Olivia
Online
iPower
@iPowerPower
Just a guy who likes anime, fighting games, hypervisors and reverse engineering. Member of @the_secret_club. Do not DM me about game cheats.
Joined April 2020
143 Following
1.9K Followers
551 Posts
Pinned Tweet
While researching @kaspersky's components, I've decided to write a fun project that makes possible hooking system calls from your own driver by interfacing with its hypervisor: https://t.co/9uFRmmVqDr
New video: creating COM objects with the class moniker.
Most of you know CoCreateInstance.
Here is another way: class moniker. I walk through what the class moniker is, how the registry resolves the clsid: prefix to an implementation in combase.dll, and then rebuild the whole thing manually with MkParseDisplayName and IMoniker::BindToObject.
https://t.co/X1eAjXJeIh
I often need to explore Windows kernel crashdumps when I'm on Linux/macOS.
WinDbg unfortunatelly doesn't work in Wine.
So... I did a thing. It's multiplatform - doesn't depend on dbgeng.dll nor DIA. WinDbg-flavored.
And it's fast. Really fast.
https://t.co/sd44mJo9ax
I decided to commit another part to the Applied Reverse Engineering series with an article diving into rolling your own primitive tracer for discrete purposes; coupled with an analysis on outrunning integrity checks.
https://t.co/GjIZpjhVzw
I'm adding Hyper-V (using the Windows Hypervisor Platform) as emulation backed to Sogen, my Windows userspace emulator:
While providing slightly less analytical functionality, it should be a game changer in terms of speed 🥳
https://t.co/eAcVzlBEUl
Started a blog series on writing a minimal ARM hypervisor from scratch — boots as a UEFI app, claims EL2, identity-maps everything through Stage 2.
Chapter 0 just dropped: ARM vs x86 virtualization, UEFI internals, EDK2 setup, first app at EL2.
https://t.co/NJ7hQu3VZz
Dropping some tooling to assist with Windows RE (or any really); bulk download modules across all versions, search for call chains from references, immediates, instructions, etc. Has been useful for mass-analysis, cross-version diffing, variant analysis, and just generally locating candidates for more thorough investigation (ioctl dispatch, rpc handlers/chains, what functions eventually call a desired target).
https://t.co/mmYLS4rNCn
TIL FILE_READ_ACCESS is not mandatory to map a SEC_IMAGE into memory.
https://t.co/x8ky37TEwb
My new hobby: Asking AI the same question over and over again, and looking at the results.
Here's an example - I've asked gemini-2.5-flash 100 times to add two large numbers.
It's really undecided.
The correct answer is not there btw.
Yeah, @Google my primary email created in 2004 and used daily for 22 years is a bot? I'm now locked out of +450 other websites including my bank, work and github which use it for MFA and have to wait several days before a human reviews the appeal?🤔🤢
Try the ask_ida/c++ GPT [ https://t.co/2UEoY12Xoi ] for IDA SDK related questions in C/C++.
![allthingsida's tweet photo. Try the ask_ida/c++ GPT [ https://t.co/2UEoY12Xoi ] for IDA SDK related questions in C/C++. https://t.co/ajCISpoaB4](https://pbs.twimg.com/media/F-7yTEPasAABHV5.jpg)
My new blog post 🥳
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting
It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥
https://t.co/UDw18wKDdc
ok its finally done: the improved version of no-defender, a tool that interacts with WSC api to disable window defender the way how microsoft intended it
https://t.co/KJX2R3NdTw
Good news! The recording of our talk at @reconmtl 2024, JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and DCI/EXDI, presented together with @ivanrouzanov, is now available on YouTube: https://t.co/tn7wrURkZy. Turn on subtitles.
Nice to see Intel and MSFT's posts on VT-rp / HVPT.
If you are interested in playing with the feature, simple example code is here: https://t.co/XaA7VHf06z
The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control
https://t.co/YPVai772Zt
Intel E-cores behave differently in virtual machines than P-cores. This plays an important role in debugging hypervisor technology within heterogeneous systems. See my article, The Mysterious Behavior of the Intel E-cores, here: https://t.co/STm79Dgwml
Some exciting research to share from Binarly REsearchers @cci_forensics and @pagabuc -- a novel approach to UEFI bootkit detection.
🔥Read the technical paper: "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior"
👉 https://t.co/KwmiNq9hdc
My presentation slides "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior" @REverseConf are available online https://t.co/QCQaFi8SaY
Last Seen Users on Sotwe
MrSlutEmOutt🇯🇲 
Seen from United States
suka bahan nerawang
Seen from Indonesia
Leena The Switch 🧡 🏴/🇨🇻 June 6-28
Seen from United States
𝒆𝒎𝒆𝒍𝒊𝒂𝒙𝒙
Seen from Singapore
Daddy Adam 🐻
Seen from United States
Xaka kto Mo छाडा केटा
teppi🔞
Seen from United States
Nurcan Güneş
Seen from Turkey
Jay456
Seen from Thailand
Türkçe Konulu Filmler
Seen from France
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers