Olivia
Online
Giovanni Lagorio
@zxgio
Security enthusiast, CTF player, co-founder of @ZenHackTeam he/him
Joined July 2010
1.5K Following
413 Followers
703 Posts
(1/n) New research on Windows malware, to appear at ACM ASIA CCS 2026 [1]:
"SoK: Systematization, Detection, and Hunting of Windows Malware Persistence Techniques" [2]
This work is a collaboration between EURECOM and the University of Twente.
The recording of my first Binary Cartography webinar is now public:
Agentic Reverse Engineering: How AI Agents Are Changing Binary Analysis
Topics: keygenning, cracking & anti-tamper removal
Recording: https://t.co/dheTSRkJqP
Slides/code/samples: https://t.co/nAqtcqVs7i
I was watching a presentation [1] on @REverseConf 2026 and I learned an anti-emulation trick that uses x87 FPU quirks. It is used by an anti-cheat engine (as part of an MBA).
Here you go, it detects Unicorn: https://t.co/UVBTg22Q3a
[1] https://t.co/kYKrXrRpwA
RE//verse 2026 talks are live on YouTube! Want to revisit a talk or catch the ones you missed? The full playlist is now available:
https://t.co/HbQUuGF0IZ
https://t.co/o4CGqi5qR0 ← we've just released Paged Out! zine Issue #7
https://t.co/ZEuR7WtUAL ← direct link
https://t.co/DFuGBWFb4D ← prints for zine collectors
https://t.co/8VN5hGyEux ← issue wallpaper
Enjoy!
Please please please RT to spread the news - thank you!
So, these threat actors successfully phished an author of multiple open source NPM packages with a total of 2 billion weekly downloads – including debug, chalk, and ansi-styles.
Since most companies run at least one React or Angular app, they had the opportunity to execute code on millions of systems across thousands of orgs.
And they used it to drop an amateurishly obfuscated crypto stealer, got caught by basic detection rules, and the issue was remediated after 2 hours.
I hope everyone understands how close this was – and can imagine what would’ve happened if someone with real skills had done it.
#NPM #Compromise #SupplyChain
Big news: Windows Subsystem for Linux is now Open Source! 🎉
Download WSL, build from source, contribute fixes & features, and join its active development.
Learn more: https://t.co/JzhrU4RAkx
Hello hackers! Another @pwncollege semester ends, continuing @ASU's @ace_inst's never-ending quest to revolutionize the way hackers learn to become productive members of the cybersecurity community. Read on to learn what this means for students and Capture the Flag! 🧵
My new article, "Writing a Full Windows ARM64 Debugger for Reverse Engineering," covers the topic in detail, including its internals and the core differences between Windows on Intel and ARM64:
https://t.co/5xASMMNAEk
"dos-like" is a mini-engine/framework I made a couple of years ago. It makes it easy to make games and other things with a 90s MS-DOS look and feel, but using a modern C compiler and running on Windows, Linux, macOS and in the browser using WebAssembler.
Learn to write a WinDbg extension:
https://t.co/MVbkvqZKas
"A calculator app? Anyone could make that."
Not true.
A calculator should show you the result of the mathematical expression you entered. That's much, much harder than it sounds.
What I'm about to tell you is the greatest calculator app development story ever told.
It's finally here! Ghidra 11.3 dropped with built-in support for Python 3 through Pyhidra. Let's go! https://t.co/iZMl9L9lZq
Last Thursday, I gave a webinar on anti-reverse engineering techniques like obfuscation, anti-debug, anti-tamper etc, including practical examples. Recording, slides and examples are now available.
https://t.co/M99j6jHkJs
https://t.co/3o4TIAQBbE
The last release of #TinyTracer for this year: v2.9.5 : https://t.co/qvbQqaUXQE . Added ability to follow child processes (thanks to @red5heep). Improved tracing of #VMProtect - protected executables.
New #HollowsHunter (v0.4.0) is out: https://t.co/FBWjtKp8ez. Now you can use it in the classic mode, as well as in ETW mode - as a multi-threaded listener. The watched events can be defined by a simple profile - but it is just a beginning...
FLARE is releasing a tool today that I've been working on over this year that helps break down binaries into smaller functional clusters and uses Gemini to describe their relationships, behavior and the overall malware functionality. It's called XRefer and it is out for you to read about and try out. Check out the write up here, and look below for some examples: https://t.co/qLxJMOgePy
Releasing full 2+hr video of my browser exploitation workshop from VXCON 2024: https://t.co/SBn4fMarPU
In which I show what goes inside the mind of a skilled hacker while exploiting a highly non-trivial vulnerability in v8, from zero to exploit concept.
Especially this workflow requires advanced abstract thinking, thereby emphasize the role of theoretical modeling in attacking hard zeroday research targets, which is a part of why it's fun. @zerodaytraining
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers