Charlie Miller @0xcharlie
I'm that 0day guy St. Louis, MO Joined August 2009-
Tweets19K
-
Followers74K
-
Following72
-
Likes733
Next people will be saying that starbucks wifi is okay!
Next people will be saying that starbucks wifi is okay!
I will never not promote this comic
Fault injection vs Firmware hacking
I know it's been a long journey, but I think we're just one or two bugs away from making the internet safe
"many eyes makes bugs shallow" is security culture
"many eyes makes bugs shallow" is security culture
So folks who are wringing their hands over the xz backdoor… What are we going to do differently to stop this in the future? My guess is we will preach and pontificate but not actually do anything useful…just like we always do!
@hyprdude A friend once told me he believed that WU-FTPD was written by a visionary. A man who foresaw every possible security bug that you could ever make, and he put it all in one FTP daemon. I though my friend was joking, but maybe it was real.
My hot take on the xz back door: it’s a success for the community. It took 2 years to sneak it in and it was caught in 1 month before it was in any major distro. It is really hard to backdoor a distro which is pretty cool.
Congratulations to Chompie who scored a win in the Windows 11 LPE category! Her exploit circumvents the latest Virtualization Based Security mitigations. She becomes the first solo female competitor to score a full win at #Pwn2Own, the world’s most prestigious hacking competition
Congratulations to Chompie who scored a win in the Windows 11 LPE category! Her exploit circumvents the latest Virtualization Based Security mitigations. She becomes the first solo female competitor to score a full win at #Pwn2Own, the world’s most prestigious hacking competition
But I thought we were better at security now??
So THIS is why GM said it will no longer support Apple CarPlay from 2026?! And build their own Android experience. Because they don't want Apple to take over all the car's screens as Apple demands it does so. From the US vs Apple lawsuit:
These numbers are unfathomable
I gave Claude 3 the entire source of a small C GIF decoding library I found on GitHub, and asked it to write me a Python function to generate random GIFs that exercised the parser. Its GIF generator got 92% line coverage in the decoder and found 4 memory safety bugs and one hang.
Seguimos repasando la historia de la EKO en este martes de #RetroEko 🔙 Corría el año 2009 y @0xcharlie nos presentaba la metodología que utilizaba para encontrar errores en iOS. 🔥 ¿Cómo olvidar esta joyita? Encontrá esta charla y más presentaciones de la #EKO2009 acá >>…
Automotive pwn2own coming soon!
The government finally fixed cybersecurity by issuing a report. I guess I should look for a new job. Maybe a turtle farmer?
The government finally fixed cybersecurity by issuing a report. I guess I should look for a new job. Maybe a turtle farmer?
Justin Elze @HackingLZ
51K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsthaddeus e. grugq the.. @thegrugq
129K Followers 423 Following Hacker :: https://t.co/km8BR8E1Ga :: [email protected] :: PGP https://t.co/dYipV8y3bo :: @warstudies :: https://t.co/H3dWknFCfk :: https://t.co/Z2lWqEVVuaHalvar Flake @halvarflake
43K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.Daniel Cuthbert @dcuthbert
30K Followers 1K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & UK Government Cyber Security Advisory Boardlcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3Greg Linares (Laughin.. @Laughing_Mantis
28K Followers 2K Following 20+ yrs in Infosec. Cybergoth. Musician. Autistic. Art @MalwareArt. 4x Pwnie Nominee. Red Teamer. 𝕍𝕏. Chronic Illness Fighter. I love Smite, Gamedev & Synthsmdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)Maddie Stone @maddiestone
64K Followers 847 Following Security Researcher - Google's Threat Analysis Group | 0days all day. Love all things bytes, assembly, and glitter. she/her.Mike Felch (Stay Read.. @ustayready
15K Followers 2K Following Pentester / Red Team | Hacking since Renegade BBS backdoors | Dev since vb3 | Content since '99-'03 ezines | Prior CrowdStrike / BHIS | In Christ's gripŁukasz @maldr0id
13K Followers 1K Following Military-grade @Android malware reverse engineer @Google || "Tom Brady of malware strings analysis" - @MalwareTech || Tweets are my own opinions || he/him ✨🌈🦄Mudge @dotMudge
67K Followers 343 Following Make a dent in the universe. Find something that needs improvement: go there and fix things. If not you, then who? {he/they}strandjs - strandjs@b.. @strandjs
45K Followers 2K Following I will light the way by the bridges I burn. Retired Senior SANS Instructor IANS Faculty Black Hills Information Security Active CountermeasuresPatrick Wardle @patrickwardle
37K Followers 958 Following Founder of the Objective-See Foundation 🛠️🍎Richard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHcje @caseyjohnellis
29K Followers 4K Following founder/chief strategy officer @bugcrowd && co-founder @disclose_io || pioneer of crowdsourced security as-a-serviceWeld Pond | Chris Wys.. @WeldPond
57K Followers 1K Following Hacker. Co-founder/CTO Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future @[email protected]b33f | 🇺🇦✊ @FuzzySec
32K Followers 841 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabsThomas Roccia 🤘 @fr0gger_
25K Followers 2K Following Sr. Threat Researcher @Microsoft, Malware Warlock, Threat Intel, Python🧡- Former @McAfee_labs, Goon @Defcon, Creator of #UnprotectProject - Tweets are my ownWim Remes TR @wimremes
17K Followers 3K Following Information Security - People Person - BBQ and general food Amateur - Kindness scales! - Ubukhulu Abubangwa - Building Security You LoveAsd @npodesta1
212 Followers 2K FollowingAli Mersin @iamamersin
128 Followers 389 FollowingAkin Tosunlar @DesertSun1944
22 Followers 44 Following Exploit Writer, IT Security Specialist, DeveloperSalvaged Circuitry @salvagedcircuit
372 Followers 631 Following Electrical Engineer | Hobbyist | Camera Enthusiast | Wire Wrap AficionadoOnur @10onru
1 Followers 71 Following🤦she✝️ broke �.. @favour87781
7 Followers 264 Following “A smiling face is a beautiful face. A smiling heart is a happy heart.” please try to follow my account ❤️ TikTok/@lilweo Instagram/@lilweofErnestas Naprys @ernestas_naprys
146 Followers 418 FollowingKofi darkwah @Kofidarkwah_
73 Followers 155 FollowingDiego Kelyacoubian @dkelya
124 Followers 528 Following Human being that like technology. Life is short, enjoy ɐʎlǝʞborski 🇺🇦 ✡�.. @borski
746 Followers 562 Following hacker | founder | cybersecurity expert | angel investor | singer/musician | UX enthusiastRashomon Tunde @RashomonTunde
45 Followers 186 FollowingAbdul-Malik 💙🇬�.. @_abdmaliq
111 Followers 103 Following 🌐 Aspiring Web Developer | HTML, CSS, JavaScript explorer | Turning ideas into digital reality | Curious learner | Space 🚀 | Carsḭ̸̧̣̈́́̇̉l̷�.. @earlyfang
18 Followers 208 Following PHNjcmlwdD5hbGVydCgib2xhIGsgYXNlIik8L3NjcmlwdD4= ▓ Friendly APT. Ethical Hacker. ▓ Violence is the last refuge of the incompetent. Si vis pacem para bellum.404 Law Not Found @404lawnotfound
6 Followers 46 Following. @4Mwub03egwvr
0 Followers 86 FollowingBBG @ItsMeBobbyG
77 Followers 413 FollowingZaid Tahrawi @TahrawiZ999
787 Followers 6K Following شاعر و كاتب من الأردن و كتبه هي هتاف أنفاس و سكوت و سنديانة الأشواق و حلم جريء و سموات و شغف الرحيل و بلسم المسافات و خواطر على درب الوئامtester @xxtesterxx
1 Followers 112 FollowingComm Junk @comm70727
55 Followers 174 FollowingJonatan G. @jo_gwadloup
46 Followers 477 FollowingSeymour Payczech @staticbunny
20 Followers 805 Following🐍Furkan Onder🐍 @fsyscall
4K Followers 5K Following @thepsf Triage Member | Focusing on CPython #LKD #Python #ArchLinux #Django #eBPFThe Cyber Ghost @The_cyberghost
79 Followers 1K Following Aligning my curiosity one hack at a time ..8 @0x54c5638
71 Followers 257 FollowingJohn Sanders @Sandman46615
148 Followers 1K FollowingTeri Radichel #cybers.. @TeriRadichel
10K Followers 2K Following CEO @2ndSightLab | Cybersecurity Author Pentester Researcher Architect | AWS Security Hero l GSE 240 | IANS Faculty | Blog: https://t.co/cFTkNPKZVeGergely Pongrácz @drbogar
104 Followers 1K Following A junior software developer with photographer eyes, who want live his life, not just spend.IsNotA Yahoo @IsnotaY
25 Followers 259 FollowingDumbisms @Dumbisms
69 Followers 549 Following Imposter syndrome. CISO because nobody else wanted it. Love what I do! Social media lurker.Jed @zniper14
30 Followers 148 Followingbugoverflow @bugoverfl0w
1K Followers 627 Following Hackerone: https://t.co/oc8g2VDej7 Bugcrowd: https://t.co/MOGStPVRU2 Intigriti: https://t.co/g3hFMfuuSvNolan F @nolansfly
16 Followers 60 Following4xScrews @4xScrews
89 Followers 236 Following It works every time, 60% of the time. Engagements are not endorsments. Some posts are desinfo. Prolific comedian. #OSINT #geolocation #ukraine #russia #nkoreaMemmedyar @javadli_m
7 Followers 150 FollowingArturo Pérez @ARTP3R
163 Followers 630 Following Padre, sombrero blanco, adepto del pensamiento crítico, tecnócrata minarquista, ateo respetuoso, vecino solidario, ciudadano responsable, bético, alonsista.Victor Saenz @H3lloMRr0bato
34 Followers 91 FollowingIbrahim Auwal @ibrahimatix0x01
2K Followers 409 Following Acknowledged by Google, Yahoo, U.S. Department of Defense, Logitech, Sony, MTN Group, SEGA and many more. https://t.co/8558meNGEPHalvar Flake @halvarflake
43K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.mdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)Mudge @dotMudge
67K Followers 343 Following Make a dent in the universe. Find something that needs improvement: go there and fix things. If not you, then who? {he/they}David Weston (DWIZZZL.. @dwizzzleMSFT
25K Followers 1K Following Vice President, OS Security and Enterprise @Microsoft || @CISAgov Technical Advisory CommitteeTavis Ormandy @taviso
127K Followers 645 Following Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine. I'm also @[email protected]haroon meer @haroonmeer
17K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6bRyan Naraine @ryanaraine
28K Followers 876 Following I write about hackers and the business of cybersecurity. Podcast + newsletter: https://t.co/ZGEyqy1JhI. Columns: @securityweek. Conference: @labscon_ioKatie🌻Moussouris (.. @k8em0
115K Followers 10K Following @LutaSecurity CEO @payequitynow MIT&Harvard visiting scholar, @MasonNatSec fellow, 1/2 Chamoru, hacker @k8em0.bsky.social Legacy blue checkWillem Melching @PD0WM
3K Followers 540 Following I take things apart. Sometimes I put them back together. Consulting & Trainings: https://t.co/HDoTb6QsAFRobᵉʳᵗ Graham �.. @ErrataRob
67K Followers 2K Following Created (BlackICE,IPS,sidejacking,masscan). Doing (blog,code,cyber-rights,Internet-scanning). @[email protected]KEENLAB @keen_lab
18K Followers 115 FollowingGolfAlphaBravoEcho @thegenuinegmv
71 Followers 210 Following Pharmacist by trade. Panther for life. H2PKF @d0tslash
7K Followers 7K Following My commentary is not affiliated with, neither represents the views, position or attitudes of my employer(s) their clients, or any of their affiliated companies.G @Grazfather
559 Followers 771 FollowingNatalie Silvanovich @natashenka
46K Followers 2K Following Tamagotchi Hacker. Google Project Zero. She/her.SummerCon @SummerC0n
4K Followers 50 Following We're America's longest running security conference. Summercon 2024 is July 19-20. Tip your bartender.SpaceX @SpaceX
34.3M Followers 113 Following SpaceX designs, manufactures and launches the world’s most advanced rockets and spacecraftsamy kamkar @samykamkar
63K Followers 4K Following think bad, do good. | https://t.co/1k7O9o2Gos | cofounder @openpathsecJustin Smith @forkboy1973
34 Followers 130 Following Tilting at windmills with cynicism and sarcasm (Fly not, cowards and vile beings, for it is a single knight that attacks you.)Amibo Stuffins @AmiAmibo
15 Followers 1 FollowingBraden Thomas @drspringfield
1K Followers 286 Following@mikko @mikko
231K Followers 933 Following Technology speaker and author. Chief Research Officer at WithSecure.zane @zanelackey
7K Followers 305 Following GP @a16z helping build amazing DevOps and cybersecurity companies. Previously Co-Founder of @SignalSciences and CISO @EtsyAndrea Miller @genderteach
485 Followers 383 Following College Prof who teaches courses on gender, sexuality and human rights. Believes that there are no essential truths.Chicks Galore @MrMagiTron
122 Followers 211 Following Bringing you high quality pictures of some sweet chicks weekly? (depends on how edgy i feel ex dee ex dee)Chris @cmwdotme
15K Followers 719 Following Founder & CTO @ Corellium. Connecting dots and untying knots. This is my personal account and my opinions are my own.thomas @LimThomas168
4K Followers 344 FollowingLevi Miller @leviathan_levi
43 Followers 11 Following minecraft pro dad is famous computer hacker likes reading booksMark Trumpbour @mtrumpbour
465 Followers 391 Following DevOps guy | Co-organizer of Summercon | Opinions posted are not necessarily those of my employer. They may not even be my own.selenakyle @selenakyle
12K Followers 2K Following protects platforms & people online. graphs the grey cybers: econ, risk, fraud, infosec, datasci ⭐ researcher, artist, mystic & mathlete. what the fox says 🦊Matthew Green @matthew_d_green
143K Followers 1K Following I teach cryptography at Johns Hopkins. Mastodon at [email protected] and BlueSky at https://t.co/GI4QlxYTdk.Rodrigo Branco @bsdaemon
12K Followers 3K Following Just an opinionated security researcher. Opinions are my own H2HC (Hackers 2 Hackers Conference)Michael Ossmann (@mos.. @michaelossmann
16K Followers 896 Following hacker/artist/gadgeteer, Great Scott Gadgets (@GSGlabs) founder, designer of GreatFET, HackRF, Ubertooth. You think I should be @mossmann, but I'm not. he/himadamjodonnell @adamjodonnell
3K Followers 745 Following Deputy CISO @ Stripe. On the whole, I'd rather be in Philadelphia, San Francisco, o Roma. Cooking and art on IG: @adamjodonnell.Marcia Hofmann @marciahofmann
17K Followers 3K Following Digital rights lawyer, creative writing grad student. Priors @FulbrightPrgrm scholar @Twitter @EFF @EPICPrivacy. Bluesky: @marciahofmann.comChaouki Bekrar @cBekrar
23K Followers 850 Following CEO of @Zerodium / Life is short, sell your 0-days to @ZerodiumFermin J. Serna @fjserna
14K Followers 2K Following Databricks' CSO - Previously: Citrix's CISO, Semmle's CSO, Google's Head of Product Security, MSFT, entrepreneur. Real Madrid supporter. All opinions my own.Chris Valasek @nudehaberdasher
18K Followers 128 Following Ringleader of https://t.co/qbccrF8noZ | Pittsburgh Panther H2P | Car hackerChris Evans @scarybeasts
26K Followers 199 Following CISO and Chief Hacking Officer at HackerOne. Past: Founded {vsftpd, Chrome security, Google Project Zero}; Tesla; Dropbox. Hacker / Researcher. beebjit.Brandon Edwards @drraid
5K Followers 1K Following CTO @crashappsec. Past: Cofounder and Chief Scientist @capsule8, Hacker-in-Residence @NYUTandon, and other research, reverse-engineering, and exploit dev roles.Joshua J. Drake @jduck
28K Followers 2K Following A funemployed researcher living in the intersection between security and embedded Rust.Barnaby Jack @barnaby_jack
5K Followers 125 FollowingJoe Grand @joegrand
25K Followers 609 Following Hardware hacker, computer engineer, former L0pht member and juvenile delinquent, sometimes known as Kingpin.Peter Vreugdenhil @WTFuzz
7K Followers 33 Following Mitigations bypassed: DEP, ASLR,KASLR, SafeSEH, CFG, Protected Mode, SMEP, PAC, ** ** list might be incomplete@ViralNewsNYC We all know crypto is a ponzi scheme bro, you didn't need to light yourself on fire 🤣🤣🤣
This is what my matches with Karpov felt like.
a truck carrying 100k chinook salmon smolts (yay!) crashed in eastern oregon and flipped over (oh no!) but did so right above a creek (yay!) and a bunch died (oh no!) but more than 75k of them were inadvertently released and will likely return there to spawn as adults (yay!)
@0xcharlie “Call it extreme if you like, but I propose we hit it hard and hit it fast with a major - and I mean major - leaflet campaign.”
@0xcharlie I think we need more thought leadership panel discussions and selfies.
folks really want to move to places where there's no income tax and then realize they've ended up somewhere where everything else costs more than the national average and the public services are terrible. imagine that. nbcnews.com/politics/econo…
This was her third run…
Kate suiting up to go indoor skydiving! I’m totally not jelly! Guess she raised her hand to go first. lol, no fear in this one!
House passes Protecting Americans’ Data from Foreign Adversaries Act, H.R. 7520 politico.com/news/2024/03/2…
He must have heard @0xcharlie plea for a line change!
Game Day: Bannister shuffles Blues forward lines, starts Hofer in goal dlvr.it/T3wZjY
@0xcharlie Like a fine wine, they only get better with age!
Orson Wells on start-up fund raising. Hint: Winston Churchill.
"World's Fastest Camera Drone Vs F1 Car (ft. Max Verstappen)" youtube.com/watch?v=9pEqyr…
@0xcharlie You should always have a backup plan.
Just finished Theft of Fire by @Devon_Eriksen_ , and it was a great read — hard SF by a retired engineer. If his About page resonates at all, you will probably enjoy it: devoneriksen.com/about
The number one reason why good security is hard is that the feedback loop on decisions is long and the signal is low fidelity. It's not clear how many incidents were prevented or mitigated from which foundational decisions years prior. This wrecks the incentives to be proactive.
Damn, today is 5 years for me at $currentemployer. I’m pushing twice the length of any other non consulting job I’ve had. Usually by 3 years in, poor direct management, and other drama becomes unbearable, and I need to dip!
Excited to share the launch of Runtime Ventures (runtime.vc), a VC fund focused on seed stage cyber. Dave Endler and I have been working on this for a couple of years and it's finally time to take the covers off. linkedin.com/posts/michaela…