Olivia
Online
Will Huang
@In0de_16
Security Researcher (Windows, MacOS)
Taiwan
Joined May 2014
290 Following
185 Followers
274 Posts
The recording of my first Binary Cartography webinar is now public:
Agentic Reverse Engineering: How AI Agents Are Changing Binary Analysis
Topics: keygenning, cracking & anti-tamper removal
Recording: https://t.co/dheTSRkJqP
Slides/code/samples: https://t.co/nAqtcqVs7i
Google has identified an iOS exploit kit named Coruna. 5 full exploit chains, 23 vulnerabilities, documentation in native English, modular architecture. Full professionalism. It must have cost millions of dollars. Who built it? Google doesn’t say, but the evidence points to US government tools. The kit also contains components previously used in a cyber operation that Russia attributed to the NSA.
Coruna traveled. First, an anonymous “company client”, then used by a Russian cyber espionage group, which hid the code on Ukrainian websites inside a visitor-counter script, delivering it only to selected users from a specific geolocation. Later a financially motivated actor “operating from China” deployed it (infecting over 42,000 devices).
The malware added to the ready-made kit was lower quality than the original suggesting the tools were acquired and modified by someone else. One US government subcontractor, Peter Williams, just received a 7-year prison sentence for selling tools to Russian broker Operation Zero. The US government spent millions on a tool that now steals cryptocurrency. A good return on investment, just not for themselves. One more detail: Coruna did not attack devices with Lockdown Mode enabled. https://t.co/cohfv8cSfV
#BREAKNG #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the 🇵🇱 Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5
Who to follow
faulty *ptrrr 
@0x_shaq
technologia!! 🫴🏼 creator of https://t.co/wSeiHuRjxx
Mickey Jin
@patch1t
Exploring the world with my sword of debugger : )
Brendan Chamberlain
@infosecb
Threat Detection Engineer @ Klaviyo and creator of awesome-detection-engineering, LOOBins, Rulehound, Detection Engineering AI Maturity Framework
Information security may seem chaotic, but within that chaos lies opportunity, the spark of discovery that leads to groundbreaking findings.
Join our Research Track to find out some incredible talks!
@vesnafvr @matthiasdeeg @J_kangel @In0de_16 @yaumn_ @wil_fri3d @IgNavarro1
The 12th Annual Flare-On Challenge kicks off Sept 26 at 8PM EST!
Reverse engineering pros, from Windows to Web3 (with a YARA twist), it's your time to shine. 🏆
Get ready → https://t.co/8O6q9qhgvl
#FlareOn12
📢 Just dropped: the full #OBTS v8 talk lineup! https://t.co/WnHCvCdWqm
And for the first time we'll have 3 full days of presentations! 🤩
Congrats to the selected speakers and mahalo to all who submitted. With ~100 submissions, selecting the final talks was a daunting task! 😫
💥🍎 Offensive security on macOS is totally different than Windows or Linux, mostly because the *identity* of a process is quite strong.
Injection 💉 is almost nonexistent due to hardened runtime and sandbox, and the capabilities 🥷 of a process (entitlements) are bound to a digital signature that only Apple controls.
Those two aspects sound fundemental until you realize you get rid of so many issues that modern Windows or Linux have, like validating that a client of an IPC is indeed the intended client.
That alongside SIP, TCC, LaunchConstraints and moving almost everyone out of the kernel makes macOS offensive security unique.
SentinelOne's Phil Stokes (@philofishal) & Dinesh Devadoss (@dineshdina04) provide a technical analysis of the latest version of the macOS.ZuRu malware, along with new technical indicators to aid detection engineers and threat hunters. https://t.co/vF6v06YVPT
"DisARMing" code - an exploration into systems programming, #debugging & #reverseEngineering on #Linux/#Android/#Darwin and #Aarch64! 510+ pages #book in COLOR(!)
https://t.co/IJdPuGsVAa for details, because there's more to detail than the margins of a Twitter message can hold.
📌Ping and Steal
one of the lastest #masslogger malspam campaigns
vs 🇮🇹 tracked by @JAMESWT_MHT (thank you sir) with subtle chain:
iso->bat->ps1->ps1->ping>masslogger
https://t.co/iakAjC5UYj
#malware #italy #malwareanalysis #sicurezzainformatica
continue👇
🚀 New Blog & PoC: Abusing IDispatch for COM Object Access & PPL Injection
Leveraging STDFONT via IDispatch to inject into PPL processes & access LSASS. Inspired by James Forshaw's research!
🔍 Blog: https://t.co/TKdtwuj509
💻 Code: https://t.co/tlppakaLPO
New 0 day dropped:
https://t.co/r8R2eYrUR5
Conclusion:
1. Don’t trust @thezdi , they are too late to handle our reports. One of my reports was submitted in 2024 Jan, but it is still not disclosed to the vendor. No reply from the ZDI yet!
2. Don’t trust the Parallels security!
My 10k-word writeup on exploiting a heap-overflow in Llama.cpp's RPC Server's Tensor-operation to RCE. This by far is one of the most challenging but fun exploitation I've ever researched on.
https://t.co/aPLJyDF4Vq
Think you’ve got what it takes to pop shells and snag your ticket to... @REverseConf and @offbyoneconf ? 😏
https://t.co/Bof9oxLd6z
📹 In this episode of Zoom In Zoom Out on @taiwanplusnews, The Citizen Lab’s senior researcher Rebekah Brown (@PDXBek) talks about the commercial spyware industry, its misuse by governments, and the urgent need for regulation.
https://t.co/qBwEJuhItm
As promised, I just dropped a dozen new sandbox escape vulnerabilities at #POC2024
If you missed the talk, here is the blog post:
https://t.co/zTcENNrZun
Slides:
https://t.co/sWztf0ygM4
Enjoy and find your own bugs 😎
Finding #TeamViewer 0days
Part 1 - The story begins
https://t.co/xuc0N2TpAE
Part 2 - Reversing the Authentication Protocol
https://t.co/OVNLZW7YUP
Part 3 - Putting it all together. PARTY TIME
https://t.co/zKRMs2xLb0
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers