Olivia
Online
Andreas Schmidt
@_znow
Security Researcher, Author of WATOBO
Germany
Joined December 2009
925 Following
638 Followers
1.2K Posts
We're mostly an IDA shop at @CellebriteLabs, but I decided to play around with Ghidra. My main motivation was to experiment with agentic reverse engineering techniques. The result is an agent skill for Ghidra, which we are releasing publicly:
https://t.co/mPrNFR8mOq >>
This is really good, @AnthropicAI posted a document on how to apply the principles behind Zero Trust to AI Agents:
https://t.co/bli719l9M4
The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at https://t.co/bGCIjBfD3C. Launched with:
- Malware Analysis Crash Course
- Go Reversing Reference
- Intro to TTD
We got frustrated with dealing with vendor dependencies when reverse engineering large applications. @ITSecurityguard from @SLCyberSec’s Sec Research Team built Hyoktesu to solve this problem forever: https://t.co/rQM2ypLLuW - releasing this today! Blog: https://t.co/KCPSTnFjVN
Who to follow
I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏
https://t.co/1PPuxhs4V9
#bugbounty #pentesting #AI #cybersecurity #infosec #claudeai
@mattshumer_ The @trailofbits security auditing skills! Teach Claude to be an expert bug hunter: https://t.co/vI4amorZrc
Oracle RCE Vulnerability CVSS 10.0 - affecting Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS
https://t.co/jHJ1Ogvz68
https://t.co/KDO1wGrm7C
When asked about LLM memory corruption exploit generation in the 2023-era of models I would often say that they were getting better at code generation but lacked understanding of how that code would execute at runtime, and that was a prerequisite for exploit generation.
This requires reasoning and observation of code transformations through compilation steps, context and understanding of specific details of modern operating systems, memory allocators, caches, file formats etc. and how they affect program runtime. These are all details exploit developers obsess over with surgical precision out of necessity because you must be right every single time or your exploit just won't work.
Since that 2023-era we have seen significant advancements in AI through RL/scaling but also a lot of agentic development. This has allowed the models to not just explore code better but also observe its runtime as it reasons through and builds exploitation primitives.
The section on mitigation bypasses in Sean's writeup demonstrates why these capabilities are so hard to achieve without these advancements. They require the ability to reason not just about the code itself, but about how it will behave at runtime, and observe those behaviors as the primitives in the vulnerability, and the state space they create, are explored.
A javascript interpreter is really a best case scenario for this kind of experiment because the attacker can run arbitrary code to shape the runtime in a way that is conducive to reliable exploitation. But conversely, a javascript interpreter is complex with many APIs that are reenter the Javascript runtime and lead to things like use-after-free vulnerabilities.
This a very exciting time in program analysis and software security. Anyone who doubts this technology as a game changer is not paying attention.
https://t.co/p3va1uUjs0
Ruby received a beautiful website redesign 💎
https://t.co/4uNJy92C6D
"Shopify is the patron saint of Ruby on Rails. Its infrastructure team is the backbone of our ecosystem, and its continued success the best case study of how far you can take this framework and language. They deserve a gawd damn parade for all they do." https://t.co/QuRCRgZW8K
Big news! We made the basic tier of the OpenHands Cloud FREE!
This means that you can call state-of-the-art coding agents from your computer, phone, github, gitlab, slack, etc. for just the price of API credits or hosting your own language model!
🧵👇
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
Ten days left. The warm-up fades. Maultaschen were soft. Bean Beats were dark and burnt. But the beats of #ULMageddon will be brutal! #applyIfYouCan
https://t.co/hSran2yGNW this is so sick. i'm confident if i had the bug i would not have exploited it.
Today I have a more serious topic than usual, please consider reposting for reach:
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/3]
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. https://t.co/JhxnpXPDa5
Blog for ToolShell
Disclaimer: The content of this blog is provided for educational and informational purposes only.
https://t.co/gT0aoKXkig
#SharePoint #ToolShell
oh no
🟥 CVE-2025-32463, CVSS: 9.3 (#Critical)
#Sudo version 1.9.14 to 1.9.17
#Vulnerability allows local users to gain root access via the --chroot option due to improper handling of /etc/nsswitch.conf.
#CyberSecurity #CVE #PrivilegeEscalation
https://t.co/nYZy5HjHkh
PoC Exploit for the NTLM reflection SMB flaw CVE-2025-33073
https://t.co/tkgfd5UnEp
Last Seen Users on Sotwe
★ Girls X-Rated™ 200k+ ★
Seen from Guatemala
Hacı demir
Seen from Turkey
enjoyDiDi
Seen from Thailand
Пан Пачковский
🔞にゃすけ@AI絵(NovelAI)
trakya cuckold
Seen from Turkey
omcong
Seen from Indonesia
Bisexual Cultural Marxist
Seen from Malaysia
Sebastian Gonzalez
Seen from United States
Walley_14
Seen from Turkey
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers