freddy @falsneg - Twitter Profile

falsneg retweeted

Jonas L

@jonasLyk

25 days ago

https://t.co/AeIdwj23cp

21

501

165

292

81K

falsneg retweeted

Wietze @Wietze

30 days ago

https://t.co/r67jck8ZGo just got a visual refresh 🌟 Explore 600+ documented DLL Hijacking cases, including: • JSON/CSV/YAML feeds • Sigma detection content for every DLL • A single Sigma rule covering all DLLs Check it out: https://t.co/2PJCgKEZwO

Wietze's tweet photo. https://t.co/r67jck8ZGo just got a visual refresh 🌟

Explore 600+ documented DLL Hijacking cases, including:
• JSON/CSV/YAML feeds
• Sigma detection content for every DLL
• A single Sigma rule covering all DLLs

Check it out: https://t.co/2PJCgKEZwO https://t.co/MiuPV4Jokn

0

127

40

104

6K

falsneg retweeted

kernullist

@kernullist

about 1 month ago

Released PseudoForge 0.1.0. An IDA Pro / Hex-Rays plugin built for Windows kernel driver analysis. It cleans up raw decompiler output with rule-based passes, WDK-backed API profiles, user-defined rules, and optional LLM rename assist that is kept behind deterministic validation. Current focus: - DriverEntry reconstruction hints - IRP / IOCTL dispatcher cleanup - CTL_CODE and NTSTATUS decoding - WDK API argument semantics - pool tag recovery - LIST_ENTRY traversal - CONTAINING_RECORD patterns - callback registration flows - common kernel cleanup paths This is still a very early release, so expect rough edges. 😆 repo: https://t.co/BZJfKNfcGX

2

285

54

183

15K

falsneg retweeted

nop @thenopcode

5 months ago

After more than 3 years, I finally found the time to update my blog and write something new. So here is a short post about a simple WinDbg extension I wrote to find code caves (definitely an improvement from the messy Python code I wrote back then): https://t.co/8f9C6YGN1i

thenopcode's tweet photo. After more than 3 years, I finally found the time to update my blog and write something new.

So here is a short post about a simple WinDbg extension I wrote to find code caves (definitely an improvement from the messy Python code I wrote back then):
https://t.co/8f9C6YGN1i https://t.co/O0LAm4JmtL

2

123

14

42

5K

Who to follow

x86matthew

@x86matthew

system emulation / reverse-engineering / binary analysis. @the_secret_club

Moloch

@LittleJoeTables

Offsec Engineer Formerly of @BishopFox https://t.co/YcsVLOezuj https://t.co/z3UKx3Wcrf

Nick Powers

@zyn3rgy

Adversary Simulation @SpecterOps | Previously @Rapid7 & @Protiviti

falsneg retweeted

clearbluejar @clearbluejar

5 months ago

Patch diffing + RCA for clfs.sys can awhile. I gave the diff + binary to a local LLM. It mapped the UAF path, race condition, all IOCTLs in <20 min LLMs don't replace the work, they are momentum. New blog post following the UAF trail of CVE-2025-29824: https://t.co/4wtd0rOKDB

3

114

35

68

9K

falsneg retweeted

Justas Masiulis @JustasMasiulis

5 months ago

TIL FILE_READ_ACCESS is not mandatory to map a SEC_IMAGE into memory.

2

107

18

52

11K

falsneg retweeted

vx-underground

@vxunderground

7 months ago

https://t.co/fRN9lhj4oY

9

335

29

151

26K

freddy

@falsneg

7 months ago

@Vonster @FTC @Adobe they should allow changing plans, which would then allow you to cancel without a fee since you’re considered under a new plan and it’s within the two week cancellation timeframe or whatever. not sure if that’s still a thing but that’s how I cancelled previously

0

1

0

2K

freddy

@falsneg

7 months ago

@nikitabier security research / os internals: @sixtyvividtails @x86matthew @hasherezade @patrickwardle @yarden_shafir @vxunderground @33y0re

0

2

0

81

freddy

@falsneg

8 months ago

@jamieantisocial ah well if i'm not wrong this is just a call to tcpClient->Stop() - maybe just for having some "goodware" characteristics..? not sure

1

0

75

freddy

@falsneg

8 months ago

@jamieantisocial fwiw that doesn't seem like dead code either.. `(*(v9 + 8))(v7);` is a very real call there (in the if (v8) block)

1

0

77

freddy

@falsneg

8 months ago

@originhq @michaelbarclay_ @ESET https://t.co/lnwjgQG2ON

0

1

0

53

freddy

@falsneg

8 months ago

@originhq @michaelbarclay_ Nice - I wrote a similar thing a while ago. https://t.co/ozBj4zoakv :) also fwiw it got assigned CVE-2025-4952 by @ESET (i was surprised tbh)

freddy

@falsneg

over 1 year ago

@yarden_shafir https://t.co/IyFw9qsx7a can't find the full project - wrote this a while ago and vm got nuked since then but there isn't much more. anyway i can share a precompiled bin if u want

1

2

0

681

1

2

0

625

falsneg retweeted

diversenok @diversenok_zero

8 months ago

I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🪲 Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: https://t.co/mSWAolfrFt

diversenok_zero's tweet photo. I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🪲

Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA:
https://t.co/mSWAolfrFt https://t.co/wN4pI4wnEu

3

187

57

100

15K

freddy

@falsneg

8 months ago

@WhichbufferArda @BackEngineerLab true?

1

2

0

215

freddy

@falsneg

8 months ago

@WhichbufferArda it could be that https://t.co/ayIcHkgh62 refused selling them lol

1

5

0

5

847

falsneg retweeted

Two Seven One Three

@TwoSevenOneT

8 months ago

EDR-Redir uses a Bind Filter (mini filter bindflt.sys) and the Windows Cloud Filter API (cldflt.sys) to redirect the Endpoint Detection and Response (EDR) 's working folder to a folder of the attacker's choice. https://t.co/7oDmOETdCA #itsecurity #redteam #pentest

1

64

17

40

4K

falsneg retweeted

Tom Dörr

@tom_doerr

8 months ago

https://t.co/y2oWJDx622

1

425

20

528

65K

freddy

@falsneg

8 months ago

😂😂

0

3

1

0

135

freddy

@falsneg

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users