmisiak On target:
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MyService.exe" /v Debugger /t REG_SZ /d "/your/path/to/dbgsrv.exe -t tcp:port=1025 -sifeo MyService.exe -pc" /f
On host:
WinDbgX -premote tcp:port=1025,server=mytarget -cimp
Last Seen Users on Sotwe
Săn trai đẹp siêu hot
Seen from Vietnam
Asupan Nikmat
Seen from Singapore
Gabriela Velázquez
Seen from Guatemala
啊念抖音风pmv剪辑
Seen from Vietnam
Cu_tys
Seen from Vietnam
burak alioğlu
Seen from Belgium
Uflash Flagras Brasil 🇧🇷
Seen from Netherlands
huma shahzadi
Seen from Pakistan
Iran Porn
Seen from Turkey
Mê Vú Trai Gym
Seen from Vietnam
Most Popular Users
Elon Musk 
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.3M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.6M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.3M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers