Opcode @opcode_osi - Twitter Profile

Pinned Tweet

Opcode @opcode_osi

about 1 month ago

Top 5 on HTB was a huge checkmark on my bucket list. We're so back!

Hack The Box

@hackthebox_eu

about 1 month ago

Let's give it up to the players who took the top spots in Season 10's leaderboard. In an absolute shock, we are seeing some new faces on here! Congrats xtk for going from rank #135 last Season to claiming the top spot. That is a jump for the record books. JaxT way to climb to the leaderboard for your very first time. Based on your history, it looks like you finally found the time to give it your all. And Pyp, you've made it to the top 10 in the winners' circle. Slow and steady wins the race; the top spot is within your grasp. Congrats to everyone who participated. We look forward to seeing you next Season. 🤘

hackthebox_eu's tweet photo. Let's give it up to the players who took the top spots in Season 10's leaderboard. In an absolute shock, we are seeing some new faces on here!

Congrats xtk for going from rank #135 last Season to claiming the top spot. That is a jump for the record books.

JaxT way to climb to the leaderboard for your very first time. Based on your history, it looks like you finally found the time to give it your all.

And Pyp, you've made it to the top 10 in the winners' circle. Slow and steady wins the race; the top spot is within your grasp.

Congrats to everyone who participated.

We look forward to seeing you next Season. 🤘

4

119

7

12

8K

4

45

1

2

1K

opcode_osi retweeted

John Scott-Railton

@jsrailton

about 11 hours ago

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me https://t.co/f3Aj9TYxU4

jsrailton's tweet photo. NEW: malware developers added nuclear & biological weapons text to to their spyware.

Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner.

Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky.

When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit.

We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted.

In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation.

H/T to colleagues that shared this with me https://t.co/f3Aj9TYxU4

166

8K

1K

3K

863K

opcode_osi retweeted

Two Seven One Three

@TwoSevenOneT

4 days ago

New #redteam tool for blocking EDRs: EDRChoker Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events #pentest #cybersecurity Github: TwoSevenOneT/EDRChoker

TwoSevenOneT's tweet photo. New #redteam tool for blocking EDRs: EDRChoker
Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events
#pentest #cybersecurity
Github: TwoSevenOneT/EDRChoker

22

702

173

543

102K

opcode_osi retweeted

🕳 @sekurlsa_pw

4 days ago

Padding Oracle in MS-BKRP (BackuprKey RPC) “decrypt DPAPI v2/v3 domain backup blobs via distinguishable error codes on the DC's BackuprKey endpoint.” You need the masterkey in users roaming dir: Roaming\Microsoft\Protect\<SID>\<GUID> Creds: Bad-Jubies https://t.co/oohapnM0HP

1

78

26

49

5K

Who to follow

opcode_osi retweeted

4 days ago

Bookmarking @HackingDave AI model regression site. This is useful. For now Opus 4.8 is my daily driver followed by a few frontier models. It’s an exciting time for AI to assist me in research. https://t.co/hMLE1R4T7k

0

18

5

12

2K

opcode_osi retweeted

Panos Gkatziroulis 🦄

@ipurple

4 days ago

Shellcode Loaders - Advanced Execution & Evasion Tradecraft https://t.co/H52oGmW83a

1

219

58

170

9K

opcode_osi retweeted

Jonas L

@jonasLyk

6 days ago

https://t.co/AeIdwj23cp

17

478

162

269

77K

opcode_osi retweeted

Robin Granberg @ipcdollar1

7 days ago

Regarding Active Directory permissions, most people assume that a Deny ACE always wins. It doesn't! Windows stops the access check the moment enough rights are granted — any ACE after that point is never evaluated. New post: https://t.co/aNYAd6tlxz

1

18

7

4

2K

opcode_osi retweeted

Altered Security

@AlteredSecurity

8 days ago

Bootcamp Giveaway We're giving away 1 CARTP® Bootcamp seat and 1 CRTP® Bootcamp seat to two participants. Join live, hands-on training in Azure Red Teaming or Active Directory security. How to participate: • Like & follow us • Comment your preferred bootcamp and why • Repost Winners announced June 4, 2026 Limited-Time Bonus: Enroll in CARTP® (Starts June 5) or CRTP® (Starts June 6) and get 10 extra days of lab access (worth $150+). Applicable for the first 30 purchases only. https://t.co/i8fC4WqJuI #CyberSecurity #RedTeaming #InfoSec #AlteredSecurity

72

83

63

8

4K

Opcode @opcode_osi

8 days ago

@AlteredSecurity CRTP because on-prem ftw

0

60

opcode_osi retweeted

0xor0ne

@0xor0ne

11 days ago

DirtyCBC: Local root shell on Linux using a page-cache poisoning primitive in AF_RXRPC’s RxGK path (@DelphosLabs). https://t.co/JVV2flSBO4 #infosec

1

85

20

44

5K

opcode_osi retweeted

vx-underground

@vxunderground

13 days ago

Chat, I don't want to be that guy, but I think Microsoft has really pissed off security researchers and we're approaching the tipping point. This Eclipse guy has really rocked the boat for Microsoft.

vxunderground's tweet photo. Chat, I don't want to be that guy, but I think Microsoft has really pissed off security researchers and we're approaching the tipping point.

This Eclipse guy has really rocked the boat for Microsoft. https://t.co/y7wOvB2UYh

118

4K

519

744

163K

opcode_osi retweeted

Kabir Acharya @Kabir4charya

about 1 month ago

I've been seeing posts all over about the state of CTFs post-LLM. I've seen many attempts to explain why this is just a new evolution of CTFs, but I fundamentally disagree. I believe the original spirit is gone and I've written why in my blog. https://t.co/tgUZOGkhGV

10

205

37

81

39K

opcode_osi retweeted

Nightmare Eclipse @ChaoticEclipse0

26 days ago

It's confirmed, CVE-2020-17103 patch is ineffective and the vulnerability still exists, A weaponized PoC can be found here - https://t.co/7hnamkLsS1 Tested against fully patched Windows 11 and Server 2025 machines.

7

612

141

308

94K

opcode_osi retweeted

vx-underground

@vxunderground

26 days ago

Another Windows zero day released by Nightmare Eclipse (sort of) It turns out Microsoft just straight up didn't patch an old CVE from 2020 correctly. https://t.co/sNWBtTo4at

19

2K

196

382

81K

Opcode @opcode_osi

27 days ago

@vxunderground @NathanMcNulty #selfdocumentingcode 😶‍🌫

0

1

0

410

Opcode @opcode_osi

27 days ago

@gynvael @IceSolst

0

4

0

171

opcode_osi retweeted

delivr.to

@delivr_to

28 days ago

HTML smuggling: JavaScript inside an HTML attachment reconstructs a malicious file at render time. The browser writes it to disk. The mail gateway only ever scanned an HTML file with some script tags. Thread on what's changed since 2023 ↓

1

9

4

5

2K

opcode_osi retweeted

Nightmare Eclipse @ChaoticEclipse0

29 days ago

Two more zerodays - https://t.co/kUgSQqq0s8

9

477

119

194

65K

opcode_osi retweeted

International Cyber Digest

@IntCyberDigest

about 1 month ago

‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy. ▪️ AI surfaces a massive wave of 0-day RCEs. ▪️ Submissions overwhelm ZDI past max capacity. ▪️ Slots run out. Researchers with working chains get rejected. ▪️ "Revenge disclosures" begin. ← we are here. Confirmed casualties so far: ▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land. ▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla. ▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere. ▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel. ▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected. ▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected. Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in. ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

IntCyberDigest's tweet photo. ‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.

Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.

▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.

Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.

Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.

ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

31

2K

379

642

413K

opcode_osi retweeted

Panos Gkatziroulis 🦄

@ipurple

about 1 month ago

Yesterday, I published a deep‑dive into how adversaries abuse the 𝐂𝐫𝐨𝐬𝐬-𝐒𝐞𝐬𝐬𝐢𝐨𝐧 𝐀𝐜𝐭𝐢𝐯𝐚𝐭𝐢𝐨𝐧 mechanism to execute code under another user’s interactive session, including some novel CLSIDs to use. ️ The 𝒒𝒖𝒔𝒆𝒓, a built‑in Windows utility, can enumerate active sessions on remote & local hosts. It works, but only one host at a time can be enumerated, which slows down the enumeration stage. 🛠️ 𝐀 𝐍𝐞𝐰 𝐎𝐩𝐞𝐫𝐚𝐭𝐨𝐫‑𝐅𝐨𝐜𝐮𝐬𝐞𝐝 𝐂𝐚𝐩𝐚𝐛𝐢𝐥𝐢𝐭𝐲 In the article, a 𝐭𝐨𝐨𝐥 (private at this stage) was introduced that can: 🔍️ Enumerate active sessions 𝐚𝐜𝐫𝐨𝐬𝐬 𝐚𝐧 𝐞𝐧𝐭𝐢𝐫𝐞 𝐈𝐏 𝐫𝐚𝐧𝐠𝐞 ⚡️ Quickly identify hosts suitable for Cross‑Session Activation 🎯 Reduce manual enumeration and accelerate target selection ✒️ 𝐑𝐞𝐚𝐝 𝐭𝐡𝐞 𝐟𝐮𝐥𝐥 𝐚𝐫𝐭𝐢𝐜𝐥𝐞 https://t.co/KFufbAvUNW

ipurple's tweet photo. Yesterday, I published a deep‑dive into how adversaries abuse the 𝐂𝐫𝐨𝐬𝐬-𝐒𝐞𝐬𝐬𝐢𝐨𝐧 𝐀𝐜𝐭𝐢𝐯𝐚𝐭𝐢𝐨𝐧 mechanism to execute code under another user’s interactive session, including some novel CLSIDs to use.
️
The 𝒒𝒖𝒔𝒆𝒓, a built‑in Windows utility, can enumerate active sessions on remote & local hosts. It works, but only one host at a time can be enumerated, which slows down the enumeration stage.

🛠️ 𝐀 𝐍𝐞𝐰 𝐎𝐩𝐞𝐫𝐚𝐭𝐨𝐫‑𝐅𝐨𝐜𝐮𝐬𝐞𝐝 𝐂𝐚𝐩𝐚𝐛𝐢𝐥𝐢𝐭𝐲
In the article, a 𝐭𝐨𝐨𝐥 (private at this stage) was introduced that can:
🔍️ Enumerate active sessions 𝐚𝐜𝐫𝐨𝐬𝐬 𝐚𝐧 𝐞𝐧𝐭𝐢𝐫𝐞 𝐈𝐏 𝐫𝐚𝐧𝐠𝐞
⚡️ Quickly identify hosts suitable for Cross‑Session Activation
🎯 Reduce manual enumeration and accelerate target selection

✒️ 𝐑𝐞𝐚𝐝 𝐭𝐡𝐞 𝐟𝐮𝐥𝐥 𝐚𝐫𝐭𝐢𝐜𝐥𝐞
https://t.co/KFufbAvUNW

0

69

17

50

4K

Opcode

@opcode_osi

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users