Olivia
Online
Rohit Mothe
@rohitwas
Security Re..(dare i say it?) , struggling janitor. tweets,replies,retweets,likes,DMs entirely my own doing, undoing
Seattle, WA
Joined October 2009
157 Following
792 Followers
663 Posts
At @defcon 33, George Hughey (@ecthr0s) and Rohit Mothe (@rohitwas), Senior Security Research Managers at MSRC, took us back to the 90s with their talk on the ghost of Internet Explorer in Windows: MapUrlToZone.
They uncovered how this legacy API, used by Outlook, Office, Windows Shell, and sandboxes to make security decisions, was vulnerable to manipulation. Their deep dive revealed a dozen CVEs and led to systemic mitigations across Microsoft platforms.
Learn how MSRC’s technical investigations drive proactive protection for customers and why legacy code still matters in the slides available here: https://t.co/DSORcAoePz
#DEFCON #DEFCON33
Looking to hire 2 experienced Security Researchers in the US for the Exploits Research Team within the Microsoft Security Response Center (MSRC)
Senior Security Researcher
https://t.co/po3EwcKeyt
Security Researcher II
https://t.co/iFpxJ4uBIq
@ecthr0s happy to see this go out! great change that should mitigate a good chunk of these issues 😊
Who to follow
Andrea Allievi
@aall86
Currently Senior Windows Core OS Engineer, Windows Internals Enthusiast and Book author, tennis lover, currently working for MS. Opinions and tweets are my own.
KevinLu
@K3vinLuSec
Bluehat Speaker, Vulnerability Research, Malware Analysis, Reverse Engineering on macOS, Android, Windows, IoT(Views represented are solely my own)
Walied Assar
@waleedassar
Reverse Engineer / Malware & Vulnerability Researcher / SOC Analyst / Pharmacist / Fisherman
This week's Patch Tuesday included 8 CVEs that @rohitwas and I found!
We've been focusing on findings ways to bypass MapUrlToZone and found several very interesting ways to confuse it. This is an API we've seen a lot of interest in lately, so good to have it locked down!
To help protect against NTLM relay attacks, we’ve enabled Extended Protection for Authentication (EPA) by default in Windows Server 2025. This update strengthens key services like Exchange Server, Active Directory Certificate Services (AD CS), and LDAP, making identity compromise and unauthorized access more difficult.
Learn more about these security improvements and how they can help protect your systems in our blog post: https://t.co/Ri1wnV8xkG
@ecthr0s impressive work! u ll cruise past 100 soon
MSRC V&M is expanding and is looking for a leader who can guide team of hackers in tackling challenging problems in the areas of Open Source, Supply Chain and Hardware security. If you have the skills and passion for vulnerability management. Apply Now @
https://t.co/3vGh7Lvr7c
@BillDemirkapi ❤️ did you get the decompiler as well?
@AdmVonSchneider does BinDiff have an option for a patch diff view comparing the HexRays decompiled pseudocode of both binaries? I wasn’t able to last time i used it.. both Diaphora and ghidriff seem to support it
@symeonp @coalfire @XI_Research congrats!! XI is lucky to grab you, looking forward to seeing more great research
@lcamtuf “dream of the 90s is alive in Qualys “ 🎶
MSRC Vulnerability and Mitigation (V&M) team is expanding into exciting challenges of Open-Source vulnerability response and research. This is an opportunity for you to redefine how Microsoft respond and research in this space. Interested? Apply @ https://t.co/STN0gQjBM7
We have our Microsoft STRIKE Capture the Flag winners! Drumroll, please!🥁
Congrats to the top 3 teams:
🥇JasonsJsons
🥈Capture the Food
🥉0xCAFEBABE
#MSFTSTRIKE
Why is the best defense good offense?
like..why is the best defense not the best offense, how does a superlative in one domain equate to merely “good” in another…
#RandomThoughtsThursday
@ecthr0s congrats George! looking forward to the conference talk,wherever it happens to be ;)
Yesterday's Patch Tuesday saw the release of 10 CVEs I found in DNS! These could potentially allow an authenticated attacker to gain remote code execution. A huge thank you to the DNS team who worked through and fixed these.
https://t.co/78wxsVh385
Last Seen Users on Sotwe
Pecinta emak emak
Seen from Indonesia
Mira nouri 
ayu cder
Seen from Indonesia
Devin Dickie
Seen from Italy
🫧💗 𝓟𝓵𝓮𝓪𝓼𝓾𝓻𝓮 ~ 𝓓𝓻𝓸𝓷𝓮 💦🫧
Seen from Brazil
binor
Seen from Singapore
عشرينية مراهقة🦋
Seen from Netherlands
Misk 🥀
Seen from Singapore
TÜRK PAYLAŞIM MERKEZİ +18
Seen from Turkey
tuti
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers