Olivia
Online
Viking
@Vikingfr
Joined May 2013
1.1K Following
577 Followers
112 Posts
🇸🇪 Ce jeudi, Claire Vacherot, pentesteuse chez Orange Cyberdefense, prendra la parole lors de l'événement Security Fest, dont nous sommes l'un des sponsors, à Göteborg en Suède.
🎙️ Pour en savoir plus sur son talk 👉 https://t.co/KjWzkxAVsQ
I originally prepared this bug for Pwn2Own Berlin. A few days before the contest, a CVE got assigned. So, here is my technical analysis and exploitation strategy for CVE-2026-40369: a 12-byte kernel increment, exploitable both as an LPE and SBX.
https://t.co/agxyuR2AjE
Who to follow
Thomas Seigneuret
@_zblurx
Red Teamer & Security researcher
Maintainer of #NetExec, #DonPAPI, dploot, certsync, and all the stuff on my github repo
bsky: https://t.co/zISpgvDSWc
Aurélien Chalot
@Defte_
Hacker, sysadmin and security researcher @OrangeCyberdef 💻
Calisthenic enthousiast 💪 and wannabe philosopher https://t.co/SqDDhIGGGh 📖
🔥 Hide&Sec 🔥
Mayfly
@M4yFly
Former Dev and DevOps|
Pentester and red teamer at orange cyberdefense |
OSCE³|
Tweet are my own|
discord: m4yfly
Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)
Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:
https://t.co/V0K5p1Y3wH
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.
This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
I would like to thank Ilfak Guilfanov (@ilfak) and Hex-Rays SA (@HexRaysSA) for their constant and uninterrupted support, which has been vital in helping me produce this series.
The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.
Enjoy the reading and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow
![ale_sp_brazil's tweet photo. Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)
Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:
https://t.co/V0K5p1Y3wH
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.
This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
I would like to thank Ilfak Guilfanov (@ilfak) and Hex-Rays SA (@HexRaysSA) for their constant and uninterrupted support, which has been vital in helping me produce this series.
The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.
Enjoy the reading and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow](https://pbs.twimg.com/media/HHAtmlmWwAE79jn.png)
I checked and it's been 2 years since my last blog post??? So anyway, here's a quick blog post about KDP pool - the latest KDP feature that will replace the secure pool in future Windows versions: https://t.co/EhZmTQ4pfL
CVE-2026-33824: Remote Code Execution in Windows IKEv2 - the folks from TrendAI Research break down this wormable bug that was patched last week. The show root cause & offer detection guidance. Read the details as https://t.co/JDan1spJh7
The Exploiting Reversing Series (ERS) currently features 945 pages of exploit development based on real-world targets:
[+] ERS 08: https://t.co/MPwYP7j8Qt
[+] ERS 07: https://t.co/h18hZC0azl
[+] ERS 06: https://t.co/Sh8pgB4bh8
[+] ERS 05: https://t.co/rdaPMOm4WM
[+] ERS 04: https://t.co/Vf0Fnwf0tc
[+] ERS 03: https://t.co/4lo5Hi0gnd
[+] ERS 02: https://t.co/6SNMK1tBkd
[+] ERS 01: https://t.co/YMTSBl59VC
In the coming weeks, I will publish new articles covering exploration in areas such as Windows, Chrome, iOS/macOS, and hypervisors.
Have a great day and enjoy reading.
#exploit #exploitation #windows #chrome #macOS #iOS #hypervisors #vulnerabilityresearch
![ale_sp_brazil's tweet photo. The Exploiting Reversing Series (ERS) currently features 945 pages of exploit development based on real-world targets:
[+] ERS 08: https://t.co/MPwYP7j8Qt
[+] ERS 07: https://t.co/h18hZC0azl
[+] ERS 06: https://t.co/Sh8pgB4bh8
[+] ERS 05: https://t.co/rdaPMOm4WM
[+] ERS 04: https://t.co/Vf0Fnwf0tc
[+] ERS 03: https://t.co/4lo5Hi0gnd
[+] ERS 02: https://t.co/6SNMK1tBkd
[+] ERS 01: https://t.co/YMTSBl59VC
In the coming weeks, I will publish new articles covering exploration in areas such as Windows, Chrome, iOS/macOS, and hypervisors.
Have a great day and enjoy reading.
#exploit #exploitation #windows #chrome #macOS #iOS #hypervisors #vulnerabilityresearch](https://pbs.twimg.com/media/HF4OLrWXIAQBjHS.jpg)
I just wrote about reversing and debugging a PyInstaller EXE file with Windbg. It's also my writeup for "cheat or not cheat" of @MidnightFlag CTF 2026 !
https://t.co/oNAVkgWUkT
In this blogpost I tried to sum up everything I know, walking you from the "I have an EDR, I'm secure" mindset to "let's build a resilient tiering model". Let me know what you think about it :)!
https://t.co/UDFdtc8vPh
RegPhantom a signed Windows kernel rootkit that turns the registry into a covert execution channel.
Gives the ability to an unprivileged usermode to reflectively load an arbitrary PE into kernel memory, invisible to PsLoadedModuleList and standard driver enumeration tools.
The implant includes several stealth techniques:
- Post-execution memory wipe
- XOR-encoded hook pointers in-memory obfuscation
- Valid code-signing certificates
- CFG obfuscation with opaque predicates
- 28+ samples tracked (June–August 2025), signed with certificates from two Chinese companies.
We're releasing:
- Full technical writeup
- Extensive deobfuscation scripts
- YARA detection rule
Full analysis: https://t.co/cMWxkoaI0p
#MalwareAnalysis #Rootkit #ThreatIntel #DFIR #Windows #KernelDriver
You don’t attend Corelan Stack to return home with a script 🗒️You attend to obtain a deeper understanding💪!
Evidence-based training 🚀
Precise 🎯
Repeatable.🔁
➡️ Check out Corelan Stack training at #BruCON0x12 Spring training (April 22-24, 2026) https://t.co/QxSzwE4IEe
🔥🐉 New GOAD Lab: DRACARYS
I’ve just released a new free lab environment on GOAD: DRACARYS.
The challenge includes 3 VMs and the objective is simple:
Start with no authentication and work your way up to Domain Admin.
Have fun exploiting it! 🔥🐉
https://t.co/TkbVEIxyyX
I am excited to release the seventh article in the Exploiting Reversing Series (ERS). Titled “Exploitation Techniques | CVE-2024-30085 (part 01)” this 119-page technical guide offers a comprehensive roadmap for vulnerability exploitation:
https://t.co/h18hZC0azl
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit versions using Token Stealing and I/O Ring techniques.
[+] Exploit ALPC + PreviousMode Flip + Token Stealing: elevation of privilege of a regular user to SYSTEM.
[+] Exploit ALPC + Pipes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Solid Reliability: Two complete working and stable exploits, including an improved cleanup stage.
[+] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability.
The article guides you through the two distinct techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow vulnerability.
I would like to thank Ilfak Guilfanov (@ilfak on X) and Hex-Rays SA (@HexRaysSA on X) for their constant and uninterrupted support, which has helped me write these articles over time.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
Enjoy your reading and have an excellent day.
![ale_sp_brazil's tweet photo. I am excited to release the seventh article in the Exploiting Reversing Series (ERS). Titled “Exploitation Techniques | CVE-2024-30085 (part 01)” this 119-page technical guide offers a comprehensive roadmap for vulnerability exploitation:
https://t.co/h18hZC0azl
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit versions using Token Stealing and I/O Ring techniques.
[+] Exploit ALPC + PreviousMode Flip + Token Stealing: elevation of privilege of a regular user to SYSTEM.
[+] Exploit ALPC + Pipes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Solid Reliability: Two complete working and stable exploits, including an improved cleanup stage.
[+] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability.
The article guides you through the two distinct techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow vulnerability.
I would like to thank Ilfak Guilfanov (@ilfak on X) and Hex-Rays SA (@HexRaysSA on X) for their constant and uninterrupted support, which has helped me write these articles over time.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
Enjoy your reading and have an excellent day.](https://pbs.twimg.com/media/HClMY-QawAEOPBP.jpg)
I am pleased to announce the publication of the sixth article in the Exploiting Reversing Series (ERS).
Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)", this 251-page article provides a comprehensive look at a past vulnerability in a mini-filter driver:
https://t.co/Sh8pgB4bh8
It guides readers through the entire investigation process—beginning with binary diffing and moving through reverse engineering, deep analysis and proof-of-concept stages into full exploit development.
I hope this serves as a valuable resource for your research. If you enjoy the content, please feel free to share it or reach out with feedback.
Have an excellent day!
NEW BLOG: The Great VM Escape 💕
We caught threat actors deploying a VMware ESXi exploit toolkit in the wild - potentially was a zero-day developed over a year before VMware's disclosure 👀
If anyone has thoughts on it let me know, but I needed almost a full case of beer to wrap my head around this one 🍺
Full technical breakdown 👇
https://t.co/wXT9c7ytVh
@RussianPanda9xx 🔥Probably one of the most interesting and comprehensive blogpost I've read on this subject. Thank you.
https://t.co/txBlxmMa61 Anti-cheat evolution in Windows... New Year post while I am in vacation is ready!!! 🎉 Happy 2026!
Two blog posts just dropped - one with the details on the bloatware pwning shenanigans I was up to earlier in the year, and another on pipetap, a new Windows named pipe proxy/tool.
https://t.co/bmqZ9x3obQ
https://t.co/QD59sHpTEP
🎤 Ce vendredi 28 novembre @Defte_ , pentester chez Orange Cyberdefense, présentera sa conférence : “Channel Binding with MSSQL: A Deep Dive into TDS, NTLM & STARTTLS Madness”
📅 @GrehackConf : 28-29 novembre 2025
📍 Grenoble
Programme 👉 https://t.co/QixKDxRIWe
Last Seen Users on Sotwe
pragnentlady
Seen from Italy
Ayesha Leak
Seen from Germany
ONLYFAMOSOS
Seen from Mexico
182黑皮小白菜 
Seen from Thailand
dilek
Seen from Italy
Funny video
Seen from United States
Yusuf olgunsever
Seen from Turkey
desi viral college girl
Seen from Germany
Premium Arşiv
Seen from Turkey
Jos
Seen from Venezuela
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers