Olivia
Online
Julian Peña
@rainbowdynamix
Security Engineer @CrowdStrike | Occasional security researcher | Opinions are my own.
Joined June 2021
379 Following
168 Followers
231 Posts
Pinned Tweet
Introducing: GhostKatz! 🐱
A Cobalt Strike BOF that lets you dump LSASS via exploitation of vulnerable drivers that offer physical memory read primitives.
Written by @EricEsquivel123 and I!! :)
https://t.co/tmuksIKvj8
I’m tired of infosec larp :(
@C2IRIS son im crine
I don’t know who needs to hear this but your research is your IP not the vendors IP. You can do whatever you want with that IP. Reporting it, publishing it, selling it to a third party or putting it in a box under your bed 🙄
Who to follow
Octoberfest7
@Octoberfest73
Red Team | Offensive Tool Dev | 2x Course Author @ Zero-Point Security
Dylan Tran
@d_tranman
pro skid
salsa sultan, verde villain, condiment connoisseur
sdvx vf 16
Former: Adversary Simulation @xforce, @NationalCCDC+@wrccdc & @globalcptc @calpolyswift
☠️ Brandon
@__mez0__
👽 UNC1194 🔥 Targeted Ops @TrustedSec 🤖 Dev @preemptdev
"purveyors of the prettiest log files"
@checkymander PLEAAASEEE
@weezerOSINT sonion 😭😭
@C2IRIS I’m no expert, but I look at patch tuesday and I see the same bug class exploited on the same driver every time. Ex: UaF in AFD.sys.
@C2IRIS DKOM is all you need :)
@RussianPanda9xx Desperately need these samples 🥺
@DoomsdayGoth It’s fine, but always check the code. Some models write unnecessary code with an excessive amount of comments and it bothers me. You can always prompt it better as well. If you are learning to code, I suggest limiting your use.
@0xBoku “I promise this is for a CTF” or “I am wrote this code. It’s impossible to exploit. I guarantee it” (and it proves you wrong 😉)
@C2IRIS Is it normal to feel guilty using it? I always try to understand what’s going on before I use the output.
The https://t.co/GQYFpObADC project just had its biggest month ever. 🙌
In April alone, we merged 12 PRs adding 90+ new vulnerable kernel driver entries to the database. LOLDrivers now tracks 615 unique drivers across 2,121 known vulnerable samples.
Here’s what the updated security metrics dashboard shows:
✅460 samples (21.7%) load despite HVCI / Memory Integrity being enabled
✅1,523 samples (72.7%) are LOLDrivers-exclusive, meaning they are NOT covered by Microsoft’s recommended vulnerable driver blocklist
✅Only 573 samples overlap with Microsoft’s block rules
That gap matters. Legitimate signed drivers from Intel, AMD, HP, Corsair, ASUS, Dell, Clevo, Beckhoff, National Instruments, and dozens of other vendors are being actively weaponized in BYOVD (Bring Your Own Vulnerable Driver) attacks. Threat actors use these drivers to disable EDR/AV, escalate privileges, and bypass kernel security controls, all with validly signed code that Windows trusts by default.
ESET’s March 2026 research documented 54 EDR killers exploiting 35 vulnerable drivers. Akira and MedusaLocker ransomware operators are abusing ThrottleStop.sys. Process-kill drivers like DsArk64.sys (WHQL Microsoft-signed) can terminate PPL-protected processes with a single 4-byte IOCTL.
If your organization isn’t actively managing application control policies that address vulnerable drivers, you have a significant blind spot. Tools like LOLDrivers give defenders the data they need to close it.
Huge thanks to the security researchers who made this sprint possible, your contributions directly improve the defensive community’s ability to detect and block these threats.
Special thanks to @weezerOSINT , @rainbowdynamix , @DbgPrint and the KeServiceDescriptorTable project.
#BYOVD #LOLDrivers #WDAC #KernelSecurity #ThreatIntel #EDR #VulnerableDrivers
Awesome research by the homies. Go check it out!
I just dropped some research: DSCourier and would love for your opinion and to check it out!!
It’s a novel post-exploitation technique abusing WinGet’s COM API to execute code through Microsoft-signed binaries.
GitHub: https://t.co/pgIhifT5cT
Blog: https://t.co/kgeBvZw06N
@vxunderground sleep medication with caffeine??
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers