Top Tweets for #Kernel_Security
#reversing
#Kernel_Security
BYOVD and Looting LSASS in the Modern EDR Era
https://t.co/oF5WX78TbA
// The article details advanced BYOVD techniques exploiting kernel driver vulnerabilities to bypass Windows security, including methods for disabling LSASS protections, memory dumping, obfuscation, and defensive countermeasures
#Tech_book
#Kernel_Security
"Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security",
]-> Repo https://t.co/BSPopYDfnl
#Kernel_Security
CVE-2026-40369:
Twelve Bytes to Escape the Browser Sandbox
https://t.co/P90WSDZPVH
]-> Full Exploit PoC - https://t.co/gtJ9EJoui7
// Windows kernel vulnerability enabling unprivileged arbitrary kernel memory writes via 'NtQuerySystemInformation', allowing privilege escalation to SYSTEM by forging tokens, affecting Windows 11 25H2 and Windows Server 2025
#Kernel_Security
From Kernel Snitch to Practical msg_msg/pipe_buffer Heap KASLR Leaks
https://t.co/gQKHTYEeT9
]-> KernelSnitch + CrossCache Reuse Lab Workspace
// A practical heap KASLR leak that does not rely on a memory-safety vulnerability. Because the attack recovers valid kernel pointers without triggering invalid accesses, it remains exploitable on systems with MTE. More importantly, when the leaked mm_struct pointer is tagged (e.g., on Google Pixels), KernelSnitch can recover its logical tag as well, highlighting its potential as a tag oracle for the leaked object
#tools
#reversing
#Kernel_Security
1⃣ PoisonX - Terminating Protected Windows Processes via BYOVD
https://t.co/o1qyymefz1
2⃣ Signed to Kill: Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR
https://t.co/eJwAcDZKgc
#exploit
#Kernel_Security
1⃣ Multiple vulnerabilities in AppArmor
https://t.co/QKxkMGMeR9
// AppArmor + Sudo + Postfix = root
2⃣ CVE-2026-29923:
LPE Attack via pstrip64.sys
https://t.co/MBM8yvoluJ
// pstrip64.sys - legacy kernel-mode component. While its legitimate purpose is to enable advanced graphics card display tweaking, its deep system privileges make it a highly attractive target for attackers..
#Kernel_Security
Linux File System Basics
Part 1 https://t.co/fWmpSJR1PG
// Overview and CVE-2022-0185 / CVE-2023-5345
Part 2 https://t.co/Hk1bM0BcGE
// Isolation, Permission Model and CVE-2023-0386
🚨 #exploit
#Kernel_Security
From virtio-snd 0-Day to Hypervisor Escape:
Exploiting QEMU with an Uncontrolled Heap Overflow
https://t.co/qhZxY6eeGF
]-> QEMU virtio-snd guest-to-host escape exploit https://t.co/BsQDgiMRi6
#exploit
#Kernel_Security
A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets
https://t.co/6t8aw5hbby
// A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic
#Kernel_Security
"Unveiling BYOVD Threats: Malware’s Use and Abuse of Kernel Drivers", Feb. 2026.
]-> Artifact https://t.co/pXwRmzhX1K
// BYOVD attacks abuse legitimate, digitally signed Windows drivers that contain hidden flaws, allowing adversaries to slip into kernel space, disable security controls, and sustain stealthy campaigns ranging from ransomware to state-sponsored espionage. We first introduce the first dynamic taxonomy of BYOVD behavior. We propose a virtualization-based sandbox that follows every step of a driver’s execution path, from the originating user-mode request down to the lowest-level kernel instructions, without requiring driver re-signing or host mod-ifications
#Kernel_Security
#Malware_analysis
Hiding from the Panic Button:
Singularity SysRq Hook
https://t.co/pMAlNwuCJR
// This post examines sysrq_hook.c from the Singularity LKM rootkit (targeting Linux 6.x) and explains how it intercepts the scheduler and OOM reporting paths used by SysRq
#tools
#Kernel_Security
#Offensive_security
AV/EDR Killer: AV/EDR processes termination by exploiting a vulnerable driver (BYOVD)
https://t.co/ZReJK2CcBh
// This project demonstartes how a legit, and signed driver can be weponized to gain kernel level access
New technical blog on our website:
An interactive C++ console tool that uses dbghelp and retrieves PDB symbols from Microsoft for ntoskrnl.exe.
https://t.co/9z4L5niAc5
#CyberSec #infosec #windows #kalilinux #Kernel_Security #kernel #rop #cybersecurity
#reversing
#Kernel_Security
#Sec_code_review
Exploiting Reversing (ER) series:
Part 1 - Windows kernel drivers (1) https://t.co/MoAXZ7pHJK
Part 2 - Windows kernel drivers (2) https://t.co/IqZr2h1fuz
Part 3 - Chrome https://t.co/7fsTWqsEmw
Part 4 - macOS/iOS https://t.co/W7VBr9luVF
Part 5 - Hyper-V https://t.co/6LzkwbSrNZ
// step-by-step research series on Windows, macOS, hypervisors and browsers
#Kernel_Security
#Mobile_security
A 0-click exploit chain for the Pixel 9:
Part 1 - Decoding Dolby https://t.co/CTyOel2n3k
Part 2 - Cracking the Sandbox with a Big Wave https://t.co/w3XXXAx09n
Part 3 - Where do we go from here? https://t.co/nMFRevTJKA
// CVE-2025-36934, CVE-2025-54957.
The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message..
#exploit
#Kernel_Security
1⃣. CVE-2025-21479: https://t.co/9ZHEs4GXyt
Exploiting KGSL in Qualcomm Drivers
// PoC, demonstrating that it only affects Adreno A7xx (Snapdragon 8 Gen 1 / XR2 Gen 2 and newer) devices
2⃣. CVE-2025-60719: https://t.co/BgAujmFwer
Windows Ancillary Function Driver for WinSock EoP Vulnerability
// Tested On: afd.sys - 10.0.26100.7019, Win11 24H2.
The Windows Ancillary Function Driver for WinSock is a kernel-mode component that implements low-level socket handling for Windows. It's a critical system driver that serves as the bridge between user-mode applications and the kernel networking stack. This is a Windows component that is responsible for serving the Winsock API. The vulnerability exists in the following functions, which all follow a similar methodology: AfdGetInformation, AfdSocketTransferEnd, and AfdSocketTransferBegin
#Kernel_Security
#Mobile_security
Dangling pointers, fragile memory - from an undisclosed vulnerability to Pixel 9 Pro privilege escalation
https://t.co/79R9JXWZ6K
// CVE-2025-6349: All versions from r53p0-r54p1
CVE-2025-8045: All versions from r53p0-r54p1
CVE-2025-2879: All versions from r29p0-r49p4, r50p0-r54p0
#exploit
#Kernel_Security
#Mobile_security
CVE-2025-38352:
Part 1 - https://t.co/KfFX8BK8mt In-the-wild Android Kernel Vulnerability Analysis + PoC https://t.co/CMIMYDOdDM
Part 2 - https://t.co/lxGuNMaCiZ Extending The Race Window Without a Kernel Patch
]-> Final PoC https://t.co/J3YLr4Rz6f
// This is a PoC for CVE-2025-38352, a vulnerability in the Linux kernel's POSIX CPU timers implementation. The September 2025 Android Bulletin mentions that this vulnerability has been used in limited, targeted exploitation in the wild
#Kernel_Security
"Reviving Discarded Vulnerabilities:
Exploiting Previously Unexploitable Linux Kernel Bugs Through Control Metadata Fields", CCS 2025.
]-> https://t.co/8V4KR07TpZ
// This paper presents a novel approach to revive these previously discarded vulnerabilities by exploiting Control Metadata Fields (CMFs) within Linux objects, rather than traditional pointer manipulation
#exploit
#Kernel_Security
"Exploiting a Linux Kernel 0-day Through Red-Black Tree Transformations", HexaCon 2025.
]-> Linux HFSC Eltree UAF - Debian 12 PoC - https://t.co/LiCzQu9oUb
// CVE-2025-38001 Analysis + RbTree Attack Against LTS/COS + Mitigations Exploit
See also:
]-> EntryBleed: A Universal KASLR Bypass against KPTI on Linux (2023)
Last Seen Hashtags on Sotwe
taksimgay
Seen from Turkey
uksluts
Seen from United Kingdom
nolimit nolimit()*+filter:native_video
Seen from Sweden
istanbultravesti
Seen from Germany
nolimit nolimit () filter:videos
Seen from Netherlands
uk #mature
Seen from Netherlands
goonsession
Seen from Turkey
Ivyrose threesome
Seen from Malaysia
batman4014
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers