Olivia
Online
Tim Willis
@itswillis
Long time listener, infrequent tweeter. Head of Exploitation and Offensive Research at Google. Views are my own.
Joined October 2012
201 Following
4.6K Followers
91 Posts
Some personal news: I'm thrilled to be moving back to Project Zero! Specifically I'll be joining the Big Sleep project to find vulnerabilities in JavaScript engines. We've already found and reported our first vulnerability in V8 last week: https://t.co/QQEgvIGgHp
If you've been keeping track on the Big Sleep bug tracker at https://t.co/TeYPpUANyW you might have noticed it lists more bugs now compared to last week. Including a "High impact issue in V8" :)
That time when @tehjh was just reviewing a new Linux kernel feature, found a security vuln, then went on a journey to see if he could exploit it from inside the Chrome Linux Desktop renderer sandbox (spoiler: very yes)
https://t.co/Atc6toEdAj
Today @Google Project Zero announced a new trial policy: Reporting Transparency. We’ll now share when we report a security vuln to a vendor within 1 week including products + deadlines. Goal: shrink the patch gap + drive faster, safer updates for users: https://t.co/BHW2NnCb6I
Who to follow
Samuel Groß
@5aelo
Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
RET2 Systems
@ret2systems
We strive to reimagine vulnerability research, program analysis, and security education as it exists today. An @RPISEC corporation.
Natalie Silvanovich
@natashenka
Tamagotchi Hacker. Google Project Zero. She/her.
Great to see this live!
Let's see how the trial pans out 🍿👀
While most vendors ship timely patches for vulnerabilities reported by Project Zero, they don’t always reach users. Today, we’re announcing Reporting Transparency, a new policy to encourage downstream fixes
https://t.co/ktussY1I65
Part 7 (!) of @j00ru's Windows Registry adventure is now live:
https://t.co/tD7yv0P8GY
"I will describe the various areas that are important in the context of low-level security research... all possible entry points to attack the registry... and the primitives they generate"🙌
For those that won't be in Germany next weekend to see @dillon_franke live, this is the next best thing!
(post also includes Dillon's fuzzing harness and tools Dillon built along the way) 🎉
Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS.
I'll talk about this and the exploitation process next week @offensive_con!
https://t.co/9Oj2AaxbRk
Part 5 of @j00ru's Windows Registry Adventure is out!
https://t.co/gMRLzReeC9
Incredible depth of knowledge on display, and good to see it shared as a reference with the world ❤️
@i41nbeer's dive into BLASTPASS, over a year in the making:
https://t.co/c6lUVnz2kn
"This is the second in-the-wild NSO exploit which relied on simply renaming a file extension to access a parser in an unexpected context which shouldn't have been allowed."
My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp -
https://t.co/H4m8MBwoWN
Two new posts from @tiraniddo today:
https://t.co/StB2knG8FO on reviving a memory trapping primitive from his 2021 post.
https://t.co/sbKodaJMe9 where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process.
Happy Reading! 📚
@B_Shamshirsaz base salary is listed on the job ad 👍
It doesn't happen very often, but Project Zero is hiring!
https://t.co/bA3FT6ZbzH
Please share with anyone you think would be awesome for the role 🎉
Looking for at least one person. DMs open if you want to reach out about the role.
The team: https://t.co/YBitHNpEWr
@B_Shamshirsaz ideally looking for that rare human that can do 0day vuln research on top-shelf products, perhaps some exploit dev as well... mixed with someone who can stay humble and share knowledge to help vuln reserach/software devs/colleagues.
I lead a team of them - looking for 1 more!🦄
@jackfromeast @sajjadium Unfortunately not for 2025 (northern hemisphere summer) at this stage - I'll shout out if that changes
Part 5 of @j00ru's Windows Registry Adventure is out!
https://t.co/gMRLzReeC9
Incredible depth of knowledge on display, and good to see it shared as a reference with the world ❤️
Great to see Apple quickly patch the MacOS sandbox escape/privilege escalation vulnerability I reported to them. Big thanks to @NedWilliamson, @i41nbeer, and @i41nbeer for all the help :) I'm working on a blog post and hope to release it soon!!
My blog post is now live alongside @amnesty 's joint release, providing remarkable insight into an ITW exploitation campaign!
https://t.co/O3niXxtT6O
Turns out that you can find out quite a bit with just some kernel stacktraces ;)
From Amnesty:
https://t.co/4CeJynhwZ6
If you've ever wondered if one can determine a vuln from just the kernel panic logs, @__sethJenkins (feat. @tehjh & @benoitsevens) have something to share: https://t.co/6ovPlKKI46
Great to collaborate with @amnesty, find vulns and get them fixed: https://t.co/ar40S54mh1
Finding 0day is not the most impactful thing that Project Zero does 😲 — it's sharing knowledge 🧠. One part of that sharing is our tooling work to help other devs and reserachers.
Today's installment, @tiraniddo's updated https://t.co/nLl1d6hr37👍
Blog: https://t.co/pD0bF2Ax7P
@ifsecure's latest blog + tooling on Apple kernel extension fuzzing (including with shoutouts to other projects in this space). Sharing is caring ❤️
The blog post (+tooling) on my Apple kernel extension fuzzing technique that I used to find several AppleAVD AV1 decoder bugs is now public at https://t.co/vjbmlmBZ7U
Last Seen Users on Sotwe
Disney
Seen from Turkey
penggemar janda
Seen from Indonesia
Orçun
Seen from Turkey
sempatik tek erkek
Seen from Turkey
Oska
Seen from Netherlands
cycyugu1
Seen from Germany
M Badra
Seen from Egypt
Cemal Otizbiroglu😛
Seen from Switzerland
Feet Morocco
Seen from Germany
Domestic sub NYC | Houston
Seen from Oman
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers