434B @0xricksanchez
Vulnerability researcher | Fuzzing | Anything low-level excites me | Admin @ https://t.co/DjVsvNNdjS | My tweets are my own | Blog: https://t.co/uxAwpPtJX8 0x434b.dev 127.0.0.1 Joined May 2017-
Tweets895
-
Followers4K
-
Following529
-
Likes2K
'admin!' and '123456' it is. Take it or leave it
Anyone want to donate this to me for fuzzing research? I could need some of those 145152 cores to run some fuzzers only to not find new crashes gsaauctions.gov/auctions/previ…
Pushed some fixes and the latest release, v0.3.4 should be rather stable now again... On a side-note: if you're one of those people who prefer screen to TMUX, then you have that available now as an option :)!
Pushed some fixes and the latest release, v0.3.4 should be rather stable now again... On a side-note: if you're one of those people who prefer screen to TMUX, then you have that available now as an option :)!
New release v0.3.0 allows running the below TUI on *any* started AFL++ fuzzing run, making it a full replacement for afl-whatsup if you're into that
New release v0.3.0 allows running the below TUI on *any* started AFL++ fuzzing run, making it a full replacement for afl-whatsup if you're into that
Just made some nice improvements to AFL_Runner a little tool for easy/best-practice multicore @aflplusplus fuzzing campaigns: github.com/0xricksanchez/…. Now with a TUI as a replacement for afl-whatsup as well. New stuff planned :)
Fun little LLM CTF gandalf.lakera.ai by @LakeraAI to make your coffee break less boring :)
Excited to share our blog post with @IvanOfFlorida on enabling Kernel Address Sanitizer (KASan) for bare-metal targets to further harden firmware in Android and beyond security.googleblog.com/2024/03/addres… PoC/Demo source code for enabling KASan on ARM/x86/RISC-V : github.com/androidoffsec/…
SyzRetrospector: A Large-Scale Retrospective Study of Syzbot arxiv.org/pdf/2401.11642… by @pkqzy888 @arrdalan13 Lots of great detailed data and insights on kernel fuzzing bugs found by syzbot
Is this the equivalent of having had a < 6 digit ICQ number back in the day? If you have a Linux kernel CVE pre-dating 2024 you're cool, otherwise meh you're at most "ok"?
Is this the equivalent of having had a < 6 digit ICQ number back in the day? If you have a Linux kernel CVE pre-dating 2024 you're cool, otherwise meh you're at most "ok"?
It's been a blast to work on an #AI/#LLM powered #fuzzing solution for the past months. Hacking in this new field with little to no resources has been a challenge… That said, automatic harnessing of arbitrary projects looks really promising!
Now that the @defcon 31 talks are out on YouTube... Which ones are worth catching up to/were exceptional? Help
Reminds me of this gem:
1. 🔨 Build an educational and deliberately vulnerable system 2. 🔬 Research system and identify serious vulnerability 3. #⃣File a CVE 4. ??? 5. 🤑 Profit
1. 🔨 Build an educational and deliberately vulnerable system 2. 🔬 Research system and identify serious vulnerability 3. #⃣File a CVE 4. ??? 5. 🤑 Profit
strlcpy and strlcat added to glibc zine.dev/2023/07/strlcp…
Looks like yet another brilliant line-up 🔥! Sad that I cannot attend this iteration :(
Looks like yet another brilliant line-up 🔥! Sad that I cannot attend this iteration :(
Early bird for VR & Fuzzing live class ending end of this month signal-labs.com/services-purch…
Just noticed that my fuzzing paper repo managed to get to 1k stars ⭐️. Happy to see that my chaotic list is relevant to so many peeps! github.com/0xricksanchez/…
We are thrilled to join @theopenssf to collaborate with amazing partners on advancing OSS security. We look forward to sharing our experience and learning from the community to provide better tooling and best practices for securing the OSS ecosystem. openssf.org/press-release/…
0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |h0mbre @h0mbre_
12K Followers 577 Following tryhard at linux kernel && avatar is by Ching Yeh: https://t.co/oanjFPPhe7mRr3b00t @UK_Daniel_Card
92K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistDave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeBattle Programmer Yuu @netspooky
18K Followers 1K Following knuck if you buck 日本語/español OK (he/they) @tmpout @binarygolf @[email protected]kmkz @kmkz_security
18K Followers 1K Following Offensive Security fanatic, Offsec Team lead... pom-pom girl? Who fuckin' cares ??Richard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHWill Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]Vicki Rowsey @RowseyVick22278
84 Followers 5K FollowingRay Sou @pastreet3
14 Followers 37 Followingrycbar @rycbar7r
28 Followers 425 FollowingDmytro Oleksiuk 💥 .. @d_olex
13K Followers 1K Following zero-fucks-given infosec research | contacts: https://t.co/AB3QnrPja0 | 🇺🇦 Ukraine needs your help to kill Ruϟϟian zombies: https://t.co/ihU9OLujfkZhudan @Zhudan5
0 Followers 2K FollowingLuca Giardullo @GiardulloLuca
19 Followers 805 Followingsociety @e6odeath
14 Followers 38 Following malwares & below ground zero level stuff | red team unprofessional @ very cool placeSusnata Seal @SusnataSeal
64 Followers 310 FollowingHardik Shah @hardik05
4K Followers 4K Following Principal Security Researcher - Tweets and opinions are my own and not of my employer. #fuzzing #trainings #security YouTube: https://t.co/grWZKdQTfZクマムシ.exe @SugarHigh_bin
370 Followers 4K FollowingHanna Pody @hanna62917
75 Followers 5K FollowingChere Lovvorn @LovvChe
40 Followers 5K FollowingJayde Devenport @JaydDevenpo
88 Followers 5K Followingsmallsnap @smallsnap375721
1 Followers 31 FollowingGertrudis Stickford @GertrudisS17517
75 Followers 5K Following🌞♀️🌈 ^IA De.. @A01E0174991
30 Followers 2K Following .:. Whoever controls the information controls the people.:.Death never died @smallsnap1
0 Followers 46 FollowingEldora Landor @eldora7828
82 Followers 5K FollowingSharmaine Osmanski @SharmaineO23971
72 Followers 5K Followinggufeng @gufeng63561338
1 Followers 7 FollowingMard @0xMard
124 Followers 386 Following 🇰🇷 Half-Drunk Security Researcher | Kernel / Hypervisor / Parallelism / OSdev | Hyde Lab | Profile by @ChineseSwat |AbdelRahman Yossef @AbdelRa56112682
142 Followers 2K FollowingChalie @pwnipc
2K Followers 754 Following Offensive Android Security Researcher, ARM assembly addict, Exploit Dev? and a part time CTF player @fr334aks.Anatoly Karp @akarp
2K Followers 3K Following MySQL Infra at Meta. Method coder. Discreet mathematician. Rust. Machine learning, physics, economics.Joseph Katsioloudes @jkcso
698 Followers 686 Following Developer Advocate @GHSecurityLab @GitHub. Security Specialist, Keynote Speaker. All views are my own.curtain @curta1np
7 Followers 13 FollowingLi Li @LiLi13223166092
1 Followers 304 FollowingJang Juhyun @bitjang
382 Followers 4K Following programmer, security, IoT, smart card, fido, LLVM, BlockChain, Product ManagerGilmar Cardoso @Gilmarc_jr
109 Followers 2K Following I.T. SECURITY 01110000 01100101 01101110 01110100 01100101 01110011 6e 65 63 72 6f 6e 69 78 2e 73 68 40 70 72 6f 74 6f 6e 6d 61 69 6c 2e 63 68 Linux evangelistpjcscoder @pjcscoder
31 Followers 622 Followingm@l0trU @ml0trU1
18 Followers 771 FollowingAndrew Fluke @AndrewFluke
54 Followers 1K Followingvx-underground @vxunderground
291K Followers 211 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |cts🌸 @gf_256
52K Followers 624 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboyBinni Shah @binitamshah
132K Followers 175 Following Linux Evangelist, Malwares , Security Enthusiast, Philanthropist , Reformist , Jain. binitamshah at protonmail dot comLiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeioh0mbre @h0mbre_
12K Followers 577 Following tryhard at linux kernel && avatar is by Ching Yeh: https://t.co/oanjFPPhe7[email protected].. @0xdea
12K Followers 19 Following When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.ippsec @ippsec
111K Followers 350 FollowingSaar Amar @AmarSaar
18K Followers 362 Following Reversing, exploits, {Windows, Hyper-V, *OS} internals, mitigations. Apple SEAR. Opinions are my own. @[email protected]Alisa Esage Шевч�.. @alisaesage
35K Followers 143 Following Independent hacker, solo winner Pwn2Own • Building my system of power knowledge @zerodaytrainingAlex Plaskett @alexjplaskett
9K Followers 590 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.hackerfantastic.x @hackerfantastic
102K Followers 4K Following Co-Founder @myhackerhouse cyber security assurance & hacker training ~ ISBN9781119561453 ~ a book on professional hacking. Offensive Lua project.Hack The Box @hackthebox_eu
190K Followers 226 Following #1 Cyber Performance Center, providing a human-first platform to create and maintain high-performing cybersecurity individuals and organizations.Zero Day Initiative @thezdi
77K Followers 17 Following Trend Micro’s Zero Day Initiative (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.Dave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeBattle Programmer Yuu @netspooky
18K Followers 1K Following knuck if you buck 日本語/español OK (he/they) @tmpout @binarygolf @[email protected]hasherezade @hasherezade
84K Followers 845 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)kylebot @ky1ebot
5K Followers 315 Following CTF player @Shellphish | PhD Student @ASU | @angrdothorse dev | Author of how2heap | Vulnerability Research Hobbyist | @[email protected]CW Research Lab @cwresearchlab
446 Followers 72 Following Where Good Ideas Become Reality for Better Cyber World!Synacktiv @Synacktiv
17K Followers 277 Following Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.𝚊𝚕𝚔𝚊𝚕�.. @alkalinesec
3K Followers 545 Following mobile security / symbolic execution. opinions are mine. @[email protected] . he / himWhite Oak Security @WhiteOakSec
3K Followers 27 Following a Cyber Advisors company; Expert offensive cyber security & penetration testing delivered by a dedicated team of highly experienced & passionate professionals.Hex-Rays SA @HexRaysSA
7K Followers 45 Following We are a hi-tech company focusing on binary software analysis. Our main products are IDA Pro and the Hex-Rays Decompiler. Inquiries: https://t.co/3AkMrQmJgFOpenwall @Openwall
7K Followers 10 Following Infosec focused free software, research, publications, community activities @oss_security. Tweets are announcements. Please direct questions to @solardiz.Solar Designer @solardiz
14K Followers 1K Following @Openwall founder, @oss_security maintainer, @lkrg_org co-author. RTs don't imply agreement with points of view.GrapheneOS @GrapheneOS
48K Followers 0 Following Open source privacy and security focused mobile OS with Android app compatibility. Forum, Discord, Telegram, Matrix: https://t.co/C0RaJbZosjMOGWAI LABS GmbH @mogwailabs
543 Followers 0 Following a infosec boutique with a strong emphasis on offensive security, based in Neu-Ulm (South Germany)Brendan Dolan-Gavitt @moyix
25K Followers 6K Following Associate Professor @ NYU Tandon. Security, RE, ML. PGP https://t.co/3WXr0RfRkv Founder of the MESS Lab: https://t.co/zGycrX3Gmn "an orc smiling into the camera" — CLIPAlvaro Muñoz @pwntester
13K Followers 502 Following Security Researcher with @GHSecurityLab. CTF #int3pids. Opinions here are mine! mastodon: @[email protected]Attack and Defense @attackndefense
1K Followers 9 Following @[email protected] - Mozilla's Security Internals for Security Engineers, Security Researchers, and Bug Bounty Hunters.h4k @h4kb4n
521 Followers 40 Following LianSecurity Founder "Discord with US https://t.co/nQei46beNH"Boschko 🇨🇦 @olivier_boschko
4K Followers 2K Following just a french canadien | adversary emulation (red team) @ RBC | CISSP BSCP CRTL CRTO OSCP eWPTX eCPPT | goofing off @ https://t.co/aWC0YYEp9xJoseph Katsioloudes @jkcso
698 Followers 686 Following Developer Advocate @GHSecurityLab @GitHub. Security Specialist, Keynote Speaker. All views are my own.Oliver Chang @halbecaf
2K Followers 142 Following @[email protected] Senior Staff Eng @ Google Open Source Security. Founder of https://t.co/K575lba4tt, lead/co-founder for OSS-Fuzz.Binary Gecko @Binary_Gecko
353 Followers 23 Following Binary Gecko GmbH. Securing the digital world through vulnerability research.🦎Kev @kevin_backhouse
4K Followers 138 Following Security researcher @GHSecurityLab @GitHub. Opinions are my own. he/himsimo @_simo36
7K Followers 107 Followingexploits.club @exploitsclub
514 Followers 72 Following Currently a VR, RE, and Exploit Dev weekly newsletter | Daily VR News and Memes | Join the club...more coming soonOff-By-One Conference @offbyoneconf
283 Followers 96 Following A premier gathering of offensive cybersecurity professionals, researchers, thought leaders and innovators from around the region.doar-e @doar_e
3K Followers 4 Following Diary of a reverse-engineer blog - You like binaries and reverse-engineering ? Write a post!Signal Labs @signal_labs
277 Followers 1 Following Modern Offensive Security Training @ https://t.co/s02rnYlYiJ Business Inquiries: https://t.co/tRxhJMpyzVChristopher @Kharosx0
3K Followers 2K Following Founder @signal_labs : https://t.co/8grJlb5jwZ 🇦🇺 Vulnerability researcher (MORSE) @Microsoft Discord: Kharosx0Operation Zero @opzero_en
4K Followers 1 Following A zero-day vulnerability platform. Reach us via email: [email protected]Claudiu-Vlad Ursache @ursachec
617 Followers 559 Following software engineer & security researcher @binarly_io developer @joernioMoshe Kol @0xkol
1K Followers 440 Following Security Researcher. Android kernel Research Team Lead at Paragon.Jeremy Fetiveau @__x86
4K Followers 2K Following Hacking chrome. Building new teams with @TrenchantARC. Occasional contributor to @doar_e.Filippo Roncari @f_roncari
2K Followers 566 Following Curious guy with a long-time passion for zero-days. Mostly *OS. Present: wip 🚀. Past: research director @, co-founder and researcher @truel_it.Jordy Zomer @pwningsystems
2K Followers 219 Following Security Engineer @ Google, likes fuzzing, static analysis and VR. The opinions stated here are my own, not those of my company.Thach Nguyen Hoang �.. @hi_im_d4rkn3ss
2K Followers 293 Following Security Researcher @starlabs_sg. Pwn2Own Mobile 2020, 2021, 2022, 2023. Pwn2Own Vancouver 2022, 2023.FuzzingLabs @FuzzingLabs
6K Followers 4K Following Research-oriented cybersecurity startup specializing in vulnerability research, #fuzzing, Browsers, Telecom & #blockchain security | by @Pat_VentuzeloDaniel Cuthbert @dcuthbert
30K Followers 1K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & UK Government Cyber Security Advisory BoardSemgrep @semgrep
3K Followers 204 Following A fast, open-source, static analysis tool for profoundly improving software security and reliability.Eduardo Vela @sirdarckcat
12K Followers 582 Following not mad. mentally divergent. personal profile, opinions my own. everything I say is probably wrong. 🐘 @[email protected]Ricerca Security @RicercaSec
3K Followers 0 Following Offensive Security Professionals | VAPT, R&D, Consulting, Training | Recognized by government agencies, Fortune 500s | Japanese: @RicercaSec_JPSYSPWN @syspwnx
278 Followers 27 Following SysPWN : A place to learn more about Vulnerability Research and make yourself ready for world-class hacking competitionsI'm pleased to announce that LIEF's Rust bindings are out: lief.re/blog/2024-04-2…
reminds me of that day I woke up to multiple msgs on my phone letting me know that the one and only @gamozolabs was reviewing the very first paper I'd have published live in twitch in front of a couple hundred of fuzzing nerds
had a nightmare where i published a paper and the next day MKBHD literally just cooks me in a fully fledged paper review video
I'm digging even deeper into hypervisor debugging. This viewer enables visual reading and writing of bit fields within the VMCS Guest state, Host state, entry, exit and control fields.
Fixed glibc CVE-2024-2961 iconv(3) out-of-bounds write for EL9 distros via Rocky Linux SIG/Security sig-security.rocky.page/packages/glibc/ sig-security.rocky.page/issues/CVE-202… Bug found and explored by @cfreal_, exploitable via PHP, rated Important, CVSS 8.8 by Red Hat, patched in Fedora but not yet in RHEL
"On PHP [this glibc bug led] to amazing results: a new exploitation technique that affects the whole PHP ecosystem, and the compromission of several applications." openwall.com/lists/oss-secu… x.com/cfreal_/status…
So @j00ru published two posts on Windows Registry; given that there were a lot of fixes in Windows Registry in recent months I expect these to be fun ;) googleprojectzero.blogspot.com/2024/04/the-wi… googleprojectzero.blogspot.com/2024/04/the-wi…
Kudos to @Google Project Zero's @j00ru who published new research today detailing his audit of the Windows Registry which includes 50 CVEs: googleprojectzero.blogspot.com/2024/04/the-wi…
Great news! Our new approach for scalable bug finding in Linux-based firmware has been accepted to USENIX 2024. Check out our paper "Operation Mango" to pwn a local router near you! wilgibbs.com/papers/mango_u… Code and more in the 🧵1/5
I have posted my slides from The DL on LLM Code Analysis talk at CanSecWest 2024! You can get it and my other talks at fuzzing.io/research/
Exciting news! 🚀 Just dropped my blogpost unveiling the universal Linux kernel LPE PoC for CVE-2024-1086 (working on v5.14 - v6.7) used for pwning Debian, Ubuntu, and KernelCTF Mitigation instances, including novel techniques like Dirty Pagedirectory 🧵 pwning.tech/nftables
Excited to share our blog post with @IvanOfFlorida on enabling Kernel Address Sanitizer (KASan) for bare-metal targets to further harden firmware in Android and beyond security.googleblog.com/2024/03/addres… PoC/Demo source code for enabling KASan on ARM/x86/RISC-V : github.com/androidoffsec/…
This week we found another 3 new memory safety vulns as a result of our work leveraging LLMs to generate fuzzing harnesses: github.com/google/oss-fuz… One of them already has a fix upstream (github.com/facebook/zstd/…)!
New #BinaryNinja plugin: ReverserAI. It uses local large language models (LLMs) to derive semantically meaningful function names from decompiler output, demonstrating the potential of local LLMs to support reverse engineering on consumer hardware. Link: github.com/mrphrazer/reve…
Binary Ninja 4.0 is here! The first major digit increment in two years, and it's full of fixes and improvements: RISC-V, nanoMIPS, UI/docs refresh, Windows Kernel types+Debugging, COM reversing, type archives, projects, and a new AI assistant! See more at: binary.ninja/2024/02/28/4.0…
syzkaller snippets highlighting has been finally picked up by GitHub Pages 🥳 syzkaller added a few new syzlang features since I implemented this, so snippets with those will not be highlighted properly. But the basic support is there. Demo: xairy.github.io/blog/2024/gith…
TL;DR: I implemented syzlang syntax highlighting based on Rouge, the default highlighter used by GitHub Pages. Here's a demo:
Wrote a CodeQL query to find interesting objects for Linux kernel heap exploitation. Will add more predicates to find more interesting things soon 😁 github.com/google/securit… Please do reach out if you have more ideas!
syzbot now provides historic fuzzing code coverage reports for #Linux kernel, see "coverage report" here: syzkaller.appspot.com/upstream/manag… These allow to asses what's covered and what's not. But also how a particular line of code can be reached (it shows test cases that reached each line)
Ever wanted to mmap or mprotect virtual memory in a debugged process from within GDB? That's now possible with Pwndbg :) github.com/pwndbg/pwndbg/… It works by assembling and executing the mmap/mprotect shellcode in the debugged process and then reverting regs/memory state :)
I am proud to present you the pre-print of our paper on GWP-ASan. 5+ years of work by four companies, spanning Server, Desktop, and Mobile, running on billions of devices. Finding and fixing thousands of bugs and potential vulnerabilities. arxiv.org/abs/2311.09394