Olivia
Online
Roi
@rmallof
Low-level AppSec. y = F @ x + B @ u
Galicia
Joined August 2010
2.9K Following
935 Followers
3.6K Posts
Pinned Tweet
CVE-2018-1009 | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability https://t.co/DIEryjUZQR
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://t.co/yp5WJxQZF1
MAD Bugs: Finding and Exploiting a 21-Year-Old Vulnerability in PHP
@i0n1c was "the PHP security guy" twenty years ago, so we thought it'd be fun to welcome him with a fresh unserialize UAF.
https://t.co/9ErxpKSELx
The fuzzer that found https://t.co/Y5DOo7QGHE (and a number of issues prior to that as well) is now open-source: https://t.co/zCdbHCpJ4z
It uses pkeys, trap-handling and single-stepping to intercept and mutate in-sandbox reads (see trap-fuzzer.h). Definitely had fun writing it!
Some of the bugs I disclosed to MSRC last year is now public on the company's advisory page.
E.g: CVE-2025-47985 Windows Event Tracing Elevation of Privilege
https://t.co/G6eCy2E1kt
V8 Sandbox Bypass: Memory corruption during BigInt division https://t.co/HYcPDP1Nz7
The situation in Spain where LaLiga can force ISPs to ban any IP range they want without a court order is ridiculous and so aggressively anti-internet that it's causing real harm to Spain's citizens.
Docker is one thing, but the other comments in this HN post are way worse (anti-theft alarms, apps for helping people suffering from dementia). It's horrible that clouds that serve multiple sites from the same IPs are being strong-armed into either taking down anything LaLiga wants without a court order or suffering mass ip blocks.
It's hard to believe that the "~80%+ of the internet is blocked in Spain during football games" claim is true - but it is!! And has been for years.
The government is sabotaging their complete digital economy... for La Liga, a private football org worth €5B. Pure madness
Spain's egregious Cloudflare blocks are breaking Docker now 💀
OSS-Fuzz and LLM-powered agents are pushing vulnerability research toward an "efficient market hypothesis" (EMH)-like dynamic
Eventually, will be no longer an artisanal craft but a high-frequency, information-efficient "market" driven by automation, where capital and speed win
LLMs are reshaping software dev. I don't buy "the end of software dev": Project ambition will grow dramatically.
Ancient Egyptians could build the Pyramids but not the Empire State Building.
Pre-LLM software will be viewed like we view the Pyramids.
🖤
Brilliant article by @profplum99 - I don’t think this could have been articulated anyway possibly better.
https://t.co/UpG6MwvmiM
@FFmpeg So now we have read/write stack-based buffer overflow. Game over.
Fuzzer and complete explanation can be found on my github:
https://t.co/7m0i6Dmvud
@__sethJenkins broke kASLR by doing … nothing 😩
https://t.co/hxPzVTC1RN
https://t.co/op5s4ZikGJ is fully open source, so anyone can use it for anything at no cost
Today I am releasing a new blog on Windows on ARM! It comes from the perspective of one, like myself, who comes from an x86 background and is new, but, interested in Windows on ARM! ELs, OS & hypervisor behavior (with VBS), virtual memory, paging, & more!
https://t.co/jUHls4wupu
Serious bugs often occur in third-party components integrated by other software. @ifsecure and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click.
https://t.co/LchMIdKP0P
Geostationary satellites are leaking critical data, transmitting sensitive communications in the clear. With just $800 of consumer hardware, researchers intercepted military, telecom, retail, and infrastructure traffic. No state-grade tools required. Captured data included full voice calls, SMS, IMS signaling, SIP, RTP, and GTP tunnels—unencrypted, no IPsec, no TLS. Telecom backhaul exposed user messages, phone numbers, session keys, and IMSIs. Mexican military traffic leaked live telemetry, asset positions, logistics, and narcotics intelligence—broadcast openly across half a continent.
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers