Olivia
Online
sabotage
@saab_sec
Nighthawk dev team @Mdseclabs
xxxxx
Joined March 2020
267 Following
798 Followers
119 Posts
Pinned Tweet
Hello community, I will be posting write ups on my new website https://t.co/rZyZLrZAKR . You can read all my old posts there.
Thank you for all the support and love!
#cybersecurity #malware #Windows #threatintell
Fresh research from the team (@vkamluk / @juanandres_gs) - this one goes back quite awhile!
fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
https://t.co/cR83vHEzWo
@daaximus Interesting topic and a very well detailed write up! Thanks for mentioning my stack series post :)
I decided to commit another part to the Applied Reverse Engineering series with an article diving into rolling your own primitive tracer for discrete purposes; coupled with an analysis on outrunning integrity checks.
https://t.co/GjIZpjhVzw
Who to follow
Our latest post on the blog details a Windows EoP courtesy of @filip_dragovic... "Total Recall – Retracing Your Steps Back to NT AUTHORITY\SYSTEM" - https://t.co/zpk744Jeit
My thoughts are yes, red teaming has got significantly harder over the last few years. The knock on effect is:
1) engagements need more time,
2) teams who don't invest heavily in R&D (either in-house or outsourced) will be left behind,
3) there's less things shared publicly as a consequence,
4) lots of teams have tried to compensate by assuming breach, which as a result has led to less innovation in the IA space
However, I disagree that IA is anywhere near dead even targeting the top 1%. The vast majority of our engagements have a large IA component and we're still successful in >75% of cases. Yes the points mentioned are a pita - AWL is a great control, but there's equally a plethora of file formats that support scripting; get creative - Yes MOTW restricts some things - but there's a variety of ways around it if you're creative (and I'm not talking about ISOs 🙄)
Don't do this. Don't make this mistake. Do something cooler. Listen to your peers when they recommend reviewing other peoples research.
https://t.co/xzWsYY6GRg
One of the new features we built for #Nighthawk customers is HawkEye. This is an AI bot built on Opus 4.5 that uses RAG to ingest all the #Nighthawk documentation, sample profiles, APIs, and sample source code. It's able to help explain features, build profiles, write source code for modules and much much more...
Want to consume Microsoft-Windows-Threat-Intelligence but Antimalware-PPL getting you down? No problem! I will post a blog & POC soon - but this allows you to consume Threat-Intelligence without PPL _and_ w/o any kernel patching/driver loading gymnastics! Only need admin!
Whether you're learning x86 instruction encoding or writing YARA rules, ZydisInfo is an amazing (yet slightly underrated) tool for the job.
Today, we’re releasing watchTowr Labs’ @chudyPB’s BlackHat .NET research, owning Barracuda, Ivanti and more solutions.
Enjoy the read as Piotr explains a new .NET Framework primitive, used to achieve pre- and post-auth RCE on numerous enterprise appliances.
https://t.co/UvsetqL5yj
New blog by Outflank’s @KyleAvery: Linux process injection leveraging seccomp to inject shared libraries into Linux processes without LD_PRELOAD, ptrace nor elevated privileges.
Parent-to-child injection at any ptrace_scope level ��😎
Tech details here: https://t.co/aSv7XlT1Ah
Thank you all for helping me choose the cover for the Go Concurrency book. I didn't expect so much participation, and I really appreciate it!
Here's the final version, along with the table of contents.
Low-Level Software Security for Compiler Developers
If you ever wanted a textbook-style guide to memory safety bugs, undefined behavior, exploit mitigations, side channels, etc.
All in one spot, this free book is it:
https://t.co/XfY21Uzen1
@5mukx Thx for the shout out mate! :)
New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare
https://t.co/pFCt9iJRGP
@domchell Didn't know this is how detection worked!!😅. learning something new everyday!
New research from @jdu2600: a clean loader-lock escape using the PEB's PostProcessInitRoutine.
Read the analysis and PoC code 📃 https://t.co/eEYuyPggbR
@Danukeru @Octoberfest73 @MDSecLabs Because I am using addPreEmitPass() hook which gets initialized before any plugin is loaded. The pass in your project works at the IR level, not touching any backend components directly.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers