Olivia
Online
hex nomad
@hexnomad
Joined June 2013
0 Following
1.1K Followers
601 Posts
@halvarflake Not a cafe, but many of our favourite UK pubs had playgrounds.
Introduction to Windows Cryptographic Services RCE CVE-2024-29050 https://t.co/GrWX2uPBAs
Micropatches were released for Windows Cryptographic Services Remote Code Execution Vulnerability (CVE-2024-29050)
I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: https://t.co/P2HB4xMwEK
Who to follow
TheZDIBugs
@TheZDIBugs
Checks for high severity, 0day, or Pwn2Own related advisories published by @thezdi
sakura
@eternalsakura13
Lead Security Researcher @zellic_io. Top 3 Chrome VRP. Top 2 Facebook Whitehat. MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con & OffensiveCon speaker.
starlabs
@starlabs_sg
A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
In the wake of the CrowdStrike crash event, some interesting articles have been published that explore some perspectives of security vendors in the Windows kernel. I penned a blog for another perspective.
@Sean_Endicott_ @happygeek @AndrewWrites
https://t.co/GhasGmIAdA
My take on this: “… appears to be starting a conversation about…” is corporate speak for “there’s nothing we can do about this and we’re waiting this out”.
There’s currently no alternative to running Windows EDRs in kernel mode and there’s not going to be one any time soon.
After over a decade in cybersecurity I sometimes forget that a lot of tech probably has never heard of Crowdstrike (as is now apparent by all the posts)
You’ve probably also not heard of @fieldeffectsoft so here is your chance (no I don’t work for them)
https://t.co/EZsn2jsELR
Maybe companies shouldn’t have gotten rid of QA teams because “devs can write unit tests and that’s basically the same thing”?
kernel driver dev is hard!! this is why the osr guys are so mean
RCE in SSH, this is a thing of beauty https://t.co/C6QlTZS6V9
@GabrielLandau @hasherezade @reconmtl @BlueHatIL Great talk and research! Definitely got a lot of ideas after listening to it
Thanks to everyone who attended my @reconmtl and @BlueHatIL talks! The exploit and slides are here: https://t.co/Y1iOKJWCKg
If you took any photos during either of the talks, please share them here. Also, please don't hesitate to stop me to say hi!
When embarking on a new vulnerability research project it is important to perform extensive background research into the area to gather as much info as possible to supplement and guide
@j00ru describes these learning resources for the Windows Registry:
https://t.co/GfKZfnblRm
Sassy, tongue-in-cheek, but honest recounting of the recent Mitre MDR evaluations:
Very happy to share some thoughts and an inside look at the Field Effect experience of our first participation in a MITRE Engenuity ATT&CK Managed Services Evaluation. So proud of the team, details here:
https://t.co/hPCljNosxD
The cynic in me is saying that if you are a secret agent on a counterterrorism mission, it's kinda your job not to have your secret equipment confiscated by the mall cop on the segway, so I think the lady doth protest too much.
(Random subtweet)
New blog post "Google: Stop Burning Counterterrorism Operations"
My reflection on an incident where Project Zero and TAG knowingly shut down an active Western counterterrorism cyber operation, and the real-world harm that could have resulted from it.
https://t.co/AtWxFPpE8u
New Project Zero blog post by Sergei Glazunov and Mark Brand: Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models https://t.co/txvkXH5oCC
Great bug, great talk! I’m sure I’m not the only one who looked at the binder code and missed this :)
@guhe120 This happened. It turns out maintaining consistency at 4x-6x the previous volume is a really hard problem. Honestly, a misc CVE field is the least of my worries- inconsistencies in what's considered an "Important" vulnerability is what keeps me up at night 🥲
@chompie1337 Nice work!! And not surprised, I don’t think I’ve ever reported a bug that had all the details correct in the MS bulletin.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers