Olivia
Online
kost
@k0st
Security/Hack. FLOSS security software contributor.
Joined May 2008
3.1K Following
1.7K Followers
11.9K Posts
We recently achieved guest-to-host escape by exploiting a QEMU 0day.
We’ll share details on a new technique leveraging the latest glibc allocator behavior and what we believe is a novel QEMU-specific heap spray/RIP-control primitive.
Writeup coming next week.
@antoniozekic zvuci kao da si iskopao neki gadni 0 day :-p
Who to follow
BruCON 
@brucon
Belgian Information Security Conference | #BruCON0x12 (18th edition) Spring Training 22-24 April 2026 | Training 21-23 Sept - Conference 24-25 Sept 2026
EchoDaemon
@EchoDaemon
Security Researcher. Reminiscing the days of "C:\con\con" and people are terrible parsers. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Costin Raiu
@craiu
Cybersecurity researcher focused on threat intel & APTs. Breaking down attacks, hunting threats, and crafting YARA rules. Buddy @ Three Buddy Problem
#BalCCon2k25-Against the current is just around the corner on 19| 20| 21 September 2025!You don’t want to miss: @travisgoodspeed @MalwareUtkonos @gannimo @herrmann1001 @joegrand @GMahovlic @Th3PeKo @micko_mame @k0st …Secure your spot now at : https://t.co/iLimMI2ofx #BalCCon
GitHub - cisagov/decider: A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. https://t.co/saqdOxbpzm
The entire 3rd-edition of @rossjanderson's "Security Engineering" is available free as PDFs now!
https://t.co/4Mjd9TOzUp
See you in Zadar this week!
[SPEAKER ANNOUNCEMENT]
BSides Zadar welcomes @k0st!
Vlatko will uncover unique strategies in his talk:
"Secrets of Password Cracking - Croatian Edition"
🗓️ Sept 13 | 📍 Hotel Kolovare, Zadar
#BSidesZadar #CyberSecurity #BSides
![BSidesZadar's tweet photo. [SPEAKER ANNOUNCEMENT]
BSides Zadar welcomes @k0st!
Vlatko will uncover unique strategies in his talk:
"Secrets of Password Cracking - Croatian Edition"
🗓️ Sept 13 | 📍 Hotel Kolovare, Zadar
#BSidesZadar #CyberSecurity #BSides https://t.co/IblLRBbBG7](https://pbs.twimg.com/media/GWvHAG8XoAAUe5U.jpg)
A great write-up on Linux process name stomping techniques from @haxrob
h/t @thoughtb0x
https://t.co/U1R4lHE02G
A 13 year old coded a botnet control framework that utilizes pastebin and github for control of hosts in red teaming…
This makes the hacker in me so hopeful.
Check out pastebomb when it’s dropped!
PoC Exploit Released for 0-day Windows Kernel
of Privilege Vulnerability (CVE-2024-21338) : https://t.co/vBcaCQ9MSi
https://t.co/vHofGL819e
Details : https://t.co/ngV9GWaYDU
@vladimircicovic @GMahovlic @ivanmarkovicsec Pogledaj Davida / h1kari, on je radio čuda, a lokalno ti je @KatjaPericin imala projekt jako davno oko fpga i kriptoanalize (za jtr mislim). gpu je nekako u zadnje vrijeme uzeo primat za tu namjenu...
Btw, you don't need a Flipper Zero to "hack" dumb radio protocols. The piece of wire is enough.
Check out how to receive and decode 433MHz radio signal just with a PC sound card.
Photos: @BSidesZagreb 2024 - https://t.co/qHE0ynxe7B - @bojanz @infigois @advocatemack @GitGuardian @solardiz @k0st @Divertosecurity @mdecrevoisier @cocomelonckz @SrceHr #BSides #BSidesZagreb #cybersecurity #conferences #EU
Bluetooth vulnerabilities in Android, Linux, macOS, iOS and Windows can be exploited to pair an emulated bluetooth keyboard and inject keystrokes without user confirmation : https://t.co/9nP22p69wW credits @marcnewlin
Slides : https://t.co/IjzxL1QStj
CVE's :
CVE-2024-0230
CVE-2023-45866
CVE-2024-21306
New blog post is out! Extracting the SecOC keys used for securing the CAN Bus on the 2021+ RAV4 Prime. https://t.co/iWCiZumQCH
Research started all the way in 2022, but took many evenings of reverse engineering to get code execution.
PoC: https://t.co/ZCDH9EaJjm
Researchers create AI worms that can spread from one system to another : https://t.co/5oMH3qx5cQ
ComPromptMized : Unleashing Zero-click Worms that Target GenAI-Powered Applications : https://t.co/5oMH3qx5cQ
Paper : https://t.co/g1t0h2EFGw credits @ben_nassi
@jduck Covered all in presentation, but in short: CPU with Intel CET/AMD Shadow stack support, Linux kernel 6.6+, glibc 2.39+, ELF binary compiled with x86 feature: SHSTK (all 64 bit!). Yep, it needs recompilation, but some distros (like Ubuntu) already correctly compiled some binaries.
Presented Shadow Stack in Linux userland backed up with Intel CET. Finally, full stack (hardware, kernel, glibc, gcc) is now available!
Here’s @k0st discussing Linux improvements in memory corruption based protections at @bsideszagreb
#bsides #bsideszagreb @Divertosecurity @SrceHr
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers