Olivia
Online
Cindy Berman
@cingirl30
Business Lead @DelphosLabs - AI cybersecurity. ex @productboard @segment @grammarly @getnanit. angel investor @hellopatient @cinderplatform. @TheCouncilCap.
New York
Joined February 2012
1.3K Following
835 Followers
973 Posts
One of our security researchers demonstrated a local root shell on Linux using a page-cache poisoning primitive in AF_RXRPC’s RxGK path.
We call it DirtyCBC: a sibling to DirtyFrag in the broader CopyFail / DirtyFrag / Fragnesia family. The issue is fixed on mainline.
The candidate path was surfaced through Delphos’s agentic analysis workflow, then manually verified and exploited end to end.
AES-256 was not broken. It just wasn’t the boundary that mattered.
RxGK decrypted data in place before authentication completed.
Under the right conditions, that write could land in the page cache. The HMAC check still failed and the connection was aborted, but the page-cache mutation had already happened.
Two RESPONSE packets were enough to place a tiny ELF into the cached first page of a readable SUID-root binary. The file on disk stayed unchanged. The next exec produced a root shell.
Full writeup and PoC on the Delphos Labs GitHub.
https://t.co/gmCEub1v2t
I wanted to think through the implications of reverse engineering skills getting more accessible with AI and what it means that it's so much easier to take compiled code apart and understand it. So I wrote this: https://t.co/sMTLIv5ber
How long until someone takes some expensive closed source software and uses an LLM to "translate" the disassembly to C/C++ or even Rust? And just put it on github or pastebin or something. We're here. It's possible.
Our automated reverse engineering systems are starting to find vulnerabilities. First of many.
All black box. Only the compiled binary.
Identified using code reasoning.
Responsible disclosure underway.
Who to follow
Amar Ghose 🏝 
@itsjustamar
Generating Leads for your #SaaS via Smoke Signals & Bird Calls since 1830 🐦 Location independent CEO of @zenmaid, #SaaSmarketing enthusiast, & futbol lover
Tim Feeley
@timfee
20 years of PM and UX leadership at TripAdvisor, Meta, Goldman Sachs, Personio and Google. Make better mistakes tomorrow.
tereza z
@terizimovjan
💜
praha - NC - Lboro
We raised $11M from Keith Rabois at Khosla and Felicis to make MCP work at scale.
MCP is everywhere, but it's MESSY.
No security. No auth layer. No visibility. No control.
We built Runlayer to enable AI.
@berman66 Congrats!! Let’s go!
@varunconfirms @nikitabier @elonmusk @X Congrats Varun and the Enterpret team! Excited for Enterpret 2.0. Let’s go!
@nikitabier @elonmusk - I've spent $200K and built something that will help X become the greatest app of all time (Really hoping this works lol).
The problem:
@X is drowning in millions of complaints and suggestions daily from passionate users:
“Edited post shows old version in embeds or previews.”, “Payment succeeded but the verification badge is not appearing.”,
“Group DMs not showing all participants."...scattered across tweets, app reviews, support tickets, and Reddit—zero structure.
You don't know whether 10 people or 10,000 are affected, or how to route the right feedback to the right team.
What @enterpret_ai does:
We automatically structure all customer feedback into a living knowledge graph—like a real-time map of every product issue.
"Payment failed," "HDFC card declined," "can't upgrade" all get filed in the same folder: Billing → Payment Processing → Regional Failures. Same issue, same folder, every time.
Our AI parses customer complaints to understand which parts of the product architecture they refer to, then surfaces them to the right product teams if urgent, or stores them in a connected knowledge graph for deep research with our AI.
When thousands of users from India tweet different versions of "can't pay for Premium," our AI knows:
- It's the same PREM_ERR_402 issue (not random complaints)
- 8,200 users affected with HDFC/ICICI cards
- $1.2M monthly revenue impact
- The payments team owns this fix
- Then automatically alerts them before it trends on Reddit
@enterpret_ai turns unstructured complaints into owned engineering work.
Grok can't do this. Ask it about "payment issues" or "Amex card declined," and it might say it's a checkout bug. No structured taxonomy, no knowledge graph connecting these as the same problem affecting thousands.
@nikitabier @elonmusk - I've already built an Enterpret instance for X. I'll personally fly to X HQ to show you how to fix your top 100 issues in 30 days.
We've raised $25M to build the best customer intelligence platform.
We're the secret behind how the most loved consumer apps like @NotionHQ , @perplexity_ai , @canva , @linear , @hinge , @Strava and @webflow maintain near-zero bugs while shipping fast.
For any company with 250K+ users, we guarantee $1M+ in savings from prevented churn and misdirected engineering.
Book a demo here: https://t.co/sFGjmcE0za
I'm giving away 20 iPhone Air units to people who Quote tweet with your best X improvement/complaint + tag @nikitabier @elonmusk.
Top 20 suggestions that resonate the most with people (by view count) win.
My employer, @DelphosLabs, is surveying the RE community to optimize the impact of our future development. It's only open for one more week. Last chance to participate! We'd love to learn more about you, your needs, or feedback on the public beta! Try it! https://t.co/nDd91mqGTC
What keeps CISOs up at night?
AI risk. Vulnerability management.
Staying resilient when the pressure’s real.
New threats move fast.
Regulators are louder.
Consumers are losing patience.
Boards want answers.
And AI makes it easier than ever for anyone to write an exploit.
We flagged this binary as Conti-style ransomware before checking threat intel.
All automated.
No unpacking. No signatures. Just behavior:
Threaded loader. AES/RSA encryption. Dynamic API calls.
It screamed “Conti” before we did.
Patterns > signatures.
https://t.co/2np5MeSlaM
XZ backdoor (https://t.co/Te6s0hxcaZ.5.6.1) fully exposed in minutes with Delphos Labs.
Black-box binaries? No more.
Traditional tools would still be unpacking.
That’s software, verified.
Binary highlight: “Cyberpunk 7777 / QubePi” ELF. Text-menu game with hard-coded Postgres creds. Every login/chat/coord sent in clear on 5432—no TLS, no sanitization. Delphos auto-exposed the creds & flow in minutes.
Sample: https://t.co/pe4YmTEB5O
#ReverseEngineering
Binary highlight: Modded DXGI.dll that spoofs an RTX 4090, hooks DXGI, and reroutes DLSS to OptiScaler’s FSR/XeSS. Hard to spot—but Delphos auto-flagged it and generated a clear write-up in a couple minutes. Sample: https://t.co/7PY6tBeG7o #ReverseEngineering via @DelphosLabs
📣Survey Alert: Reverse engineers, vuln hunters & malware analysts: help shape automated reverse engineering.
Take a quick survey & tell us what frustrates you the most & what to automate next. 👉https://t.co/Gh0Cpf2Cm5
First look 👉 https://t.co/YZqEGD9YxT #ReverseEngineering
Machine Learning Meets Malware. If cognition becomes an API call and malware can be reverse-engineered by an LLM, then what’s left of “zero trust”?
Caleb Fenton joined @patio11 for a chat on AI, nation-states, and the new front in software security.
🎧https://t.co/FcExUUt6tz
AI is lowering the barrier to attack.
“AI tools are reducing the skill, time, and effort required to create functional cyber capabilities.” — Anthropic & CSET
Nation-state-level offense is now within reach of bad actors. Defenders need better tools, fast.
What if you could understand what any compiled program does—no source code, no disassembler?
At RSA, our CEO @DavidDubick & CTO @caleb_fenton gave a sneak peek of what we’re building at @DelphosLabs.
Early access is open, DM us if you want in. Thanks @decibelvc for hosting!
Your company is alive because of its customers. You have a job because of your customers.
Customers matter. The Voice of Customer matters.
Enter @enterpret_ai
Moving to SF for @ycombinator can be lonely - every year hundreds of founders leave their homes and often travel across the globe to build a company.
My team at @join_arc is hosting a Thanksgiving dinner next week for YC F24 and friends with the help of @FidelityPrivate 🦃
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers