Olivia
Online
Michael Torres
@micrictor
Security @Databricks.
Security @USMC.
Joined June 2014
367 Following
168 Followers
187 Posts
@TheHackersNews It isn’t fair to say there’s a “full ASLR bypass” when it depends on the web service (PHP app in the GIF) having a LFI vulnerability. Chaining vulnerabilities is how these things get done, sure, but intentionally making a new vulnerability in the served app seems dishonest to me.
Was it just as bad when CheckPoint found a DoS bug in the exact same subsystem by hand?
https://t.co/HCu2m6GB0C
I don’t have access to Mythos, but I tried bug-hunting with Opus. The bugs I got back were fake, the model output claimed to have confirmed them, and I found two real GHSAs/CVEs for the same fake “issue”. Was that a model issue, a harness issue, or both?
https://t.co/9KkX19nZsG
Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software.
It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans.
https://t.co/NQ7IfEtYk7
I took some time over the holidays and ran an experiment where I "forced" an LLM to remember strings verbatim.
The perplexity of the target string had a large impact on if the model could "memorize" it, and "memorizing" a high-PPL string broke the model.
https://t.co/nlrOMknatv
Who to follow
Rawsec Inventory Bot
@RawsecBot
The Rawsec's CyberSecurity Inventory bot that post a tool or resource per day. Bot Source: https://t.co/Z8Rdcksquz
BlueSpace
@BlueSpaceSec
El crimen no descansa, el BlueSpace tampoco.
Nuestra web: https://t.co/v5JyF9n1Jh
Nuestro Telegram: https://t.co/5D6Jm4j4rH
Jacob Gajek 
@jgajek
Principal Security Researcher @esentire. AI | EDR | DFIR. AI-enfeebled and economically irrelevant. Tweets are my own.
I created a local-only AI assistant for the terminal. It doesn't require you to use a different terminal emulator, and it runs pretty fast (<10s to generate commands) without shipping your data to some remote API. https://t.co/2SM3xLWa2I
With millions of installations, BTPanel is a prime target for security researchers. In our new guest research article, @micrictor explains how he found an MFA bypass vulnerability in BTPanel. Read the full research by Michael Torres: https://t.co/KTEBoMQSKz
@spoofyroot Is there a plan to make Sudo compatible with Administrator Protection? Based on what’s on GitHub, Admin Protection would break Sudo since they check for a matching SID between the unpriv and priv process.
At DEF CON this year, I presented the results of some research I did into Sudo for Windows. With the recording now available on the DEF CON media server, I wrote up my research in a blog post, covering four bugs - even a memory safety bug in Rust.
https://t.co/0B0Br9hcnY
@b_sendpacket @ForensicITGuy It does not. A regularly encrypted archive will open but error if you try to actually read a file, while a header-encrypted archive will fail outright.
In the last 40 days, I've taken 16 flights and visited 3 countries, as a part of @marforres. Now, back to work at @Google.
https://t.co/Cnf4at0I3N
🏆Love me some President’s Cup Competition! Truly unique opportunity to bring together a network of cyber warriors across the federal government for 😇friendly😈competition & a whole lotta learning! And great to see the Mighty @780thC among the winners! https://t.co/0xQ7xKQi6J
REMINDER: Join us tomorrow at 12:30 PM EDT. Don’t miss our upcoming CISA Live! CISA Competitions Section Chief Michael Harpin will discuss the President’s Cup and how cyber competitions are a training resource.
More details here: https://t.co/8LXRS7NEjO
@ImposeCost The Marine Innovation Unit can always use more Marines with years of experience innovating in the private sector…
@ImposeCost The CISA folks can confirm this, but I started off every challenge opening notepad and creating my todo list.
1. Wake up
2. Be a member of the worlds finest fighting force
3. Eat a crayon
???
5. Profit
Thanks @CISAgov for a great competition again this year, and @Google for supporting me as I balance being a member of @marforres and a Googler.
Looking forward to participating again next year!
Congratulations to U.S. Marine Corps Staff Sergeant Michael Torres for winning Track B today with a perfect score and making history as the first individual to win the #PresCup more than once. Today kicks of day 1 of the Teams round to see who will escape with the top score.
@j2k3k Air strike when
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers