Olivia
Online
xpldotjs
@xpldotjs
Joined May 2021
310 Following
131 Followers
926 Posts
ETWPrism is a Windows research tool for inspecting user-mode ETW at the emitting process.
Many high-signal events are assembled in user-mode runtimes, DLLs, or service processes before they enter the normal ETW tracing pipeline. ETWPrism helps look at that pre-submission point directly.
Current focus includes PowerShell, AMSI, CLR, WinINet, WinHTTP, DNS Client, LDAP Client, CAPI2, DPAPI, WMI Activity, BITS Client, Schannel, RPC, COMRuntime, and CNG-related providers.
Useful for validating what payloads are actually emitted, how filtering changes visibility, and where service-hosted providers require a different capture point.
repo: https://t.co/rf8vWAW6eB
One unchecked integer multiplication can own the entire Windows kernel.
In CVE-2024-30088, an integer overflow caused the kernel to allocate a smaller buffer than required while continuing to process it as if it were large enough. The resulting out-of-bounds write let attackers corrupt kernel memory, build arbitrary read/write primitives, and ultimately replace their process token with the SYSTEM token.
https://t.co/zccTyNAfFK
zer0matt's blog: Whoops! I did it again. I patched Windows Kernel a... https://t.co/9WLZZ79hxf
This is the type of malware game hackers build to bypass kernel anti-cheat. The same techniques can be used by malware authors to evade EDRs.
A UEFI bootkit that injects into Microsoft's own Hyper-V at ring -1 before the OS even loads (easier than building a custom hypervisor from scratch).
Four phase bootloader. Hypervisor VM-exit interception. EPT page shadowing. MSR virtualization. EFI memory map ghosting. TPM measurement spoofing.
Reads like malware. Because it is. Videos and full technical breakdown in the link.
Author: https://t.co/iHtxyJSbwy
#ReverseEngineering #Malware #AntiCheat
Cleaned up my old ETW notes from Obsidian and put them into one post.
No new research here.
Just a practical map of the parts I keep coming back to, providers, sessions, kernel loggers, ETWTI, tampering, and detection.
https://t.co/e068LAH8p7
Stack spoofing Detection for CET processes by comparing shadow and user stacks.
https://t.co/L5iAWVIjQq
#infosec #cybersecurity #redteam #pentest
Custom attributes in #dotnet give me nightmares.
Read my new blog post to learn why:
👉https://t.co/JUgfI6Iq2u
#reversing #malware #pe #binary #asmresolver
Privilege Escalation via a Page Use-After-Free in Qualcomm's AI Accelerator Linux Kernel Driver
Article by Lukas Maar about exploiting a bug in the mmap handler of the QAIC driver that causes a page UAF.
https://t.co/RqMi8QuuLG
Themida turns a few lines of code into thousands of VM handler instructions. Completely unreadable.
back engineering built a static devirtualizer that lifts it all to IR, resolves the control flow, and recovers the original logic.
The before/after in the repo is genuinely shocking.
Works on pretty much any VM obfuscator, not just Themida.
Blog: https://t.co/fY4YkY2aH3
Devirt output: https://t.co/p2gkKi1vXp
Author: @BackEngineerLab
#ReverseEngineering #InfoSec #Malware
A post about how Windows Named Pipes can become an attack surface when their ACLs are too permissive or when pipe creation flags are misused
https://t.co/m3KnfqXNfk
#infosec #cybersecurity #redteam #pentest #windows
Gargoyle a decade later
https://t.co/QJSTvwxsyY
THIS is what I pay my internet bills for man, fucking amazing stuff!!!!
Callback hell: abusing callbacks, tail-calls, and proxy frames to obfuscate the stack
Blog:- https://t.co/s4M2ONRGKB
#callstack #windows
Updated my project to bypass write protection via PTE manipulation.
HVCI / KDP will prevent this technique by marking the code / data page as read-only in the SLAT entry.
Do note that the Dirty bit is clear in the PxE despite the page being written to.
https://t.co/IMPevg6mws
Static Devirtualization of Themida
https://t.co/4UQrXtppDz
#infosec
🏴☠️ I can finally share a VMware 0day I discovered that led to CVE-2026-41702 (LPE as root). Funny enough, I found the bug in my hotel room after the second day of attending Csaba Fitzl (@theevilbit) & Gergely Kalman (@gergely_kalman) training at Zer0con.
https://t.co/mG55Ksc4gE
Due to popular demand We have made the Poc more user friendly 😊
This way you can test the safety of your qemu more time effectively 😃
Time Travel Analysis with QEMU on IoT Targets: Not Always That Hard - Part I:
https://t.co/oH3ZDDWDhd
Time Travel Analysis with QEMU on IoT Targets: Not Always That Hard - Part II:
https://t.co/WxxCooHN9h
#qemu #iot #reversing #informationsecurity #cybersecurity #hardware
Every 3rd website you visit runs Nginx.
18,959,833 of them can be hijacked right now.
A bug from 2008 just got a working exploit.
CVE-2026-42945 (CVSS 9.2)
No login. No access. Just one HTTP request.
→ Heap overflow → Worker process → RCE
Patch ASAP to Nginx 1.31.0 or 1.30.1
PoC is already out:
https://t.co/O4556KGjqD
(cross-posting from a private Signal group)
To all these posts comparing AI with fuzzing, find me a fuzzer that can reliably exploit UAF and I’ll be convinced that they are the same tech.
For example this bug and its exploit: https://t.co/kjFwqthFPL
We did it with Claude. Then a friend at OpenAI showed that GPT 5.5 reliably single-shot built a different exploit, using a better strategy, without consulting our article or PoC. This is mind blowing, and super fun, not sure why people keep denying the fun part.
In a Chrome exploit, we had some trouble with ASLR leak with float precision (i.e., need to leak info through pixel positions such that some maths must hold). The model came up with this: https://t.co/0DoRLdRgke. No idea what that is, but it seems to work for real!
When the first humans discovered how to use fire, they didn’t say, well, this is just another form of sunlight. They cooked!
Let's go cooking the greatest exploits!
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
61.9M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers