Olivia
Online
Pascal
@Pascal_0x90
Memes | Coffee | I apparently use Emacs now | CTF with Shellphish | Malware | All posts and thoughts are probably from Stack Overflow | Tick 196 enthusiast
My Desk
Joined February 2019
1.5K Following
499 Followers
1.7K Posts
Hello hackers! We're running a study about fuzz harnessing on https://t.co/yjFhiLYJXt! Go learn a bit about fuzzing and get a gift card at the same time :-)
This is the first of hopefully some more material around the topic in the next few months, so stay tuned for that as well!
https://t.co/ZxV9OmLRRN
https://t.co/dNDCv6s9w4
https://t.co/GoK1jLhCq3
You've seen the trends in AIxCC: LLMs can hack source, find vulns, and patch them. But what about on binaries without source? Do decompilers close the gap, or is there more to grow?
Come see my talk at DistrctCon where I merge and dissect these two fields: AI Hacking + Decomp.
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
Who to follow
VIE
@vie_pls
DEF CON CTF winner/organizer - BBB
Adam Doupé 
@adamdoupe
Former DEF CON CTF organizer. Professor @ASU. Web, system, and network security. Loves CTFs. Hacks w/ @shellphish. Hosts @ctfradiooo. Open DMs.
[email protected]
@Zardus
Retired @DEFCON CTF org, @Shellphish Captain Emeritus, @ASU Prof, @angrdothorse hacker, @pwncollege sensei, @ACE_Inst Director.
You are probably gonna hate me for the title of this blogpost, but, here is a quick peek into one of the most surprising components of our @DARPA AIxCC CRS: DiscoveryGuy.
https://t.co/QQOFtdql4V
(Planning to publish a few more of these "quick peek" into the system 👀)
It’s a shame to see people try to destroy the reputation of a community that’s seeking to help people learn the intricacies of computers through game hacking. I hope anyone caught in this crossfire sees the quoted tweet and knows GH isn’t the one being adversarial
Spreading the awareness on this. GH is one of those amazing communities for helping improve the diffusion of knowledge in not just the GameHacking scene but also the general hacking/cybersecurity scene. If you haven’t heard what’s happening to GH I recommend checking this tweet.
🚨 Official Statement from Guided Hacking Regarding Malicious Impersonation & Fraudulent DMCA Campaign 🚨
To our community, fellow content creators and platform partners:
We are issuing this statement to address a serious, ongoing problem: a malicious and fraudulent campaign by cybercriminals who are impersonating Guided Hacking with the stated intent of "destroying Guided Hacking's reputation forever".
We understand the confusion and anger this has caused, and we are committed to resolving it.
Here are the facts:
1. The Problem: A Coordinated Attack on Our Reputation
Cybercriminals are submitting fraudulent copyright strikes claiming to be from Guided Hacking. This is a deliberate effort to ruin our reputation within the community by targeting game hacking YouTubers and other creators.
To be unequivocally clear:
Guided Hacking is NOT sending these fraudulent notices. We are the targets of this impersonation, just like the creators who have been affected. We have been under constant attack for over a decade by cybercriminals because we reject them as our peers. Guided Hacking has always been 100% devoted to education, not cybercrime.
Specifically, be aware of fraudulent notices sent by individuals or entities claiming to be:
Lukas Feiler at Baker McKenzie (impersonated)
Myxelo (a fake, AI-generated legal entity)
These parties are NOT authorized to represent Guided Hacking. Any DMCA takedown notice from them is fraudulent.
2. Important Clarification: We Do Issue VALID Takedowns
This situation is complex because we must protect our intellectual property.
Our authorized agents do send ~15 legitimate DMCA takedown notices per week. These are 100% valid and target people who knowingly and willfully are distributing our copyrighted content.
Because we issue legitimate takedowns, and this third party is now sending fraudulent takedowns in our name, it is crucial that every takedown notice is treated on a case-by-case basis.
Please do not assume all notices are fraudulent, as this would allow piracy of our work to continue unchecked.
3. Our Actions to Fight Back
We are not taking this attack lightly. We are actively working to stop these criminals and have already taken the following steps:
Preparing Legal Action: We have identified the individuals responsible for this campaign and are preparing legal action against them.
Platform Collaboration: We are working directly with YouTube to report the fraudulent activity and help them distinguish between our valid notices and these forgeries.
Assisting Creators: We are in direct contact with all affected YouTubers who have reached out to us, providing evidence and support to get their content reinstated.
Notifying Impersonated Attorneys: We have informed the real attorneys being impersonated so they can also take action.
4. What to Do If You Have Been Affected
If you have received a DMCA takedown notice claiming to be from Guided Hacking, we are here to help you resolve it.
Do not panic.
Please use the contact form on our official website to send us all the details of the notice you received.
Our team will investigate immediately to A) verify if the takedown is fraudulent and B) provide you with the necessary support to get your video reinstated if it is.
If you report a valid takedown as being fraudulent, we will not personally respond, our attorney will reach out to you instead.
We are committed to helping every creator who has been unfairly targeted by this malicious campaign. We will continue to post updates on this matter exclusively on our official Twitter/X account: @GuidedHacking.
Thank you for your understanding and for helping us spread the word.
Sincerely,
Guided Hacking
🚨 New blog post: ELEGANTBOUNCER - Catch iOS 0-click exploits without having the samples.
Features iOS backup forensics & messaging app scanning for iMessage, WhatsApp, Signal, Telegram & Viber attachments.
🔗 Link -> https://t.co/tFnJDrFT0M
Great challenge in SekaiCTF by @qynln based on my WASM escape talk/article. I especially like the Symbol.toPrimitive trick for better function calling, also allowing for control over thisArg!
https://t.co/v1cJ5SA712
Need some good read for the weekend? Check the master thesis "An In-Depth Study of Smart Building Systems: Firmware Analysis and Device Emulation" here https://t.co/UU5O0oA1w4 Beside the usage of EMBA I like the Kernel and GCC analysis in the paper. Good job and valuable feedback
I Just documented a cool way to authenticate proxied tooling to LDAP in an AD environment using C2 payload auth context, without stealing any tickets or hashes!
Keep tooling execution off-host and away from EDR on your Red Team assessments!
https://t.co/VLE2Kh4idY
Secure enclaves in post-exploitation world.
A strategy to exploit vulnerable enclave DLLs and transform ROP-based execution to hide implant memory during sleep.
Fantastic post by Cedric Van Bockhaven (@c3c) of Outflank Team (@OutflankNL)!
Source: https://t.co/bkxXYo5YO7
#redteam #blueteam #maldev #malwaredevelopment
I know a lot of people will hate me for saying this but it has to be said. I get a lot of DMs saying RT is getting harder everyday, traditional loaders dont work anymore, opensource tools tend to crash or get detected instantly. But wasnt that the whole point of Red team? Thats why red teams get paid way more than PT/appsec. RTs are not supposed to be easy, its not just about stealing the first kerberos ticket/Ad Cert and becoming DA. You get paid for the expertise. If you have the same skills as that of general appsec/strategic team, then why would you get paid more? Somehow somewhere someone thought that RTs can be easy money and started providing cheap RTs, providing general PT in the name of RTs, confusing amateur orgs between RT and PT, but infact Redteam was always about research, helping the target organization improve their defense and find flaws in creative ways, or to identify the effects of an adversary. If you have done that and succeeded in improving the security of the org, then it means the next one to improve is you. You cant pray for weak security while doing redteams. Challenges make you better. Staying constant is for the weak.
For my last year of DEF CON CTF with @nautilus_ctf I created a deck-building card-game named Nautro, written entirely in ZIG
Play cards to produce resource chains to increase your total energy
Most easy vulns found during the game were patched, I challenge you to exploit it!⬇️
My article "High-Performance Network Scanning with AF_XDP" has been released on the 72th issue of Phrack.
https://t.co/jZKuvNrfD1
Tomorrow 7 PM PDT! Livestream w me and @MalwareTechBlog. We’ll look at this month’s Patch Tuesday, dissect a bindiff, and try to turn it into an exploit. I might also try to get him to solve the STILL UNSOLVED Windows Phrack CTF challenge 🤔 https://t.co/WxqFg26avP
finally got around to writing up my windows exploit from pwn2own vancouver 2024! (plus some notes about using it on xbox) https://t.co/CUHJv2CS4Y
While playing @defcon CTF Finals with @shellphish I managed to solve the ICO challenge using LLMs (GPT5 + Cursor) and almost no human intervention. You can read how I did it here! https://t.co/EcqYZdyIfV
1/ An unnamed source recently compromised a DPRK IT worker device which provided insights into how a small team of five ITWs operated 30+ fake identities with government IDs and purchased Upwork/LinkedIn accounts to obtain developer jobs at projects.
holy shii, someone from @pb_ctf x BlueWater used an background AI agent solve a LiveCTF challenge while that player was still working on it.
https://t.co/dOrgkZKuBq
Last Seen Users on Sotwe
TRD
Seen from Germany
Burnie Zebub
Seen from United States
Karl Albert
Seen from Argentina
Aile İçi Fantaziler
Seen from United States
na7wik ana
酒話醉桑
Seen from Singapore
memek sempit
Seen from Indonesia
istanbul beyi
Seen from Austria
Tetra 🔞.NSFW Animator/Voice Actor
Seen from Chile
Ara Chan 🫶🏻
Seen from Malaysia
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers