Olivia
Online
TrainSec Academy - Where pros train pros
@TrainSec
Learn Windows Internals, Malware Analysis, Malware Development, Hardware Hacking & Code Development from @UrielKosayev, @zodiacon & @The_H1tchH1ker
Joined August 2023
84 Following
953 Followers
522 Posts
A malware sample is a mirror.
Not of the victim.
Of the attacker.
You see what they rushed.
You see what they copied.
You see what they trusted.
You see what they were afraid to expose.
You see what they thought defenders would miss.
That is why malware analysis is not only technical.
It is behavioral.
MAoS was written for people who want to read that layer.
📖 https://t.co/2SI2dw87g7
If you want to understand malware beyond syntax, start here.
#MalwareAnalysis #ReverseEngineering #ThreatResearch #MAoS #CyberSecurity
I did not write MAoS because the world needed another malware book.
I wrote it because I kept seeing the same gap.
People could reverse samples.
People could explain functions.
People could identify techniques.
But many still struggled to understand the operation behind the malware.
That is the part I wanted to focus on.
The thinking.
The context.
The decisions.
The intent.
📖 https://t.co/2SI2dw87g7
If this is the layer you care about, MAoS is for you.
#MalwareAnalysis #ReverseEngineering #ThreatResearch #MAoS #CyberSecurity
NTFS supports ACID transactions (since Vista). Commit, rollback, and CreateFileMapping on a transacted handle: the foundation of Process Doppelganging. New video + write-up: https://t.co/xc85Bqj1iY
Proud to share that my name has been added as a contributor to the MITRE ATT&CK page for T1218.015: Electron Applications.
This is based on my original research, “One Electron to Rule Them All”, covering how Electron apps can be abused for proxy execution through trusted applications.
Research:
https://t.co/8XJ6rIBbDD
MITRE:
https://t.co/69eITJmMcO
More interesting stuff is coming soon, so stay tuned.
#MITREATTACK #CyberSecurity #MalwareAnalysis #ReverseEngineering #EDR
Most malware analysts are good at reversing code.
Very few are good at understanding why it exists.
That difference shows up in real incidents.
You can rename functions.
Trace APIs.
Rebuild logic.
Understand execution flow.
And still miss the bigger picture.
Because malware is not only code.
It is intent.
Pressure.
Tradeoffs.
Operator behavior.
Developer decisions.
MAoS was written for that gap.
https://t.co/2SI2dw87g7
If this feels familiar, you already know why.
#MalwareAnalysis #ReverseEngineering #CyberSecurity #MAoS
One week out: Amichai Yifrach's Secure Boot masterclass on May 18. Terminal only methodology, boot to root shell. 4 hours, $49, $49 course voucher for every registrant.
https://t.co/ujj4Ad3yUy
One week out: @The_H1tchH1ker Secure Boot masterclass on May 18. Terminal only methodology, boot to root shell. 4 hours, $49 + $49 course voucher for every registrant.
https://t.co/ujj4Ad3yUy
@zodiacon just published: working with Windows shell links (.lnk files) in C++ — IShellLink, IPersistFile, OleView interface discovery, and the security angle on .lnk persistence. free read: https://t.co/mJEWBpevqB
EDR bypasses are not impressive.
Understanding why they work is.
Most people stop too early.
📖 https://t.co/wNDmG8Ypny
If you want to go one level deeper, this is for you.
#EDR #DetectionEngineering #MAoS
@The_H1tchH1ker Read the article: https://t.co/j5W4m1S6IU
@The_H1tchH1ker found that a malformed kernel parameter on NVIDIA Jetson Orin gives you a root shell instead of a boot failure.
He wrote it up: "The Hitchhiker's Guide to Breaking Secure Boot" (free, TrainSec library).
On May 18 he teaches the full methodology live. 4 hours, hands-on, LIVE masterclass.
$49 seat. $49 TrainSec course voucher for every registrant.
Masterclass: https://t.co/pLhEjGXNQX
Misled Trust at Scale: Jetson Orin CVEs
If you’re using @nvidia Jetson Orin, this may already be in your product.
My research led to CVE-2026-24154 & CVE-2026-24153
They look like typical vulns. They’re not.
They expose a deeper issue:
systems that verify correctly, but carry development trust assumptions into production.
Result:
→ Root shell during early boot
→ Observe live decryption
→ Extract keys & mount rootfs
(no crypto broken)
Nothing is broken.
Trust just happens at the wrong moment.
And Orin is everywhere: AI, robotics, industrial, edge.
This is not a CVE story.
It’s a production trust failure.
Full breakdown 👇
https://t.co/QfNm6CHRqU
Not all bad code is bad.
Sometimes it is rushed.
Sometimes it is reused.
Sometimes it is intentional.
Sloppy code can tell you:
– how experienced the developer is
– how fast they needed to deliver
– what mattered and what did not
Those signals are easy to miss if you only focus on execution flow.
But they are often where the real story is.
That way of looking at malware shaped MAoS.
📖 https://t.co/2SI2dw87g7
If you want to start reading between the lines, this will help.
#CyberSecurity #MalwareAnalysis #ReverseEngineering #ThreatResearch #MAoS #TrainSec
@zodiacon on ETW property decoding in C++ (Part 2): TdhGetEventInformation, TRACE_EVENT_INFO offsets, TdhFormatProperty. Full post: https://t.co/EUn8SQ5Orm
@zodiacon walks through real-time ETW event consumption in C++: session setup, enabling providers, OpenTrace, ProcessTrace, and the event callback.
https://t.co/Nld5Awl1np
I'll be teaching a 3-day class "Windows Internals for Research and Development" in person, at x33fcon. Maybe I'll see you there :)
https://t.co/588Jo9jUFP
⏳ I've often found that the best time to teach something, is when you're learning it yourself. Last year I set out to finally learn how to use time-travel debugging in WinDbg - I documented what I learned and that is now a part of the FLARE Learning Hub
https://t.co/XbLeM4mlyo
This attempts to bring every critical concept, command, and query into a single document to get you up and running with TTD!
Last Seen Users on Sotwe
Mako Kano
Seen from Indonesia
nguyenhoangkhanh1091995
Seen from Vietnam
türk 31
Seen from Turkey
คู่แท้ชลบุรี ช.33/ญ.27
Seen from Thailand
mano man
Seen from Algeria
stw enak
Seen from Indonesia
高橋尤美
Seen from United States
Penikmat tubuh Ayu.86
ชอบสาวใหญ รุ่นแม่ นมใหญ่
Seen from Thailand
裏世界探求者
Seen from United States
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers