Olivia
Online
Phillipp Eisenhower
@chromiumring
Security Researcher/Developer
Sunnyvale, CA
Joined September 2021
1.4K Following
101 Followers
1.5K Posts
This is big 🔥🔥 https://t.co/OOsaKt4PkG
Nightmare Eclipse is back ⚠️
A new RoguePlanet Windows Defender LPE 0day PoC has been released. The RCE chains reportedly stopped working after Microsoft's recent Defender fixes, but the BitLocker bypass might still be effective, NE isn't fully sure yet https://t.co/oPtnNW7BST
Automating MS-RPC vulnerability research
TL;DR: Diving into the MS-RPC protocol and how to automate vulnerability research using a fuzzing approach.
Blog:~ https://t.co/KZYYa2qfOc
#Fuzzing
UEFI bootkit PoC. Firmware hooks + boot hijack + pre-OS persistence. Boots before Windows, owns Ring0. First public framework for APT emulation.
https://t.co/RBJuW6BPQR
Who to follow
Augustus Germanicus
@volodymyr_6969
РОССИЯ МОСКВА
КИБЕРБЕЗОПАСНОСТЬ| OSCP | Я ЛЮБЛЮ ЗВЕЗДНЫЕ ВОЙНЫ| РИМСКАЯ ИМПЕРИЯ | В НАСТОЯЩЕЕ ВРЕМЯ МОСКВА.
Бывший член Fancy Bear 🇷🇺
KrisB 
@krisbowe
Penetration Tester | OSEP | eCPPTv2 |constantly learning | my comments are my own and not related to my employer
v3ndta
@_v3ndta
💻 Ethical Hacker/Penetration Tester
🇬🇧 Rule Britannia
⚖️ Join the revolution
Last year, we gave you a glimpse of the RemotePE malware used by a Lazarus subgroup. Now, we dive deeper into this toolset and discuss DPAPILoader, RemotePELoader and RemotePE in detail. 🔍💻
Check out our blogpost: https://t.co/6gCPJtdMId
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective https://t.co/cQb38SJ3kB
Save this amazing collection of C++ articles - structured nicely.
https://t.co/Bfr04uobJN
🚨 Nightmare Eclipse just released another vulnerability called MiniPlasma
GitHub: https://t.co/oySBY1X8ke
CVE: CVE-2020-17103 which is a high-severity elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver that allows an attacker to gain elevated, unauthorized access to a targeted system
From Windows driver to custom EDR.
A journey through building own EDR-like solution with a historical perspective - a post by Aurélien Chalot (@Defte_).
Source: https://t.co/bqxiKlwCxj
#redteam #blueteam #maldev #malwaredevelopment
Have you ever wondered why svchost can spawn from Windows Defender MsMpEng.exe withouth any flags, even though a legit svchost should always have flags?
Welp that's because its not a real svchost :D
Read - Why Does MsMpEng Spawn svchost.exe Without Flags? - https://t.co/JQxnSF6Buk
TL;DR - MpEngine.dll (AKA Windows Defender Engine) has a function called CreateCraProcessHelper that is used as part of the AntiRootkit scanner. In it, it spawns a suspended process with just the CLI "svchost".
This is used by the engine and KSL driver to pass specific bytes from the \Device\PhysicalMemory between "Kernel" and "User mode" :D
Skip the LSASS theatre ... walk the $MFT, take the hive, leave no minidump behind.
Building a Windows Network Filter Driver: Intercepting Outbound Connections
New Medium post, today I will show you how to build a Windows kernel driver that monitors outbound network connections using the Windows Filtering Platform (WFP)
https://t.co/vMmK0huq4r
Windows 11 24H2 LPE vulnerability (CVE-2026-21250)
→ Local privilege escalation
→ Potential SYSTEM access
Exploit PoC is public 👇
https://t.co/FsaHGVdhWj
Patch or mitigate ASAP.
#CyberSecurity #Infosec #Pentesting
Open-source VMware vCenter alternative for Proxmox
https://t.co/55XBiXhK1O
Operating system written in 1000 lines of code
https://t.co/51LwKMYPyz
Building a Windows File System Minifilter Driver: Intercepting File Access
New Medium post. In this article, I’ll walk you through the implementation of a basic Windows File System Minifilter Driver capable of intercepting file operations at the kernel
https://t.co/YZd4RnkEjm
Dragon Breath APT-Q-27 leveraged a WHQL-signed kernel driver with BYOVD and EDR evasion via a zero-validate IOCTL, linking Zhengzhou 403 to APT31 through shared infrastructure and personnel. https://t.co/bl2d94Sf3r
PowerShell for Defenders - Finding Persistence
Scripts you can use to spot various mechanisms hackers use to persist
https://t.co/rrOfNibyFf
@three_cube @_aircorridor
#windows #apt
This is one of the more fascinating malware write-ups I've read in a while.
Sentinel LABS covered fast16, a 2005 sabotage framework that was doing things most people associate with much later operations.
The malware used a driver to tamper with calculation software, but it also had automated methods to propagate through the network. It looked for the right applications, used Windows-native mechanisms, and took advantage of shared drives with weak passwords or no passwords.
This is a good takeaway because the sabotage only works well if the corrupted results become consistent across systems, so if one workstation gives bad results, someone may spot it. Having the testing and validation documents in the same flat network makes tampering easier.
Also, the mechanisms used to tamper with research are fascinating. A chain of operations starting from a filesystem driver, and very specific software targeting.
Sentinel really nailed this one, connecting everything together. Just goes to show that trying something different can take you somewhere unexpected. You never know what’s out there, and there are definitely more, newer samples like this.
Full report: https://t.co/4HA5EdJD3F
Last Seen Users on Sotwe
Hilal
Seen from Turkey
Hoàng Phong
Seen from Vietnam
hard fucker sex
Seen from Turkey
monumen depok
Seen from Indonesia
Nick Johnson Roh Bloodline
Seen from United States
Sloppy Heads 🔞
Wahran41
Seen from Algeria
Mzansi Sex
Seen from South Africa
Novalina Nova
Seen from United States
Check my pinned 📌
Seen from Algeria
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers