Olivia
Online
Thomas Garnier
@mxatone
Horizontal Security Lead at Databricks. Worked at Google and Microsoft. Co-creator of Sysinternals Sysmon and Linux KRSI.
Kirkland, WA
Joined November 2010
376 Following
2.6K Followers
4.6K Posts
The #HEXACON2024 talks have started to trickle in on YouTube, go check them out 🔥:
https://t.co/vizf0Jv8rf
@dwizzzleMSFT Is that you?
Blog post about a bunch of bugs we reported over the last couple of years -- https://t.co/uVwm13WsfJ
Serverless compute is now GA! ���
Focus on writing code while we handle the rest. Enjoy fully managed compute infrastructure with fast workload startup, high reliability, and simple operation.
Learn more about our latest updates: https://t.co/BoUREeZxTd
Who to follow
Eloi Benoist-Vanderbeken
@elvanderb
Enthusiast reverse engineer of obfuscated and protected binaries. Exploit things @Synacktiv. Very occasionally on twitter.
Julien Vanegue
@jvanegue
CTO Office / Head of Infra & Security Research @Bloomberg. Interested in mathematical techniques for software, systems, and network analysis at world scale.
`Ivan
@Ivanlef0u
@pacbypass @sweis You can also argue that nation states steal bugs regularly (cf The Shadow Brokers) and fixing them if you think they can easily be stolen is a good idea.
@pacbypass @sweis That's fair. I think it depends on the methodology they used and how much it relies on things that are locked to TAG (vs Google, other vendors or everyone).
There may never have been a day as big as today for indie games.
On the back of mass layoffs of major AAA studios, today more high-profile and under-the-radar gems are releasing on May 9th than any other day in recent memory. They need your support.
Here's a thread of 'em! 🧵
@MayaKaczorowski Did you get Entra ID? Active Directory does not exist anymore, ofc.
I hacked Microsoft's AI bot for healthcare on a Friday night
Within hours I could access data of multiple healthcare organizations, but it didn't stop there
Microsoft fixed the issue, and then I did it again, and again, and again..
Here's the story of Lethal Injection: 💉
Today we released an open source model, DBRX, that beats all previous open source models on the standard benchmarks. The model itself is a Mixture of Experts (MoE), that's roughly twice the brains (132B) but half the cost (36B) of Llama2-70B. Making it both smart and cheap. Since only 36B expert parameters are used live, it's close to twice the speed (tokens/seconds) of Llama2-70B. We're excited to build custom versions of this for organizations that have proprietary data! Check it out!
https://t.co/KA5rLaCnQx
@sweis Reminded me of the duqu / Stuxnet bug. I didn't know before that TTF uses a VM to draw the glyphs. Create great R/W primitives.
The fact that they developed a complete zero-click to kernel chain, JUST to then force the device to open a web page to trigger the "real" chain, is the most bureaucratic exploit I can imagine 🙈
https://t.co/ZCZqQfRUoE
As good a time to say this as any: if you’re on the AI research job market, Databricks is hiring, with the mission to democratize AI. We power amazing customer use cases and we publish. Check https://t.co/CJ6XetvVCU or reach out.
The founders of Databricks put together this strategy blog on where we think data platforms are headed in the future. We're moving Databricks quickly in this direction. This is very exciting and is the outcome of the MosaicML acquisition we did earlier this year!
https://t.co/EyO9H7I8Tc
@MrDBCross It depends on people but I assume some people are amazing at finding issues and find it hard to develop skillsets on the engineering side. Similar to some engineers not really into security.
100%. Every security researcher should learn to code. It helps to understand how hard something is to fix. Security and engineering can partner better, get rid of classes of issues or lower the chances of common mistakes.
Advice to juniors or those looking to get into security:
Learn to code
Software is at every level of the stack. Strong software engineering skills will serve you well throughout your career. I would rather teach a strong software engineer security over teaching a traditional security person how to software, any day.
Although my background is in vulnerability research, this is not only applicable to finding vulns, appsec, etc. Security operations, network security, etc. automation is the future (current in mature orgs).
There are some legacy security professionals that wear “I don’t code” as a badge of honor, but they’re dying out. Just like traditional system administration was replaced by devops.
The way Kaspersky wrote this, it's an interesting case study of defenders working out how to capture a zero-click exploit. I especially like that Kaspersky said what they tried that *didn’t work*, in addition to what did ultimately work. Let’s dive in with a thread!
Web Security vs. Binary Exploitation
Last Seen Users on Sotwe
سوداني جدة
Seen from Canada
Karachi bull
Seen from Netherlands
Starlightkitten19
Seen from Korea
balım cancd
Seen from Turkey
محمد العنزي ٢٥
Seen from Egypt
Thai Girls Wild
Seen from Germany
Masti Khan
Seen from Pakistan
Minnaminnie
Seen from Netherlands
beck (big)🔞
BALIKESİR olgun kapalı kadın siker
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers