Exposure Security @ExposureSec
A security consultancy specializing in Virtual CISO, AppSec & SecDevOps staffing. exposuresecurity.com San Francisco Bay Area Joined February 2014-
Tweets74
-
Followers94
-
Following1K
-
Likes43
More than 30 police vans have rolled in to the area surrounding the HK Police HQ. I’m guessing things will get interesting in the next 4-5 hours. #HongKongProtests
@_RastaMouse @_xpn_ @Cneelis This is also pretty useful ;) bypasses many products by unhooking NtReadVirtualMemory github.com/hoangprod/Andr…
If you are using MiniDumpWriteDump to extract memory from lsass, remember that under the hood, it still uses ReadProcessMemory. Worth knowing if the target AV/EDR is alerting based on this.
Have you joined Bugcrowd's @Discordapp server? Bugcrowd's Discord community chat server is a great way to meet researchers & talk #infosec 🎉 #ItTakesACrowd See you there: discord.gg/YNwkNKr
CVE-2018-15664: Docker Container(all versions) is vulnerable to a symlink-race attack seclists.org/oss-sec/2019/q…
Attack Surface Analyzer 2.0 – Free Microsoft Tool to Detect Changes in Operating Systems While Installing Apps github.com/Microsoft/Atta…
Bypassing PAN Traps: c0d3xpl0it.com/2019/01/bypass…
Warren Buffett lunch bid still $3,500,100
After years of IR and hunting, if I were to deploy malware, I would make it look like an HP print driver.
After years of IR and hunting, if I were to deploy malware, I would make it look like an HP print driver.
Query I've found useful lately: (observed_filename:"c:\windows\system32\" OR observed_filename:"c:\windows\syswow64\") is_executable_image:"true" digsig_result:"Unsigned" Modify is_executable_image and digsig_result as you see fit, but you'll start to pick up the patterns.
#Emotet Notes and IoCs for 2019/05/27. Late start, E1 elusive DOC, E2 pumping out ~160 URLs. New naming convention for dropped executable. paste.cryptolaemus.com/emotet/2019/05… pastebin.com/vSL0MyhH
Any guess how to find races through fuzzing? Here's our approach, Razzer (github.com/compsec-snu/ra…), which found 16 new race bugs in the Linux kernel
Obfuscated base64 string reverse/reorder in VB to reflectively load a .NET PE payload that checks Pastebin and then decodes and loads another PE payload from a reversed base64 string. All that, just to drop njRat (with localhost C2 even).
Obfuscated base64 string reverse/reorder in VB to reflectively load a .NET PE payload that checks Pastebin and then decodes and loads another PE payload from a reversed base64 string. All that, just to drop njRat (with localhost C2 even).
So I've posted both Windows and macOS binaries (self-contained, statically linked) for scanning for CVE-2019-0708 bluekeep. Just click on the badge at the top of the readme. github.com/robertdavidgra…
win10 1903 Tamper Protection Feature is pretty cool been playing around with it all night. cant kill defender with Set-MpPreference -DisableRealtimeMonitoring $true anymore but, using Set-MpPreference -DisableScriptScanning $true and everything else works.
Fun with custom URI handlers, featuring another Origin RCE and a bypass for the first one. zeropwn.github.io/2019-05-22-fun…
Confirming SandboxEscaper's latest AppXSvc LPE (aka CVE-2019-0841-BYPASS) is indeed a 0day and works up to the latest 1903 build (but no collector abuse anymore 😢) . Weaponised demo on 1809..
That thing where your detection detects other detection. 🤣 (cc @cyb3rops)
Here are my slides from my talk at the Facebook/Google-hosted BountyCon 2019 in Singapore earlier this year: Live Hacking like a MVH – A walkthrough on methodology and strategies to win big speakerdeck.com/fransrosen/liv…
Bobu @Bobu092399
1 Followers 548 Following
Madisyn O'Connell @MConnell12993
17 Followers 2K Following
StilleZeit @Lerjou81469
43 Followers 2K Following 15-30% Monthly | 2 High-Conviction Stocks.Short-Term Gains: 15-20% in Days/Weeks.DM "JOIN" for WhatsApp Alerts. Live Trade Signals • Market Analysis
Vwieauva @Vwieauva370704
35 Followers 1K Following
Joanna @AngelinaGo60661
21 Followers 268 Following Shakespearean drama enthusiast seeking a thespian soulmate. Let’s recite monologues dramatically in parks and debate who’s the ultimate tragic hero.
Lola Lear @LolaLear58391
6 Followers 550 Following Arthur analyst and team provide cryptocurrency analysis, earn $500 to $5000 a day, click to join WS:https://t.co/VU7JdrLuRS
IT GRC Forum @ITGRC
24K Followers 23K Following Educational Programs on IT, Governance, Risk Management, & Compliance (GRC)
IT CPE Academy @itcpecredit
291 Followers 4K Following Self-Study CPE Programs to help professionals acquire the skills, knowledge and certificates in IT and cybersecurity
SpringSawyer @B7sLV4bR27A1B
67 Followers 7K Following
Dinee @DineeQlJs
35 Followers 4K Following
DonnaEdith @Q5U062SYov0Dj
75 Followers 7K Following
Nimble @RqD1868pzi01b05
73 Followers 7K Following
Drsleth @DrslethlrQN
57 Followers 4K Following
CeciliaPater @g2dD04W4744u6
68 Followers 7K Following
CoraStrong @HluFdw3g752lR
54 Followers 5K Following
Doughsm @DoughsmoSU1E
46 Followers 4K Following
Victoria @agunewakak72550
91 Followers 7K Following
Dion @nizukayume77164
76 Followers 7K Following
Phedde @Phedde598702
127 Followers 7K Following
Zoe @deneslesm21835
91 Followers 7K Following
EllaAgnes @di9qi7Rfv283E0
59 Followers 7K Following
CorneliaLew @482WtCcGtyPBY
26 Followers 2K Following
EarthaHarrod @UGaTT0Z9W7Wkd
84 Followers 7K Following
Trent @kirinteimi43949
61 Followers 7K Following
MonaZechariah @IH8a86x1VpAI72P
5 Followers 524 Following
LetitiaTout @7jS0dMM457REM9
77 Followers 7K Following
Della @Della1369195
61 Followers 664 Following
Seeslo @Seeslo152447
100 Followers 7K Following
Sherry @harshman_sherry
220 Followers 3K Following
Teneloosh @teneloosh48827
66 Followers 5K Following
Teighski @Teighski137117
5 Followers 305 Following I like traveling. I want to meet friends from all over the world.
Sisosas @Sisosas240971
26 Followers 2K Following
Sonic_Swift @SonicSwift4185
2 Followers 350 Following
Smeathit @Smeathit142579
54 Followers 2K Following “My concern about my reputation is with the people who I respect, my family, (GOD) the exceptional, I’m perfectly comfortable with my reputation with them”
Dorothy @s_dorothy9
255 Followers 3K Following
Posisir @Posisir171358
4 Followers 290 Following
Steyshesh @steyshesh33454
12 Followers 807 Following
Deene @Deene512936
31 Followers 2K Following
Make money easily @cRZe6rbXYqTRJ9U
17 Followers 554 Following MEXC focuses on financial management, stocks, cryptocurrencies, digital assets and investments. Currently, new users can get free dollars when they sign up.
Mokithey @mokithey63371
49 Followers 1K Following
Artistry Vibes @ArtistryVibes
153 Followers 1K Following Life is a long lesson in humility. Commissions open for all kind of digital stuff web development and App development.
Jogie Sunne @msiggnn
326 Followers 2K Following
Gautam Agarwal @Gautam0998
192 Followers 2K Following 24 | MS Cybersecurity | Stevens | NJ | CCSP (Associate) | CySA+ and Security+
Niels Groeneveld @nigroeneveld
13K Followers 13K Following Tweeting about various issues, such as infosec and geopolitics. My tweets do not necessarily reflect the points of view of past, present or future employers.
CONSEC Learn @ConsecLearn
218 Followers 1K Following We provide a holistic approach to learning, offering a broad spectrum of accredited online and classical learning. We can additionally design bespoke solutions.
Bag Holder @BagholderQuotes
50K Followers 647 Following You don't loose if you don't sell. A satire, parody, and humor account. https://t.co/c6hwYWXWka
Edwin Dorsey @StockJabber
117K Followers 2K Following Exposing bad companies. Author @BearCaveEmail & @IdeaBrunchEmail. Founder @FOIAsearch. Email: [email protected]
Hindenburg Research @HindenburgRes
876K Followers 0 Following Popped bubbles as we saw them, including our own. We expressed strong opinions. Not investment advice.
Andrey Boyko - Headle... @glivera
267 Followers 140 Following I help startups & teams launch faster, convert better, and scale smarter — with clean UI, smart automation, and 17+ yrs of web experience.
Damian Rusinek @drdr_zz
2K Followers 1K Following Web3 Security | SCSVS | PhD | Securing Your Smart Contracts and Web3 Applications since 2018, Co-founder @Composable_Sec
Wojciech Reguła @_r3ggi
6K Followers 866 Following iOS/macOS app security researcher & blogger. 🍎 Black Hat / DEF CON / TyphoonCon speaker. Head of mobile appsec @SecuRingPL
Csaba Fitzl @theevilbit
8K Followers 1K Following macOS Security -- Trail running 🏃 -- Mountains ⛰ -- Tolkien fan For mountain pictures, go to: https://t.co/Xf7KDW5fKu
0xdeadbeefJERKY ☠�... @0xdeadbeefJERKY
992 Followers 907 Following Detection Engineer @Meta | Former Security Eng @Lacework, Red Team @Meta, consultant | Views are my own | BlueSky https://t.co/5925v15aCH
Niels Provos @NielsProvos
4K Followers 550 Following Security/Privacy (M-F). Bladesmithing/Videographing (S-S). Producing music (Activ8te). My tweets are my own. mastodon: @[email protected]
ExploitWareLabs @ExploitWareLabs
626 Followers 36 Following ExploitWareLabs By Coderant Threat Hunting
svbl 🇺🇦 @svblxyz
11K Followers 2K Following 🇺🇦🌻 - My tweets represent your employers opinions. Most of this is false. I am making this up. I always tell the truth. Verified.
Samuel Groß @5aelo
24K Followers 502 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
initstring @init_string
1K Followers 71 Following AT&F&C1&D2&K3%C0 https://t.co/FcLLHui5wV | https://t.co/zOit06UquA | @[email protected]
PhysicalDrive0 @PhysicalDrive0
16K Followers 922 Following Malware Hunter / I've already taken the red pill!
stephen @_tsuro
10K Followers 527 Following @v8js security, CTFs and CPU vulnz. LCHL. @[email protected]
Elad Shamir @elad_shamir
5K Followers 39 Following
Xylitol @Xylit0l
24K Followers 2K Following owner of https://t.co/PVTlUZSWgE and temari.fr - Security/Malware researcher, ethical carder, ex-treasurer of @Hack_Gyver and Temari fan ♥ #DIY #Electronic
Dirk-jan @_dirkjan
29K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Gynvael Coldwind @gynvael
38K Followers 1K Following security researcher/programmer/director @ HexArcana Cybersecurity GmbH ⁂ @pagedout_zine ⁂ @DragonSectorCTF ⁂ https://t.co/ShG2c5As1K ⁂ ex-Google ⁂ he/him
Ronnie Flathers @ropnop
6K Followers 909 Following security engr, pentester, researcher. i sometimes blog and code based on motivation/caffeine levels. Principal Security Engineer @Marqeta
Kostya Kortchinsky @crypt0ad
8K Followers 138 Following 🇫🇷 grep'ing for memcpy() since 2002AD. Currently @ Databricks. Formerly GOOG, MSFT. Tweets are my own, and sometimes attempts at being funny.
Tal Be'ery @TalBeerySec
10K Followers 2K Following Security Research Manager. Co-Founder, CTO @ZenGo. Advisor @ZeroNetworks. x-VP Research Aorato, acq by @Microsoft. 9 times @BlackHatEvents speaker.
Luigi Auriemma @luigi_auriemma
4K Followers 3 Following @REVULN cybersecurity research and conferences. The 'aluigi' of @quickbms and @zenhax
Vincent Le Toux (Pari... @mysmartlogon
12K Followers 58 Following Author of #PingCastle, contributor to #mimikatz (DCSync, setntlm, DCShadow) and #OpenSC. Wrote GIDS applet, OpenPGP card driver on Windows and OpenSC stuff.
BlueHat IL @BlueHatIL
6K Followers 531 Following
Saar Amar @AmarSaar
19K Followers 361 Following Reversing, exploits, {Windows, Hyper-V, *OS} internals, mitigations. Apple SEAR. Opinions are my own. @[email protected]
Matt Miller @epakskape
12K Followers 649 Following Killing bug classes and breaking exploits as part of @msftsecresponse. Adding more entropy to the Internet. https://t.co/J8GCGurGP3
David Weston (DWIZZZL... @dwizzzleMSFT
25K Followers 2K Following Corporate Vice President, OS Security and Enterprise @Microsoft
Joseph Bialek @joseph... @JosephBialek
4K Followers 342 Following No longer using Twitter, find me on Mastodon: @[email protected] Security engineer @ Microsoft. I speak on my own behalf, not my employers.
Frego @_frego_
2K Followers 246 Following Baby yogi, tea addict, mostly vegan and security researcher. Opinions are my own, not necessary my employer's.
Byoungyoung Lee @mylifeasageek
674 Followers 118 Following Working on Systems Security. Assistant Professor of ECE at Seoul National University (SNU)
Sara Luterman @slooterman
28K Followers 6K Following Disability and aging reporter @19thnews. Opinions are my own. Send tips to: [email protected]
⠓⠑⠇⠇⠕ 🇺�... @z3r0fox
1K Followers 3K Following #crypto #infosec #privacy Support, love to #i2p #torproject No his mind is not for rent / To any god or govt | Find me on @JoinMastodon https://t.co/KJ1wf8n92Z
Chris Long @Centurion
5K Followers 1K Following Security @DetectionLab creator 日本語の生徒 Opinions are my own
DetectionLab @DetectionLab
3K Followers 10 Following https://t.co/5DJVtOe9vd Built by @Centurion. Vagrant & Packer scripts to build a lab environment with security tooling and logging
🆁🅴🅶🅶🅸�... @Ring0x0
6K Followers 586 Following Master of Disaster #soc #infosec #opsec #dfir #malware #threathunting. Opinions are my own and not those of my employer
Antelox @Antelox
5K Followers 2K Following A Civil Engineer married with Mrs IDA Pro. Sons are WinDbg and OllyDbg. We live in a VM. We eat bread and malware, APT on Sunday
2B @h3x2b
3K Followers 2K Following Eat hex for breakfast, binaries for lunch, crunchy malware for dinner, watch disassembly before sleep ... wannabe.Trends for United States
You might like
