Olivia
Online
winterknife ๐ป
@_winterknife_
low-level developer with a focus on ๐ธ๐๐๐๐ ๐ก๐พ๐ผ ISA devices running ๐๐๐๐๐๐ ๐ | R&D @BHinfoSecurity |
Coruscant
Joined June 2017
5.1K Following
5.2K Followers
994 Posts
ย Pinned Tweet
Releasing SILVERPICK, a Windows shellcode development framework using C/C++.
https://t.co/Jk94d3OvMX
This gets even dumber. Microsoft built a VBS enclave into msedge! It protects data even from kernel drivers! That would've been the perfect place to store passwords! And they are using it to store... a bit of static configuration data.
It seems like in the latest preview build(s) ETW functionality has been encapsulated in it's own DLL (ETW.dll) -e.g., ControlTrace/etc. are now exported by this DLL instead of sechost/ADVAPI32/etc. Seems to just be code re-org (for now) - but maybe the future will reveal more!
New Zero Day Engineering research: Chrome Exploit Mitigations, by @alisaesage https://t.co/vMRAk24Zhi
Weโre opening the Exodus research vault.
Over the coming weeks, weโll publish technical writeups highlighting vulnerability research, exploit development, and deep reverse engineering from our team.
First up: Michele Campaโs Adobe Acrobat Reader Escript.api use-after-free RCE.
https://t.co/iycMuZQLix
#VulnerabilityResearch #ExploitDevelopment #ReverseEngineering #OffensiveSecurity #CyberSecurity
@3mdeb_com Well, I always wanted to build a hardware-based password manager.
Not that I really need the UL SoC variant, it's more of a defense-in-depth-type scenario (encrypted RAM, CAAM black keys, cryptographic acceleration via PKHA, HW support for AES-256, better TRNG).
Fresh @safebreach Labs research! ๐ฅ
CVE-2025-59199 breaks down a highly creative low-integrity Windows LPE path.
Learn how Notifications, COM objects, URIs, DevTools, and Windows Apps chain together in a single exploit. Great work team! ๐
https://t.co/1PgKB1WIxe
I'm tired of my tools getting sig'd so I built a pipeline to keep our tools alive for longer and bring some classics back.
Post 1 of 3 is live now. The final post will drop our Go/C# -> WASM toolchain. It builds #Sliver, #Chisel, and some of #GhostPack.
https://t.co/yFF65A8MQO
Reverse Engineering - Resolving Confusion Over PsGetCurrentProcess, PsGetCurrentProcessId and PsGetProcessId - Using WinDbg to understand dependency between KPCR, KPRCB, K/ETHREAD, K/EPROCESS and KAPC_STATE structures. https://t.co/VJH5P1pYn5
RedSun: Exploiting Windows Defender's Remediation Workflow for Local Privilege Escalation
Just showing some appreciation for @ChaoticEclipse0's excellent work. Hopefully this won't get us banned!
https://t.co/Z4zbaa2Jcd
Spent the last 2 weeks working on a devirtualizer for VMProtect 3.5 and learning Remill. Idk yet if I will blog about it, but I at least wanted to publish the code:
https://t.co/GLqKWpOOU7
The approach is different from my last blog, as it lifts the whole x86 code of the VM
@G3tSyst3m @NytroRST But you see, it is not Memory Integrity / HVCI's mandate to restrict a WHQL-signed driver from loading.
It could be prevented by the WDAC blocklist tho which you showcase quite well at the end of your blog post, might I add.
Anyway, didn't mean to bring you down, cool stuff!
Gargoyle a decade later
https://t.co/QJSTvwxsyY
@4D4J_ Right now, none of the three techniques that I showcase can "bypass" HVCI.
PFN swapping is one of the few techniques that work against HVCI and KDP.
https://t.co/GrbInqP4QQ
Updated my project to bypass write protection via PTE manipulation.
HVCI / KDP will prevent this technique by marking the code / data page as read-only in the SLAT entry.
Do note that the Dirty bit is clear in the PxE despite the page being written to.
https://t.co/IMPevg6mws
Made a small project to bypass write protection and write to read-only pages in kernel space.
Nothing novel here, but the code is well commented for your reading pleasure.
I hope you will find it useful in your no doubt questionable endeavors :)
https://t.co/nfywedsWnM
I originally prepared this bug for Pwn2Own Berlin. A few days before the contest, a CVE got assigned. So, here is my technical analysis and exploitation strategy for CVE-2026-40369: a 12-byte kernel increment, exploitable both as an LPE and SBX.
https://t.co/agxyuR2AjE
Did you know that Windows processes fundamental to Operating System security run in Isolated User Mode and can not be debugged ?
Well that's true except when it isn't.
Here @fdfalcon provides a step by step guide to do it
https://t.co/Gya2QELd8O
#Windows #ReverseEngineering
@tacbliw Yeah, that's what I do too.
Thought I'd try debugging it using nested virt on an old Linux host for a change.
I mean I know it'll be slow af and unsuitable for fuzzing but I can't even get it to boot lol
Has anybody ever tried debugging Hyper-V running on VMware hypervisor, over serial port emulation via named pipe?
After the initial break in WinDbg on the debugger VM, the debuggee VM just hangs and never finishes booting.
Last Seen Users on Sotwe
aลk adamฤฑ
Seen from Turkey
Desi Cuck ๐
Seen from Pakistan
madamnangfa
Seen from Thailand
tรผrbanlฤฑ delisi
Seen from Turkey
Walley_14
Seen from Turkey
Sex with StepSis (Nikita)
Fahri Altin
Seen from Turkey
Halis Bayancuk 
Seen from Turkey
gokhantest
Seen from Thailand
Lonte'a china
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers