![malware_owl's tweet photo. Hi all, Please be really careful. Even after some warnings from various accounts, after searching for @claudeai 's Claude design, I still come across sponsored malvertised post whose final reflectively loaded payload is malicious from https://claudcode[.]playcode[.]io/. (EDIT: This has since been taken down).
Attempting to download it brings us to clickfix which downloads huge blob that is hiding itself as a sound file which contains HTML code that gets run with mshta. It then downloads obfuscated powershell script. After a few layers of powershell scripts and You can obtain the payload from hxxps://<8 hex bytes>.oakenfjrod[.ru/oth-91267b64-989f-49b4-89b4-984e0154d4d3 and analyze from there as well. Eventually, it loads shellcode acting as full reflectively loader which eventually loads ec1206989449d30746b5ceb2b297cda9f3f09636a0e122ecafb40b1dc2e86772](https://pbs.twimg.com/media/HGOak8AakAAemys.png)
![malware_owl's tweet photo. Hi all, Please be really careful. Even after some warnings from various accounts, after searching for @claudeai 's Claude design, I still come across sponsored malvertised post whose final reflectively loaded payload is malicious from https://claudcode[.]playcode[.]io/. (EDIT: This has since been taken down).
Attempting to download it brings us to clickfix which downloads huge blob that is hiding itself as a sound file which contains HTML code that gets run with mshta. It then downloads obfuscated powershell script. After a few layers of powershell scripts and You can obtain the payload from hxxps://<8 hex bytes>.oakenfjrod[.ru/oth-91267b64-989f-49b4-89b4-984e0154d4d3 and analyze from there as well. Eventually, it loads shellcode acting as full reflectively loader which eventually loads ec1206989449d30746b5ceb2b297cda9f3f09636a0e122ecafb40b1dc2e86772](https://pbs.twimg.com/media/HGOacZnagAAsjjp.jpg)
![malware_owl's tweet photo. Hi all, Please be really careful. Even after some warnings from various accounts, after searching for @claudeai 's Claude design, I still come across sponsored malvertised post whose final reflectively loaded payload is malicious from https://claudcode[.]playcode[.]io/. (EDIT: This has since been taken down).
Attempting to download it brings us to clickfix which downloads huge blob that is hiding itself as a sound file which contains HTML code that gets run with mshta. It then downloads obfuscated powershell script. After a few layers of powershell scripts and You can obtain the payload from hxxps://<8 hex bytes>.oakenfjrod[.ru/oth-91267b64-989f-49b4-89b4-984e0154d4d3 and analyze from there as well. Eventually, it loads shellcode acting as full reflectively loader which eventually loads ec1206989449d30746b5ceb2b297cda9f3f09636a0e122ecafb40b1dc2e86772](https://pbs.twimg.com/media/HGOaaFqaUAEI5hy.png)
Olivia
Online
throatylava
@decompilebug
Infosec and RE stuff sometimes,talking nonsense the rest.
gcc compiler
Joined January 2025
602 Following
215 Followers
1.3K Posts
Pinned Tweet
It’s a TDL3 sample btw. Having fun getting my ass handed to me. Will share different phases of the project, first will be sharing papers I’ve read on it. Will do a writeup on what I could infer from them, and discuss basic windows stuff related to it. We in for a long 2026.🥹🤣🤣
Hopping on a botnet sample today, wish me luck! Any things I need to be cautious of?🤔🧐
remember when 512MB RAM was considered massive?
programmers wrote code like every byte mattered. optimized everything. squeezed performance from nothing.
suddenly nobody cared about efficiency anymore. just throw more RAM at it, problem solved.
now we have 32GB RAM and Slack uses 2GB just to show text messages. Electron apps eat memory like it's free candy.
we got better hardware and built worse software. abundance made us lazy.
@akses_0x00 Please come back soon.🫡🫡
New #TinyTracer (4.0) is ready: https://t.co/hNcO4b3zJ9 - refactored for compatibility with the latest PIN - and with some new features!
C is not a low level language
ACM Queue published this in 2018 and people are still arguing about it
the idea is simple C was low level in 1972 when machines like the PDP-11 mapped code almost directly to instructions
modern CPUs are completely different caches branch prediction SIMD out of order execution
the C abstract machine cannot see or control most of that
it cannot see the cache cannot express prefetching cannot directly control vectorization
so performance depends on the compiler being smart enough to optimize
the same argument C developers often criticize in higher level languages
@shenetworks .@hasherezade's content is 🤌
++you can hop through the other projects for more excellent examples to study
https://t.co/mpwjZCiVpQ
Since quitting weed I’ve noticed better sleep, more confidence, no anxiety, and dramatically improved mental acuity.
It was honestly one of the hardest addictions for me to beat, and looking back, it may have been the biggest net negative in my life. Crazy to say, but it’s true.
Be like Dale.🤣🤣🤣
telling Dale he has no future in AI when he complains
Compiler construction is one of the oldest, best understood CS fields. It's decades of work by the brightest minds, and it's grounded in logic, informed by experience and strictly deterministic.
Comparing that with LLM-based coding agents is just wrong.
https://t.co/4EVmjMIAwn
@_br_ttney Happy birthday! Have a great one! 🫡
Hi all, Please be really careful. Even after some warnings from various accounts, after searching for @claudeai 's Claude design, I still come across sponsored malvertised post whose final reflectively loaded payload is malicious from https://claudcode[.]playcode[.]io/. (EDIT: This has since been taken down).
Attempting to download it brings us to clickfix which downloads huge blob that is hiding itself as a sound file which contains HTML code that gets run with mshta. It then downloads obfuscated powershell script. After a few layers of powershell scripts and You can obtain the payload from hxxps://<8 hex bytes>.oakenfjrod[.ru/oth-91267b64-989f-49b4-89b4-984e0154d4d3 and analyze from there as well. Eventually, it loads shellcode acting as full reflectively loader which eventually loads ec1206989449d30746b5ceb2b297cda9f3f09636a0e122ecafb40b1dc2e86772
![malware_owl's tweet photo. Hi all, Please be really careful. Even after some warnings from various accounts, after searching for @claudeai 's Claude design, I still come across sponsored malvertised post whose final reflectively loaded payload is malicious from https://claudcode[.]playcode[.]io/. (EDIT: This has since been taken down).
Attempting to download it brings us to clickfix which downloads huge blob that is hiding itself as a sound file which contains HTML code that gets run with mshta. It then downloads obfuscated powershell script. After a few layers of powershell scripts and You can obtain the payload from hxxps://<8 hex bytes>.oakenfjrod[.ru/oth-91267b64-989f-49b4-89b4-984e0154d4d3 and analyze from there as well. Eventually, it loads shellcode acting as full reflectively loader which eventually loads ec1206989449d30746b5ceb2b297cda9f3f09636a0e122ecafb40b1dc2e86772](https://pbs.twimg.com/media/HGOaoySbQAAatM0.jpg)
Yep yep yep.
I never liked databases as an idea.
You literally send a string query over TCP to postgres and it returns you data over tcp as strings.
There is so much potential to make this whole thing better …. but everyone seems to be just fine with it.
Joey Bada$$ at 17 the night before dropping ‘1999’
“I got school in the morning tho” 😭
🤣🤣🤣🤣
Would any security team benefit from having a Certified Scrum Master ®
@spaceraccoon All the best 🫡🐐🐐
Recently started learning Java. Java feels more complicated than C.🤣😞😭🤣
When Andres Freund, Linux kernel contributor & Microsoft engineer was debugging slow SSH logins on his Debian machine in March 2024, he noticed something weird:
liblzma (part of XZ Utils) was using way too much CPU power, so he kept digging, and what he uncovered was a multi-year supply-chain attack!
An attacker using the name “Jia Tan” had spent two years slowly infiltrating the tiny XZ Utils project, a compression library used by virtually every major Linux distribution.
The backdoor wasn’t in the source code. It was hidden deep inside the build scripts. It would have given the attacker remote root access on millions of servers the moment a specially crafted SSH key was used.
Freund caught it days before it would have shipped in Debian, Fedora, Ubuntu and more.
One man, one anomaly, one routine debug session saved the internet from a potential catastrophe.
Respect!
I made a Hash Table in pure C that you can just use like this:
Last Seen Users on Sotwe
Razan Queen
Seen from Lebanon
Salman Khan
Seen from Pakistan
Best Public Flashes 🔞💘⚥
Seen from Turkey
Nguyễn Văn Anh
Seen from Vietnam
sydney sweeney files 
Seen from Saudi Arabia
디로
Seen from Korea
イッちゃってる😎
Seen from Singapore
Norma soy la lovita de todos
Seen from Indonesia
ช่วยโปรโมทหาคมอม ปอกแดง กะดึก
Lounge ❤️
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers