![patrickwardle's tweet photo. I don't do Windows but here are some (initial) details about why the CrowdStrike's CSAgent.sys crashed
Faulting inst: mov r9d, [r8]
R8: unmapped address
...taken from an array of pointers (held in RAX), index RDX (0x14 * 0x8) holds the invalid memory address
@_JohnHammond https://t.co/oqlAVwSlJj](https://pbs.twimg.com/media/GS3VYkcWkAAc8rs.jpg)
Olivia
Online
Esmid
@xedi25
Reverse Engineering, Malware Analysis, Windows Internals, PE | Malware Researcher at @PaloAltoNtwks | Tweets are my own
Vienna, Austria
Joined September 2013
439 Following
1.2K Followers
888 Posts
People complain about kernel anti-cheat while cheat devs are literally writing custom hypervisors to hide from detection. The threat model demands ring-0. Read how anti-cheats actually detect system emulation and tell me they're overreacting:
https://t.co/lA7FEWTI6a
Authors: @the_secret_club
#AntiCheat #InfoSec #GameSecurity
YARA-X 1.17.0 has been released. This time with the long-awaited `--fast-scan` option. https://t.co/bmmQP7Rp8A
Have you noticed that those deep-dive stories about complex Windows malware have pretty much vanished, especially in recent years? It feels like the era of "blockbuster" Windows malware has just gone silent, and this blog post tries to give some answers why.
https://t.co/sFsf3uPm5o
I'm happy to introduce the official YARA language server for Visual Studio Code.
https://t.co/FptFOFZvgG
Many thanks to Albert Tikaiev for putting the first stone in this initative (https://t.co/fsAMenmkea)
hey malware nerds FLARE is hiring
https://t.co/RcLvka8Pr3
This blog post provides an in-depth analysis of #Turla's #Kazuar v3 loader and how it tries to slip past modern defenses:
• Sideloading via MFC satellite DLLs
• Control flow redirection trick (+ POC)
• Patchless ETW and AMSI bypasses (+ POC)
• Extensive COM usage for registry, file and folder operations (+ partial POC)
• Strings encryption (+ IDAPython decryption script)
• Including IOCs and Yara rules
https://t.co/FK8uAq9iyK
stop using ubuntu 24.04 to host your kernel pwn challenges lmao
https://t.co/uCCNthelDn
The HackingTeam is back! New name, new malware, new exploits https://t.co/B7l4wpqByH
VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023-20869)
https://t.co/DseNNxt7Ow
Credits Alexander Zaviyalov (@NCCGroupInfosec)
#infosec
🏆 Unit 42 research wins the Péter Szőr Award at #VB2025! The development of our Attribution Framework by Andy Piazza, Kyle Wilhoit, Robert Falcone and David Fuertes is recognized as outstanding technical security research. Read it here: https://t.co/Ytvo3HbPkm
I think it's sad none of these applications will ever be built again.
I no longer want cleverly packaged utility. I want silliness and whimsy delivered through convoluted high skill ceiling bloatware if that's not too much to ask for
Hypervisors for Memory Introspection and Reverse Engineering by @memn0ps
https://t.co/yVi4yKE9ku
capa v9 brings a new scope for dynamic analysis: “span of calls” for matching a sliding window of API calls within a thread. Thank you to so many contributors!
https://t.co/DGj3aDx46J
The detailed version of our #WorstFit attack is available now! 🔥
Check it out! 👉 https://t.co/EWlBSgXhpx
cc: @_splitline_
Members of my CTF team & the SPS train repair company will meet NEWAG, the train manufacturer, in court on Wednesday (you might remember the 37C3 talk; link in reply). The lawsuit was initiated by NEWAG, but, according to reporting, counterclaims were filed by SPS as well. 1/3
I don't do Windows but here are some (initial) details about why the CrowdStrike's CSAgent.sys crashed
Faulting inst: mov r9d, [r8]
R8: unmapped address
...taken from an array of pointers (held in RAX), index RDX (0x14 * 0x8) holds the invalid memory address
@_JohnHammond
![patrickwardle's tweet photo. I don't do Windows but here are some (initial) details about why the CrowdStrike's CSAgent.sys crashed
Faulting inst: mov r9d, [r8]
R8: unmapped address
...taken from an array of pointers (held in RAX), index RDX (0x14 * 0x8) holds the invalid memory address
@_JohnHammond https://t.co/oqlAVwSlJj](https://pbs.twimg.com/media/GS3WnUHXMAA-XSa.png)
We are organising a conference on 26th - 27th June 2024
Attention Speakers: Our 2024 Call for Papers is now open! #OffByOne2024? Learn all about it:
https://t.co/hsUZ23yYVw
It has been a busy December and January! We caught a Chinese APT group exploiting multiple chained 0days in Ivanti Connect Secure (Pulse Secure) to compromise the device and pivot into networks. This is a full unauthenticated RCE and impacts all supported versions! 1/2
Ever wished for meaningful variable names in your decompiled code? Meet VarBERT! Excited to share that our paper is accepted at IEEE S&P 2024 (Oakland): https://t.co/xWV6nMOON2.
Last Seen Users on Sotwe
LMF🩸
Seen from Philippines
Jilbab
Seen from United Kingdom
リバウンド
Seen from Japan
Nudists on Beach 
Seen from Indonesia
Çiğdem
Seen from Turkey
3GP Meli
Seen from Singapore
Moiz Khan
Seen from United Arab Emirates
อยากเยสสาวคาผ้าถุง
正装岳父
Seen from United States
George Alexopoulos
Seen from United States
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers