default itsec guy @bongoalex - Twitter Profile

14 days ago

Phantom Killer: EDR evasion via Lenovo driver Researcher Jehad Abu Dagga from e& UAE (etisalat and) reverse-engineered the "BootRepair.sys" driver used by Lenovo PC Manager and uncovered critical security flaws that can be abused: 📌 The device" \Device\BootRepair" created by the driver has no defined DACL, allowing any low-privileged user to interact with it. 📌 The IOCTL dispatcher doesn’t verify permissions when invoking the process termination function ("sub_14000198C") 📌 A symbolic link "\DosDevices\BootRepair" is created in user space, allowing direct access to the device from user space. ⚠️ The developed PoC can terminate any process by specifying its PID. 🥷 Key advantage for an attacker: the driver is legitimate and signed by Lenovo, allowing it to bypass Driver Signature Enforcement (DSE) checks. 🎯 Attack scenarios: ✅ If the driver is already loaded on the system: any low-privileged user can access it without restrictions and terminate any process, including EDR/AV. ✅ If the driver isn’t loaded: an attacker can load the trusted, signed driver (Bring Your Own Vulnerable Driver — BYOVD attack) and then use it to kill protected processes. 📎Article: https://t.co/55b3p0i5jR 🦠PoC: https://t.co/PsxH2XCoG8 -> (https://t.co/Qv6Homv0gX), https://t.co/Qv6Homv0gX #dbugs_attacks

0

86

23

54

7K

bongoalex retweeted

Nebula Security

@nebusecurity

15 days ago

Introducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0. nginx-rift has been patched, but our security agent Vega has found a new 0 day. We will release the full technical writeup with ASLR bypass 30 days after the patch on https://t.co/LAhOC5UHrp.

28

1K

258

797

476K

default itsec guy @bongoalex

19 days ago

@ghostlead247 @ChaoticEclipse0 Microsofts reply is 50:50 "duplicate" or "not in scope"

0

4

0

450

bongoalex retweeted

Theo - t3.gg

@theo

22 days ago

Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet?

350

7K

996

2K

778K

Who to follow

Stephan - ObiWan666 - Gerling

@obiwan666

Bluesky @ObiWan666, Yacht Security, Firefighter, Security Evangelist, Speaker, IT & ICS Security, "Geraffel", IoT Hacker, Lingen (Ems)

wintamute

@wintamute

exploi^Hring the world, interested in (too) many things related to IT, Tech, Science | Geraffel | nrd | ND

bongoalex retweeted

23 days ago

I just reverse engineered the YellowKey BitLocker bypass Microsoft shipped code that checks for a flag called "FailRelock" in every Windows 11 recovery image. When it's set to 1, after recovery unlocks your BitLocker drive, it never relocks it. All you need is a USB stick. This code only exists in the recovery environment. Not in normal Windows. They left an entire debug testing framework in production.

weezerOSINT's tweet photo. I just reverse engineered the YellowKey BitLocker bypass

Microsoft shipped code that checks for a flag called "FailRelock" in every Windows 11 recovery image. When it's set to 1, after recovery unlocks your BitLocker drive, it never relocks it. All you need is a USB stick.

This code only exists in the recovery environment. Not in normal Windows. They left an entire debug testing framework in production.

35

3K

441

1K

276K

bongoalex retweeted

Ariel @0xArielK

about 1 month ago

I'm using AI to find vulnerabilities (for 2 days), and its crazy how easy it is... currently fuzzing libpng which is being used by practically anything, already 3 different CVEs, memory corruption, memory leak and DoS. $20 is cheaper than a full time vuln researcher

0xArielK's tweet photo. I'm using AI to find vulnerabilities (for 2 days), and its crazy how easy it is... currently fuzzing libpng which is being used by practically anything, already 3 different CVEs, memory corruption, memory leak and DoS.

$20 is cheaper than a full time vuln researcher https://t.co/w6wd2rATQI

22

549

40

351

49K

bongoalex retweeted

Captain Insight

@CaptainInsightX

about 1 month ago

The man who killed the $10,000 GPU myth. He did it alone, from Bulgaria, with one C file. 🤯 >Meet Georgi Gerganov. >Bulgarian developer. Nobody had heard of him. >In March 2023, Meta’s LLaMA model leaked online >Within days he wrote a single C file >Called it llama.cpp >It ran a full AI model on a MacBook. No GPU. No cloud. >The entire AI industry said you needed $10,000 GPUs to run LLMs 🔥 >He proved you didn’t. On a laptop. Alone. >Also built whisper.cpp ~ same thing for voice AI > His code is the foundation of Ollama, LM Studio, and GPT4All >107,000+ GitHub stars. Fastest open-source AI project to hit 100K ever. 🚀 >In 2026 Hugging Face hired his entire team >Still ships code. Still open source. Still free. Every time you run AI locally, you’re running his work. Absolute Legend 🐐

CaptainInsightX's tweet photo. The man who killed the $10,000 GPU myth.
He did it alone, from Bulgaria, with one C file. 🤯

>Meet Georgi Gerganov.

>Bulgarian developer. Nobody had heard of him.
>In March 2023, Meta’s LLaMA model leaked online
>Within days he wrote a single C file
>Called it llama.cpp
>It ran a full AI model on a MacBook. No GPU. No cloud.
>The entire AI industry said you needed $10,000 GPUs to run LLMs 🔥
>He proved you didn’t. On a laptop. Alone.
>Also built whisper.cpp ~ same thing for voice AI
> His code is the foundation of Ollama, LM Studio, and GPT4All
>107,000+ GitHub stars. Fastest open-source AI project to hit 100K ever. 🚀
>In 2026 Hugging Face hired his entire team
>Still ships code. Still open source. Still free.

Every time you run AI locally, you’re running his work.

Absolute Legend 🐐

120

8K

969

3K

264K

bongoalex retweeted

Silky @S1lky_1337

about 2 months ago

My BlueHammer version ( now redhammer) implements my VDM version patch, deploys and loads the BYOVD for my exploitkit. It bypasses the new signature for BlueHammer aswell. How is this still unpatched?

S1lky_1337's tweet photo. My BlueHammer version ( now redhammer) implements my VDM version patch, deploys and loads the BYOVD for my exploitkit.
It bypasses the new signature for BlueHammer aswell. How is this still unpatched? https://t.co/Br1jYWq1wJ

8

423

92

184

27K

default itsec guy @bongoalex

3 months ago

@_RastaMouse Some are unemployed now, some work 5 days. So on average we're there

0

1

0

78

default itsec guy @bongoalex

4 months ago

@dcuthbert SAP so beautiful?

0

20

default itsec guy @bongoalex

5 months ago

@MantodeaSec @BigM1ke_oNe @kingcope_MTD What, kingcope is alive and active??? Omg

0

22

bongoalex retweeted

Panos Gkatziroulis 🦄

@ipurple

5 months ago

Living on the Edge: Evicting threat actors from perimeter appliances https://t.co/kVdo4NvI0q

0

15

4

14

4K

default itsec guy @bongoalex

6 months ago

@vysecurity Can't compare non open source to open source. Think about costs and limitations

1

0

46

default itsec guy @bongoalex

6 months ago

found old stuff like PE compressors from 2002 ... wonder what to do with it

0

32

bongoalex retweeted

Andrea P @decoder_it

7 months ago

We know that Microsoft improved the overall printing security in 2025, now using DCE/RPC for callback, you can force NTLM local auth and reflect back machine auth even without CredMarshalTargetInfo() trick 😇

decoder_it's tweet photo. We know that Microsoft improved the overall printing security in 2025, now using DCE/RPC for callback, you can force NTLM local auth and reflect back machine auth even without CredMarshalTargetInfo() trick 😇 https://t.co/HEN7P62wCW

6

294

73

160

18K

bongoalex retweeted

Seth Jenkins @__sethJenkins

7 months ago

All my recent activity wasn't for nothing...I'm pleased to announce that I'll be speaking at @DistrictCon with @natashenka about a 0-click to kernel exploit chain for the Pixel 9 in January!

__sethJenkins's tweet photo. All my recent activity wasn't for nothing...I'm pleased to announce that I'll be speaking at @DistrictCon with @natashenka about a 0-click to kernel exploit chain for the Pixel 9 in January! https://t.co/Kl7nR0i07p

3

206

17

67

16K

bongoalex retweeted

Justin Elze

@HackingLZ

7 months ago

This is underrated and has worked forever

8

259

23

104

19K

bongoalex retweeted

LuemmelSec @theluemmel

8 months ago

Lol "ZDI has marked all 13 issues as zero-day vulnerabilities, given Ivanti’s failure to release fixes in accordance with responsible disclosure deadlines." https://t.co/zK9MQYcgvo

2

124

41

26

24K

default itsec guy @bongoalex

8 months ago

@CyberWarship Didn't try it, but I doubt it will bypass Falcon or MDE

1

0

301

bongoalex retweeted

CODE WHITE GmbH @codewhitesec

9 months ago

CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at https://t.co/25hlvHXiGW packaged as a metal festival. Have fun 🤘 and #applyIfYouCan

codewhitesec's tweet photo. CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at https://t.co/25hlvHXiGW packaged as a metal festival. Have fun 🤘 and #applyIfYouCan https://t.co/xZ5cMOWXUF

2

33

14

3

5K

default itsec guy

@bongoalex

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users