![cr3ghost's tweet photo. While gamers debate kernel anti-cheat, ring-1[.]io was shipping a Themida-protected UEFI bootkit that injects into Hyper-V, manipulates EPT entries, clones game page tables, and hides memory contents below the OS entirely.
After partially deobfuscating their binaries and recovering critical functions, this is what was inside.
Bungie and Ubisoft sued them.
They found $12 million in Bitcoin and kept going.
This is what kernel anti-cheat is actually fighting.
https://t.co/zHjWeLgQ3X
Authors: @BackEngineerLab
#AntiCheat #Malware #InfoSec](https://pbs.twimg.com/media/HJy0UoTagAAO9gt.jpg)
Olivia
Online
Nikhith
@Nikhith_
Incident Response guy | Ex-Threat Hunter @Microsoft | Ex-Red Team @Mandiant |
RCE || GTFO | 🪂 Paragliding P2 Pilot | 🤿 Scuba EXP30
localhost
Joined June 2011
942 Following
1.9K Followers
3.6K Posts
https://t.co/r67jck8ZGo just got a visual refresh 🌟
Explore 600+ documented DLL Hijacking cases, including:
• JSON/CSV/YAML feeds
• Sigma detection content for every DLL
• A single Sigma rule covering all DLLs
Check it out: https://t.co/2PJCgKEZwO
While gamers debate kernel anti-cheat, ring-1[.]io was shipping a Themida-protected UEFI bootkit that injects into Hyper-V, manipulates EPT entries, clones game page tables, and hides memory contents below the OS entirely.
After partially deobfuscating their binaries and recovering critical functions, this is what was inside.
Bungie and Ubisoft sued them.
They found $12 million in Bitcoin and kept going.
This is what kernel anti-cheat is actually fighting.
https://t.co/zHjWeLgQ3X
Authors: @BackEngineerLab
#AntiCheat #Malware #InfoSec
![cr3ghost's tweet photo. While gamers debate kernel anti-cheat, ring-1[.]io was shipping a Themida-protected UEFI bootkit that injects into Hyper-V, manipulates EPT entries, clones game page tables, and hides memory contents below the OS entirely.
After partially deobfuscating their binaries and recovering critical functions, this is what was inside.
Bungie and Ubisoft sued them.
They found $12 million in Bitcoin and kept going.
This is what kernel anti-cheat is actually fighting.
https://t.co/zHjWeLgQ3X
Authors: @BackEngineerLab
#AntiCheat #Malware #InfoSec](https://pbs.twimg.com/media/HJy2lHIbUAA410J.jpg)
On May 26, 2026, at 14:00 UTC, the CrowdStrike Counter Adversary Operations team executed a coordinated takedown of the Glassworm botnet, a global threat targeting software developers through the open-source supply chain. In collaboration with Google and the Shadowserver Foundation, we struck all four of Glassworm's command-and-control (C2) channels simultaneously, severing the operators from their infected machines and their ability to deliver new malicious payloads.
This takedown matters beyond the botnet. Glassworm marked a significant shift in the threat landscape that should serve as a wake-up call for every organization that ships or consumes software. Adversaries are no longer just targeting products, they're targeting the developers who build them.
https://t.co/rl9EVrA371
I once criticized CERT-In on LinkedIn and got calls from terrified employers (past & then present) asking me to remove it.
I said no and proceeded to change all my employment history to ‘Confidential’ to ease their worries.
The reason they panic is because they don’t want to lose their “CERT-In Empanelment”.
CERT-In Empanelment is one of the biggest scams in the Indian cyber security industry.
CERT-In makes you go through several stages of tests (all worthless btw) and then “certifies” you as an empaneled auditing firm.
This status then allows you to bid on government contracts for cyber security projects along with enabling you to serve compliance customers under regulatory bodies.
If, for whatever reason, CERT-In decides to revoke this empanelment, the firm would lose majority of its business.
That’s how CERT-In keeps all the major cyber security firms in India under their thumb.
Who to follow
Matt Hand 
@matterpreter
Building @originhq | Author, Evading EDR @nostarch
Chetan Nayak (Brute Ratel C4 Author)
@NinjaParanoid
Dark Vortex Founder/Brute Ratel Author
Mr.Un1k0d3r
@MrUn1k0d3r
I don't know how to search on Google so I do research on my own and tweet about it. Hacking as a life style
https://t.co/a05mevChzu
If you’re into Impacket you might want to checkout Titanis. Perhaps it’s more opsec safe 🤷♂️
https://t.co/cx2JzY6ta1
Description of all currently implemented #NetExec modules.
Split by protocol, with example command and all module options.
https://t.co/nGpaLvYje2
Lazarus group has been paid ~1.6B in bug bounties last year
🔬 Built https://t.co/BabZ0NwkTR for hands-on malware analysis practice.
14 free challenges + 2 APT labs covering API hashing, shellcode, C2 reversing & full attack chains.
Real binaries. Real questions. No setup.
Discord: https://t.co/fxX32X7nso
During our research, it’s become apparent that EDRs need to do a better job of collecting telemetry from macOS endpoints. Head over to the https://t.co/3uoNBdqpei to checkout the results yourselves. While you’re there, checkout the scores as well to see how they compare.
Out of the ~43 total points, the average is 16… and that’s with one EDR bringing up the average 🙂
Last week we acquired UK-based DeceptIQ.
DeceptIQ (@deceptiq_) is built by red-teamers with a deep desire to turn the tables on attackers. In our ten years of doing Canary, we’ve never seen such a strong natural alignment.
We are super excited to help defenders win, together.
std::vector<bool>
Extremely impressed by the @UIDAI's new website and app. The UI/UX from onboarding to filling an application is completely seamless.
Looks like stellar work by @NICMeity & @GoI_MeitY.
Who's behind this design and execution?
Credit where it’s due! 👏🔥
Any @hackthebox_eu players with Guru / Omniscient rank from India?
Please DM. There's something I got for you.
#CTF
Someone built a web-based System Design Simulator,
where you drag & drop architecture components and actually simulate traffic, failures, latency, and scaling in real time,
System design just got way more interactive.
@NinjaParanoid It's all a spectrum 🌈
Process hollowing isn’t always “unmap and replace.” This post looks at a variant where the original image stays mapped, a second executable is mapped, and execution is redirected. Close enough to matter for defenders.
https://t.co/LxEqvT3Gsw
Last Seen Users on Sotwe
ɢɪʀᴀᴠᴇʟʟᴇ
Seen from Indonesia
Ukhtee
Seen from Singapore
yoyowooh🇵🇭
Seen from India
hallo
Seen from Singapore
KondomsuZKuşak
Seen from Turkey
👇👇BARIS REUS 👇👇
Seen from Turkey
رضا هزاره
Seen from United States
乔乔
Seen from United States
JHB Gooner 🇿🇦🏳️⚧️🏳️🌈 ⛽️🔞💧
Seen from United States
Pecinta Shemale 🏳️⚧️
Seen from United Arab Emirates
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers