Olivia
Online
Yehuda Smirnov
@yudasm_
Security Researcher @Microsoft, opinions are my own.
Joined May 2022
569 Following
778 Followers
435 Posts
Pinned Tweet
What if you skipped VirtualAlloc, skipped WriteProcessMemory and still got code execution?
We explored process injection using nothing but thread context.
Full write-up + PoCs:
https://t.co/Sa1oUSYyqU
Round two!
Yesterday was one report, here’s another: an unpatched NTLM coercion via the Windows Search (search-ms://) URI handler.
Same questions about how it got handled. It’s all in the writeup, timeline included.
https://t.co/eMbyEGbx8b
Cleaned up my old ETW notes from Obsidian and put them into one post.
No new research here.
Just a practical map of the parts I keep coming back to, providers, sessions, kernel loggers, ETWTI, tampering, and detection.
https://t.co/e068LAH8p7
Wow - #Microsoft releases an emergency patch for an Exchange spoofing bug in the wild. Looks like it's confined to OWA and Preview Pane is NOT a vector. Still, start your test and deployment engines! https://t.co/cz0pYlvqBg
Who to follow
Hai vaknin 
@VakninHai
Security Researcher
EAT-Sleep-Hack-Repeat
https://t.co/oEFfl40EMN
pfiatde
@pfiatde
"Every machine is a smoke Machine if you operate it wrong enough"
RedTeamer by day, sleeping at night!
https://t.co/ZcTfWHeGZO
Octoberfest7
@Octoberfest73
Red Team | Offensive Tool Dev | 2x Course Author @ Zero-Point Security
Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens https://t.co/iZZgVoKNd9
I just reverse engineered the YellowKey BitLocker bypass
Microsoft shipped code that checks for a flag called "FailRelock" in every Windows 11 recovery image. When it's set to 1, after recovery unlocks your BitLocker drive, it never relocks it. All you need is a USB stick.
This code only exists in the recovery environment. Not in normal Windows. They left an entire debug testing framework in production.
It's been a while since I wrote a blog post. My new post writes about some cool updates to the MS-RPC-Fuzzer for recursively fuzzing complex structures, logging using ETW, and we found a way to escalate to nt\authority system!
https://t.co/Guxzx0gu2J
Authentication reflection attacks are still not dead!
In our new blogpost series, @yaumn_ shares his journey into bypassing the mitigations of CVE-2025-33073 to pop SYSTEM shells again🚀
👇
https://t.co/pbZ2KjXq7Q
Really great post, and fun priv esc!
The idea is that agent identity is also a service principal, which caused the developers to assign permissions to the AI administrator role to add passwords to all SP types. It's really clever 🧠 by @noaaariel
https://t.co/MnzTrpqihM
Claude Code's remote control protocol lets developers orchestrate instances programmatically. @tyholms reverse engineered it and found an undocumented flag that redirects any instance to attacker-controlled infrastructure, silently bypassing all permission checks.
https://t.co/Tn85uj1R77
Hidden GPO-based attack paths are now in BloodHound.
@croco_byte breaks down new OU & AD Site abuse paths that can lead to privilege escalation or full domain compromise, and how to find, map, and weaponize them. #SOCON2026
As promised, UnDefend Denial of Service PoC for windows defender.
https://t.co/eXrYL0CDiD
@ZephrFish @neuralhax This is actually crazy! I've been doing something similar and funnily enough also called every component / system a campaign in my lab.
Thanks for sharing this!
This is what happens when I take time off, I actually write silly length blog posts and deep dive things https://t.co/SUgxpGqGFr the post dives into a MCP pipeline I've put together for autonomous 0day hunts.
@GrahamHelton3 What do you do about Twitter stuff you want to save to read later? For example links to blogs, etc
Been playing around UEFI and DMA...
https://t.co/jYexQbIL29
In our latest post, researcher @craigsblackie documents attacks against the Dell UEFI firmware that enable DMA attacks against TPM-only bitlockered devices https://t.co/b835C7rlW4
93% recall vs 50% for baseline prompts. Our new dimensional-analysis plugin for Claude Code doesn't ask it to find bugs. It annotates your codebase with dimensional types, then flags mismatches mechanically. 🧵
If #RBCD has been thoroughly documented, only a few resources mention the workflow in cross-domain environment.
In our new blogpost, we dive into the cross-domain and cross-forest RBCD workflows.
Read it here 👇
https://t.co/cJsnify0qQ
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers