Haifei Li @HaifeiLi
For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff. justhaifei1.blogspot.com Vancouver, Canada Joined April 2010-
Tweets10K
-
Followers7K
-
Following151
-
Likes2K
our small team is actively looking for more research projects, if your company is looking vr/reverse engineering projects i'd be happy to talk
I feel like I should purchase a X subscription just for longer posts.. c'mon..
Oh there's one - current EXPMON Public is able to detect exploits CVE-2017-8570! pub.expmon.com/analysis/searc… x.com/haifeili/statu…
Oh there's one - current EXPMON Public is able to detect exploits CVE-2017-8570! pub.expmon.com/analysis/searc… x.com/haifeili/statu…
This seems a good financial advise to me. One thing I learned from the cybersecurity community is that the market always go against us. 😅 x.com/swiftonsecurit…
This seems a good financial advise to me. One thing I learned from the cybersecurity community is that the market always go against us. 😅 x.com/swiftonsecurit…
.@TheContractorio Thanks for sharing with me about the XSS bug! :) Follow me if you'd like to chat (or [email protected]).
Btw, Office documents which try to talk to remote (attacker-controlled) server will also be detected/informed. This is a huge attack vector for Office exploitation including potential zero-day attacks. Example: pub.expmon.com/analysis/19864/ x.com/haifeili/statu…
Btw, Office documents which try to talk to remote (attacker-controlled) server will also be detected/informed. This is a huge attack vector for Office exploitation including potential zero-day attacks. Example: pub.expmon.com/analysis/19864/ x.com/haifeili/statu…
The 2024 Pwnie Award Nominations are now live! Submit your best and brightest bugs, wins, and failures at the link below: pwnies.com/nominations/
Here we go! Should be fun this year as all the cool research and zero-days (on Fridays)! (reminder to myself for submitting) x.com/pwnieawards/st…
Here we go! Should be fun this year as all the cool research and zero-days (on Fridays)! (reminder to myself for submitting) x.com/pwnieawards/st…
Nicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW30xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |Ptrace Security GmbH @ptracesecurity
53K Followers 883 Following Empowering IT Security Professionals through Hands-On Online Courses.Yarden Shafir @yarden_shafir
19K Followers 272 Following A circus artist with a visual studio licenseSaar Amar @AmarSaar
18K Followers 362 Following Reversing, exploits, {Windows, Hyper-V, *OS} internals, mitigations. Apple SEAR. Opinions are my own. @[email protected]ϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected]Will Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]Alex Plaskett @alexjplaskett
9K Followers 590 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.lcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3Richard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHGreg Linares (Laughin.. @Laughing_Mantis
29K Followers 2K Following 20+ yrs in Infosec. Cybergoth. Musician. Autistic. Art @MalwareArt. 4x Pwnie Nominee. Red Teamer. 𝕍𝕏. Chronic Illness Fighter. I love Smite, Gamedev & SynthsGrzegorz Tworek @0gtweet
30K Followers 1K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carskmkz @kmkz_security
18K Followers 1K Following Offensive Security fanatic, Offsec Team lead... pom-pom girl? Who fuckin' cares ??b33f | 🇺🇦✊ @FuzzySec
32K Followers 844 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabsIvan Fratric 💙💛 @ifsecure
17K Followers 192 Following Security researcher at Google Project Zero. Tweets are my own. Backup @[email protected]David Weston (DWIZZZL.. @dwizzzleMSFT
25K Followers 1K Following Vice President, OS Security and Enterprise @Microsoft || @CISAgov Technical Advisory CommitteeJames Forshaw @tiraniddo
48K Followers 364 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]Milad Kahsari Alhadi @0cdefender0
101 Followers 67 Following Founder of Ai000 Cybernetics QLab. Interested in Mathematics, History and Computer Science.TECNO Security Respon.. @TecnoSRC
2K Followers 722 Following Security Bug Bounty Program of TECNO Mobile. #hack #infosec #bugbounty #AppSec #cybersecurity #TECNOsecurity Contact Email: [email protected]animesh @4n1mesh
209 Followers 729 Following Security Consultant @TantoSecurity 🥷 | Nerd=Cool, but im just a noob 🐥 🇳🇵 🇦🇺crudd (@crudd@hackers.. @crudd_re
507 Followers 2K Following Reverse Engineering and Malware Analysisoverflowedbuffer @overflowedbuf
28 Followers 263 FollowingBugs 😁 Bunny @Dark_fox_844
561 Followers 1K Following شرح این قصه مگر شمع برآرد به زبان ور نه پروانه ندارد به سخن پرواییbuntr @buntr007
12 Followers 191 Followingtsae @tsaets
4 Followers 76 Following꩜ @1337Rayan
1 Followers 97 FollowingMG193_7 @MGAldys4
102 Followers 250 Following 本科大三学生 Blog:https://t.co/cTJ4ePU03x Github:https://t.co/DBzFGq6AppEmilio Mantt @EmilioMant99600
11 Followers 53 FollowingExploit505 @Exploit505
86 Followers 749 Following #Cybersecurity Entrepreneur from #Nicaragua | https://t.co/t573kyGIMUsender @senderend
5 Followers 61 Following OSCP Certified Security Researcher https://t.co/lGfVKSFK8s https://t.co/2Srd2LBXJW https://t.co/ocu6vX5KuDJ @JSoupoffresh
0 Followers 137 FollowingOblivion Accessor @dg_metro
10 Followers 125 Following hip hop head above all. outdoorsman, angler, vinyl collector, hobbyist DJ. VR DEGEN. one piece savant. morose and lugubrious.NanoVMs @nanovms
1K Followers 2K Following NanoVMs - no users, no login, single application unikernel vms. Protecting everyones cloud. Faster than Docker, Faster than Linux.Manas Ghandat @0xP0ch1ta
18 Followers 102 Followingg01dn00b @n4sg0nc4lv3s
186 Followers 2K Following Drilling the c01n markets. div & narmonix trader. Buy high sell low v0la boysPatrick Nassef @Patrick0x41
554 Followers 3K Following Cyber Security Consultant | CRTL | CRTO | eCPTXv2 | eWPTXv2 | eCPPTv2 | Cybernetics HTBRad @rad9800
6K Followers 830 Following labs @praetorianlabs opinions are my own and not of my employerbsforvt727 @bsforvt727
53 Followers 486 Following Independent Malware Hunter and Analyst https://t.co/zUDEQGewji… https://t.co/AUrKgTN8D0Dor @Dor00tkit
40 Followers 340 FollowingCoalemus @chyb3r
30 Followers 747 Following Writer, producer and director of Space Jam: The Musical.HawesRT @hawes_rt
53 Followers 292 Following Embrace the unknown - Personal account - Enjoy the path of life 🤘hamaccount @hamaccount
18 Followers 1K Followingcatdogcat @saveyerlife
17 Followers 139 FollowingY @YongSeng_G
231 Followers 2K FollowingOpenMTD @OpenMTD
106 Followers 728 Followingctiyeewesley @ctiyeewesley
101 Followers 568 Followingwerdhaihai @werdhaihai
295 Followers 459 Following Adversary Simulation Consultant @SpecterOps https://t.co/pztdK7udq3Ahmed Hassan @hassanahmed8199
87 Followers 366 Following Penetration Tester in IT-Secure | Part-Time Bug Hunter | OSCP | CEH | eCPPT | eWAPT | eJPT | eMAPT | eWPTX | eCPTX | CEIHouse of INT3 @houseofint3
18 Followers 215 FollowingGreg Bednarski @gmbednarski
435 Followers 139 Following Information security tech, policy, practice, homelab, networking, making things. Twitter is my threat intel stream. Super irregular Tweets, comments are my own.Li Li @LiLi13223166092
1 Followers 304 FollowingSamarth Tripathi @Samarth81229033
0 Followers 85 FollowingGodw @G0djw
42 Followers 357 FollowingJustry @7ustry
67 Followers 2K FollowingAlessandro Di Carlo @samaritan_o
2K Followers 1K Following Forensics & Product Manager at @Certego_IRT - @TheDFIRReport Analyst - 3x @SANSInstitute Lethal Forensicator - GCFA - GASFYarden Shafir @yarden_shafir
19K Followers 272 Following A circus artist with a visual studio licenseϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected]Will Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]lcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3Richard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHGreg Linares (Laughin.. @Laughing_Mantis
29K Followers 2K Following 20+ yrs in Infosec. Cybergoth. Musician. Autistic. Art @MalwareArt. 4x Pwnie Nominee. Red Teamer. 𝕍𝕏. Chronic Illness Fighter. I love Smite, Gamedev & SynthsJustin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsb33f | 🇺🇦✊ @FuzzySec
32K Followers 844 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabsIvan Fratric 💙💛 @ifsecure
17K Followers 192 Following Security researcher at Google Project Zero. Tweets are my own. Backup @[email protected]David Weston (DWIZZZL.. @dwizzzleMSFT
25K Followers 1K Following Vice President, OS Security and Enterprise @Microsoft || @CISAgov Technical Advisory Committeemdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)James Forshaw @tiraniddo
48K Followers 364 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]Tavis Ormandy @taviso
127K Followers 645 Following Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine. I'm also @[email protected]Shane Huntley @ShaneHuntley
17K Followers 989 Following 🇦🇺 Google's Threat Analysis Group. Pwnie award winner. Tweets are my own.Thomas Roccia 🤘 @fr0gger_
25K Followers 2K Following Sr. Threat Researcher @Microsoft, Malware Warlock, Threat Intel, Python🧡- Former @McAfee_labs, Goon @Defcon, Creator of #UnprotectProject - Tweets are my ownhasherezade @hasherezade
84K Followers 845 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)chrisrohlf @chrisrohlf
11K Followers 783 Following 🇺🇸 Waging algorithmic warfare since 2003. Software and Security Engineer. Non-Resident Research Fellow @CSETGeorgetown CyberAICheck Point Research @_CPResearch_
21K Followers 115 Following Fighting cyber threats one research at a time. News from Check Point’s (@checkpointSW) Research team. Podcast: https://t.co/Cp128Xv0CM…Satoshi Tanda @standa_t
7K Followers 358 Following Engineer & Trainer. My DM is open. https://t.co/hqylaDLtNvBrian in Pittsburgh @arekfurt
6K Followers 774 Following Former attorney, current IT & infosec consultant in the 'Burgh. Happy to talk about password spraying one minute and constitutional law the next. Son of #wvu.George Hughey @ecthr0s
443 Followers 181 Following MSRC Engineering - previously CS @ University of Maryland working on Geneva (https://t.co/dMYqBnn2oA)Manoj @mj4x00
34 Followers 200 Following Cloud Security Researcher | Exploit | Malware | Python fanaticJonathan Bar Or (JBO).. @yo_yo_yo_jbo
3K Followers 1K Following Security research architect for @Microsoft Defender for cross-platform. Member of @thegooniesctf. Linux, Windows, Android, MacOS, iOS, ChromeOS, baremetal.Caitlin Condon @catc0n
3K Followers 3K Following Adventurer. Takes a lot of photos, calls many places home. Vulnerability research director at @Rapid7. Opinions mine, etc. She/her.wvu @wvuuuuuuuuuuuuu
6K Followers 1K Following Sentient one-liner grepping the Internet for signs of intelligence. VulnCheck. Previously Atredis, Rapid7 vuln research, and Metasploit.Raj Samani @Raj_Samani
14K Followers 645 Following Chief Scientist @Rapid7 (ex @McAfee) | @cloudsa | Co-author of @CyberGridBook & CSA Guide to Cloud | Advisor @EC3Europol @[email protected]Golan Cohen @Golan13
36 Followers 173 FollowingAmitai Cohen 🎗️ @AmitaiCo
1K Followers 574 Following ✦ researching threats @wiz_io 🐞 maintaining vulns @cloudvulndb 🎙️ casting pods @ https://t.co/9Jsah9BjbO 🦣 https://t.co/Qass9GdKfXthAI Duong @XorNinja
4K Followers 514 Following Chief at @calif_io | ex-Google | I'm hiring https://t.co/OPTRTOOjlSMatt Holland @notnotaspy
2K Followers 148 Following Founder and CEO of @fieldeffectsoft - Co-Founder of Linchpin Labs (now @TrenchantARC) - opinions are my own, and likely wrongFlorian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Dominic Chell 👻 @domchell
16K Followers 531 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOklElastic Security Labs @elasticseclabs
2K Followers 141 Following Elastic Security Labs is democratizing security by sharing knowledge and capabilities necessary to prepare for threats. Spiritually serving humanity since 2019.Jiří Vinopal @vinopaljiri
8K Followers 429 Following Threat Researcher at Check Point @_CPResearch_ #DFIR #Reversing - All opinions expressed here are mine only. https://t.co/iWvwWF1AnNBen Barnea @nachoskrnl
1K Followers 377 Following Security Researcher @ Akamai. Windows vulnerabilities & internals research. Opinions and tweets are my ownEyal Itkin @EyalItkin
3K Followers 130 Following (Former) Vulnerability researcher. Tweets are my own.Smadj @elismadja
60 Followers 177 FollowingJohnathan Norman @spoofyroot
4K Followers 334 Following Security research and engineering lead at @microsoft. Don't feel welcome here. Moved to mastodon: https://t.co/YfJkktByFvItay Cohen🌱 @megabeets_
5K Followers 488 Following Animal liberation activist & Reverse Engineer 🌟 Forbes 30 Under 30 • Maintainer of Cutter and Rizin • Leading Research @ Check Point • I don't eat animals.Joseph Bialek @joseph.. @JosephBialek
5K Followers 350 Following No longer using Twitter, find me on Mastodon: @[email protected] Security engineer @ Microsoft. I speak on my own behalf, not my employers.Bill Demirkapi @BillDemirkapi
22K Followers 165 Following Security @ Microsoft. Passionate about Windows Internals. Opinions are my own.The Dustin Childs @dustin_childs
2K Followers 341 Following Just a simple information security gnome trying to make his way through the universe. Part-time patch wrangler. Tweets are just my opinion and such.Hardik Shah @hardik05
4K Followers 4K Following Principal Security Researcher - Tweets and opinions are my own and not of my employer. #fuzzing #trainings #security YouTube: https://t.co/grWZKdQTfZSilas Cutler // p1nk @silascutler
13K Followers 2K Following Hacker, sometimes researcher @Only_Scans, @mal_share Resident Hacker @InsideStairwell, Adjunct Senior Cyber Threat Researcher @IST_org,Philippe Lagadec @decalage2
5K Followers 1K Following Author of oletools, olefile, ViperMonkey, ExeFilter, Balbuzard. #DFIR, #malware analysis, maldocs, file formats, #Python. @[email protected]EXPMON @EXPMON_
893 Followers 0 Following Welcome to EXPMON - An Environment-binding Exploit Detection Service. We help people fight against exploit-related threats, especially those unknown/zero-days.sagitz @sagitz_
4K Followers 712 Following Cloud Security Researcher at @wiz_io • Microsoft Most Valuable Researcher 21/22/23 • Black Hat SpeakerAmi Luttwak @amiluttwak
1K Followers 164 Following CTO @wiz_io a leader in cloud security, proudly working with Wiz Research team on cloud vulnerabilities #ChaosDB #OMIGOD. leading the effort for #CloudCVE.I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. security.googleblog.com/2024/04/detect… #DFIR Hope it's useful!
our small team is actively looking for more research projects, if your company is looking vr/reverse engineering projects i'd be happy to talk
“undocumented access features”
Why doesn’t anyone agree on the term zero day?! Lulz
@Andrew___Morris @sublime_sec @jkamdjou @ianthiel I have a lot of ideas in the space. Happy to share!
Incredible news about @sublime_sec's Series A. Hands down the best email security product on the market. Congrats @jkamdjou, @ianthiel, and the whole team! sublime.security/blog/announcin…
Kudos to the entire team! Last year, we released the first generation of the Transparency Platform to showcase the ability to detect unknown threats. This release brings enhanced transparency to the software supply chain ecosystem through the lens of Binary Risk Intelligence.
BIG DAY for Binarly! The Transparency Platform v2.0 provides features for post-build compliance by continuously validating security-related changes, data on IoT/xIoT security exposure, backdoor and implant detection, and more. binarly.io/blog/ntroducin…
BIG DAY for Binarly! The Transparency Platform v2.0 provides features for post-build compliance by continuously validating security-related changes, data on IoT/xIoT security exposure, backdoor and implant detection, and more. binarly.io/blog/ntroducin…
@HaifeiLi @HackingLZ Yep. But the advisory back in 2022 says MS originally learned about it from NSA. So did NSA know the GRU was exploiting it and report it to MS to burn it? Or did NSA not know GRU was already exploiting it when it reported it? Or did MS just not tell us before now?
The 2024 Pwnie Award Nominations are now live! Submit your best and brightest bugs, wins, and failures at the link below: pwnies.com/nominations/
@HaifeiLi @yo_yo_yo_jbo Yup! I will probably DM you if I cannot find you
See you there if you are around
📢BSides Vancouver 2024 Tickets are now on sale @ lu.ma/b-sides-vancou…
@HaifeiLi I knew that major Chinese firewall/VPN vendors like Huawei, Sangfor, and QI-ANXIN have launched bug bounty programs with quite generous rewards. I'm not entirely sure how US. companies compare in this regard.
@HaifeiLi I don’t think they do🙃at least not publicly. I was wondering the same thing
@HaifeiLi Memory safety isn't applicable to os command injection. Every programming language has libraries to interact with the os.
@HaifeiLi The boring part is that nobody wants investing manual labor via client certs, network segregation, availability monitoring and egresses controls. We are optimizing for convenience and that is outsourced to too many people.
@HaifeiLi Me too but devices come in so many different designs (hardware, OS). I'm biased but 0patch should be standardized into the base device architecture, then we'd be onto something :)
For the devices vendors, it’s time to come to an open framework allowing to install third-party EDR-like agents.
@HaifeiLi I can't say technically because i haven't done coding or reversing analysis but i saw that old versions are generating phpsessid and the vulnerable are generating sessid maybe some new versions are using that.