Brandon Edwards @drraid
CTO @crashappsec. Past: Cofounder and Chief Scientist @capsule8, Hacker-in-Residence @NYUTandon, and other research, reverse-engineering, and exploit dev roles. NYC Joined June 2009-
Tweets4K
-
Followers5K
-
Following1K
-
Likes8K
@matthew_d_green What you guys are referring to as Linux, is in fact, Systemd/Linux, or as I've recently taken to calling it, Systemd plus Linux...
BTW, I am not saying that this is what happened in the #xz backdoor case, but what does not help is, github makes it quite trivial to spoof user accounts... I was just able to make a commit as this person, in my own repository: github.com/malwerina/manu…
Wait until the semi decently planted backdoors start getting found ;)
Rehash: Software Security openwall.com/lists/oss-secu…
While we are discussing supply chain attacks, let me re-post this old slide of mine that has a diagram.
"...track back the merchants of software they purchased, and backdoor that upstream if it's worth it" youtube.com/watch?v=NLS3LM…
Exciting news! 🚀 Just dropped my blogpost unveiling the universal Linux kernel LPE PoC for CVE-2024-1086 (working on v5.14 - v6.7) used for pwning Debian, Ubuntu, and KernelCTF Mitigation instances, including novel techniques like Dirty Pagedirectory 🧵 pwning.tech/nftables
Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun: md5("TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak") = md5("TEXTCOLLBYfGiJUETHQ4hEcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak")
This
We all know that plastic is now everywhere, but the great drifts of it on the world’s beaches barely scratch the surface of the plastic pollution problem Here’s a thread on just how deep the crisis goes 🧵1/
> Want to reverse engineer notepad.exe for lulz to figure out what hotkey is toggling right-to-left reading order because I keep hitting it accidentally > MBA obfuscated imports
100% this. There are gains to be had by layering LLMs on existing analysis tools. I'm looking forward to using agentic LLM as query glue for enrichment passes between static & dynamic analysis
100% this. There are gains to be had by layering LLMs on existing analysis tools. I'm looking forward to using agentic LLM as query glue for enrichment passes between static & dynamic analysis
In NYC, and want a companion? This lil guy looks lovey and fun! I'll cover your adoption fees + $500 of any other expenses (I'd foster him, but I'm about to take on a foster on top of our dog and cat--otherwise this dog looks like he'd make a great companion!)
In NYC, and want a companion? This lil guy looks lovey and fun! I'll cover your adoption fees + $500 of any other expenses (I'd foster him, but I'm about to take on a foster on top of our dog and cat--otherwise this dog looks like he'd make a great companion!)
I keep reading that one of the hardest things in operationalising SBOMs is collecting and sharing them. Worth my time building a free service to do it ? Think Google Drive for SBOMs.
Plastic pollution will be a bigger problem than leaded fuel was.
hmm
Rust guys said "C++ is unsafe" so much that Google's AI now thinks it's unsafe for children and refuses to help you out if you're under 18 😬🤦♂️🤦♂️
In b4 there's a gartner quadrant for supplai-chain
In b4 there's a gartner quadrant for supplai-chain
Halvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.mdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)thaddeus e. grugq the.. @thegrugq
129K Followers 423 Following Hacker :: https://t.co/km8BR8E1Ga :: [email protected] :: PGP https://t.co/dYipV8y3bo :: @warstudies :: https://t.co/H3dWknFCfk :: https://t.co/Z2lWqEVVuaBrendan Dolan-Gavitt @moyix
25K Followers 6K Following Associate Professor @ NYU Tandon. Security, RE, ML. PGP https://t.co/3WXr0RfRkv Founder of the MESS Lab: https://t.co/zGycrX3Gmn "an orc smiling into the camera" — CLIPJustin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsYarden Shafir @yarden_shafir
19K Followers 273 Following A circus artist with a visual studio licensechrisrohlf @chrisrohlf
11K Followers 784 Following 🇺🇸 Waging algorithmic warfare since 2003. Software and Security Engineer. Non-Resident Research Fellow @CSETGeorgetown CyberAIGreg Linares (Laughin.. @Laughing_Mantis
29K Followers 2K Following 20+ yrs in Infosec. Cybergoth. Musician. Autistic. Art @MalwareArt. 4x Pwnie Nominee. Red Teamer. 𝕍𝕏. Chronic Illness Fighter. I love Smite, Gamedev & SynthsRichard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHharoon meer @haroonmeer
17K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6bJoxean Koret (@joxean.. @matalaz
8K Followers 4K Following سمووحخ ̷̴̐ خ ̷̴̐ خ ̷̴̐ خ امارتيخ ̷̴̐ خ 巴斯克恐怖 జ్ఞffective.Power لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗జ بٍٍٍٍََُُُِّّّْرٍٍٍٍََُُِِّّّْآٍٍٍَُّ🦠بٍٍٍٍََُُُِّّّْرٍٍٍٍََُُِDavid Weston (DWIZZZL.. @dwizzzleMSFT
25K Followers 1K Following Vice President, OS Security and Enterprise @Microsoft || @CISAgov Technical Advisory CommitteeRyan Naraine @ryanaraine
28K Followers 875 Following I write about hackers and the business of cybersecurity. Podcast + newsletter: https://t.co/ZGEyqy2h7g. Columns: @securityweek. Conference: @labscon_ioRobert Graham 𝕏 @ErrataRob
66K Followers 2K Following Created (BlackICE,IPS,sidejacking,masscan). Doing (blog,code,cyber-rights,Internet-scanning). @[email protected]visi stark ( @invisig.. @invisig0th
4K Followers 663 Following Founder @vtxproject Father of the #APT1 Report @mandiant / @fireeye Inventor of synapse, vivisect, UNCs, imphash, ... DEFCON CTF Champion, Founder of Kenshoto_soliloquy_ @soliloquy144673
39 Followers 2K FollowingMcSisage @McSisage66838
15 Followers 2K Followingus_Hannah_ @usHannah131693
28 Followers 2K FollowingSKaRe @jace48
3K Followers 403 Following Computo Ergo Sum. (Capital market is my hobby). BG image courtesy https://t.co/WxJPT6qYnxNiall McGinness @Vonginness
139 Followers 2K Followingbluerust @bluerust
210 Followers 1K FollowingElsa Hasibuan @hasibuan_e12669
0 Followers 201 FollowingWilliam Centeno @Cen56477Centeno
17 Followers 166 Followingifti @ifti1297425
38 Followers 451 FollowingAndriy Semenets @semanser
520 Followers 313 Following Founder @depshub | Tech enthusiast | prev: FE Lead @grainhqOvertnews @Overtnewsng
21K Followers 6K Following Overt News is Nigeria's foremost news platform online highlighting the Breaking News, Politics, Business, Sport we bring you the news undiluted.Troy Miller @troy_miller2024
515 Followers 544 FollowingImmersive Dev @pacukluka
105 Followers 2K Following Game/Dev. Life is a circus. Immersive sims my one true love.Steve Rodriguez @SteveRodri11999
13 Followers 102 Followingwroomcatattack @Connect01digits
15 Followers 796 Followingmatic @xxx_matic_xxx
17 Followers 219 Followingwma @wma314
58 Followers 2K FollowingSmart Cherrys Tech @smartcherrystc
9K Followers 6K Following Smart Cherrys Tech is Technology World.Thoteyth @thoteyth44023
64 Followers 2K Followingpieswiss @pieswiss47476
34 Followers 2K Followingus_Gabriella_ @UsGabriell51720
31 Followers 2K FollowingNaman Devnani @naman_devnani
333 Followers 5K Following Security Researcher | Purple Team | Bug Hunter | CTF Player | Science & Tech Enthusiast | R&D | All-Source Intelligence | CAP | DCSP | TTIA | BCDESameer saifi @Sameersaif19052
2 Followers 75 FollowingHappy Go Lucky Mastif.. @HGLMastifRescue
2K Followers 2K Following 501(c)(3) non-profit organization that provides a safe place for abandoned, abused, and neglected Animals.adamp613 @adamp613
59 Followers 360 FollowingBTC only Scott - UK @btconlyscott
1K Followers 4K Following Founder of UK based international SME business. Working with business leaders in the UK / USA / Europe. #Bitcoin advocate but can't tell my bank...♿️ Posting Things.. @This_Matterz
9K Followers 10K Following 🏳️🌈+ ally, 💉💙😷 #Disability/🐕 rights, #Democracy #BLM #MentalHealth #SuicidePrevention -please keep living. I care about you.Alex @BeHappyandCivil
5K Followers 5K Following News / Politics / Television / Family / Animals / BE KIND TO EACH OTHER 🌻 / All are created EQUAL ❤️ / Happily married mom with 3 daughters and fur-kid BuddyAkif @StriderMyshkin
13 Followers 509 Following Inquisitive Reindeer | cs @ualberta | prev intern @mercury.generous_shelter_frie.. @generous_shelt
782 Followers 5K Following Coperating with @tamale_dogs in Uganda to change lives of mistreated and rescued dogs through reaching more People for support 🐕 🐶SPAY AND NEUTER🐾Save a lifeAhmed Elhady Mohamed @Ahmed__ELhady
108 Followers 532 Following Web Application Security Researcher & Consultant - Network Penetration Tester @DeloitteLisa Brabson. @LisaBrabson
10K Followers 10K Following I live in Indiana, but I am from Kentucky! I am not a Hoosier! Major Animal lover! Love nature & am a constant advocate for animals, NO GROUPS PLEASE!Robin Hogg 🏎️�.. @Dr_DNN
685 Followers 4K Following MSP for SME's we provide network, wi-fi, VoIP, cloud, backup, security & hosting solutions.yzorc @yzorcc
42 Followers 443 Following mobile appsec/re/malware | music | code | exploit dev доверяй, но проверяйAlex Souza @azuosxela
271 Followers 5K Followingnha ka @nhaka201005
4 Followers 135 Followingjay @jaaaaaaaaay27
159 Followers 1K Followingtclj @tcljtt
190 Followers 2K FollowingAlbert Bueno @AlbertBuen24911
2 Followers 134 FollowingJ'onn J'onzz @leinn32
397 Followers 798 Following Security engineer, Historian, Researcher at huskysec, I like mobile applicationsJames R T @jamestiotio
22 Followers 530 Following Open Sourcerer. Making software better through better software. Here to hopefully make a better world for everyone.Halvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.mdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)thaddeus e. grugq the.. @thegrugq
129K Followers 423 Following Hacker :: https://t.co/km8BR8E1Ga :: [email protected] :: PGP https://t.co/dYipV8y3bo :: @warstudies :: https://t.co/H3dWknFCfk :: https://t.co/Z2lWqEVVuaBrendan Dolan-Gavitt @moyix
25K Followers 6K Following Associate Professor @ NYU Tandon. Security, RE, ML. PGP https://t.co/3WXr0RfRkv Founder of the MESS Lab: https://t.co/zGycrX3Gmn "an orc smiling into the camera" — CLIPDave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placelcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carscts🌸 @gf_256
52K Followers 625 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboychrisrohlf @chrisrohlf
11K Followers 784 Following 🇺🇸 Waging algorithmic warfare since 2003. Software and Security Engineer. Non-Resident Research Fellow @CSETGeorgetown CyberAIGreg Linares (Laughin.. @Laughing_Mantis
29K Followers 2K Following 20+ yrs in Infosec. Cybergoth. Musician. Autistic. Art @MalwareArt. 4x Pwnie Nominee. Red Teamer. 𝕍𝕏. Chronic Illness Fighter. I love Smite, Gamedev & SynthsRichard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHNicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3Battle Programmer Yuu @netspooky
18K Followers 1K Following knuck if you buck 日本語/español OK (he/they) @tmpout @binarygolf @[email protected]haroon meer @haroonmeer
17K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6bDavid Weston (DWIZZZL.. @dwizzzleMSFT
25K Followers 1K Following Vice President, OS Security and Enterprise @Microsoft || @CISAgov Technical Advisory CommitteeEllis Springe @knavesec
806 Followers 371 Following Adversary Simulation @xforcered, developer of tools, connoisseur of dogsBNO News @BNOFeed
322K Followers 13K Following Coronavirus, bird flu and other health-related updates. For other news, follow @BNONews and @BNODesk.Elise Thomas @elisethoma5
11K Followers 5K Following Senior OSINT Analyst at @ISDGlobal, investigator at @Cen4infoRes. Opinions, hot takes, mistakes all my own. Bluesky @elisethomas.bsky.socialchristine is throwing.. @x71n3
1K Followers 818 Following 'Don't miss opportunities because you think that ideas aren't important unless they're complicated. Simple ideas are often the most powerful.' -Patrick WinstonMarlon Primous @OptimusPrimous
407 Followers 353 Following VC @sevensevensix Alum @VanderbiltU Space Cowboy @CowboyBebopSchama Noel 🇭🇹�.. @SchamaNoel
11K Followers 632 Following Creator of @RapLike | features & ghostwriting: [email protected]Marcel Böhme👨�.. @mboehme_
5K Followers 978 Following Software Security @maxplanckpress (#MPI_SP), PhD @NUSComputing, Dipl.-Inf. @TUDresden_de Research Group: https://t.co/BRnFNNgynBPaul Wagenseil @snd_wagenseil
2K Followers 1K Following Custom content creator, CyberRisk Alliance. Ex-security editor, Tom's Guide. Opinions mine. Likes, retweets ≠ endorsements. Also at @[email protected].Andrea Fioraldi @andreafioraldi
3K Followers 583 Following Cyber Response Italian Supercazzola Technology Officer at @mhackeroni Inc. Writing your favourite fuzz testing tools with @aflplusplus. Security research at .Not the Same @notthesameone2
2K Followers 365 FollowingGrapheneOS @GrapheneOS
48K Followers 0 Following Open source privacy and security focused mobile OS with Android app compatibility. Forum, Discord, Telegram, Matrix: https://t.co/C0RaJbZosjGraziano @graziano
109 Followers 162 FollowingMathias Krause | @min.. @_minipli
781 Followers 34 FollowingSaagar Jha @_saagarjha
4K Followers 174 FollowingOPCDE @OPCDE
4K Followers 508 Following Cybersecurity community focused on developing and building ecosystems. Discord: https://t.co/pwCOtyQjs1⌉⩗ʸ⨏⦮⋳ @lalanl
3K Followers 3K Following “Software Engineer turned Pentester” \ “Recently laid off & looking” \ “Electronic Goth Music”;Jim Stewartson, Count.. @jimstewartson
114K Followers 3K Following Emmy-winning creative technologist being sued by Q aka Mike Flynn. @RadicalizedPod co-host. Mastodon: https://t.co/ycc97UuQAu, Threads: @jimstewartsonNeophytos Christou @neochristou
60 Followers 100 FollowingSanoop Thomas ⠵ @s4n7h0
2K Followers 2K Following Let the passion be your purpose. Hacker || Researcher || Photographer || Creator @Halcyon_IDE || Podcast host @InfoSecCampus || @BSidesSG OrganizerTheIntelFrog @TheIntelFrog
36K Followers 2K Following #AvGeek #OSINT #MilAir I mainly post military aircraft movements and some breaking events. DMs open. https://t.co/Lz90CV6l2oHans Kristensen @nukestrat
50K Followers 684 Following Director, Nuclear Information Project, Federation of American Scientists. Tracking nuclear arsenals, writing Nuclear Notebook, SIPRI Yearbook. Opinions my own.ATMOS @AtmosDaiLlKiD
365 Followers 156 Following @tcpdirect , One giant leap ahead of modern standard of twatter infosec. https://t.co/HwVQTHHA2QReJ 𓀨 Renaldas Zio.. @__ReJ__
4K Followers 467 Following AI, GPU & Neuromorphic chips 🚀 Let’s steal ideas from biology 🧠 My code runs on billion devices - I brought Unity to iOS. Also demos, PBR, ML @Unity 🎮 ex @EA@[email protected].. @staatsgeheim
4K Followers 4K Following Principal Security Researcher @zerocopter / Certificate / Buzzword / Certificate / OGBO Specialist / OMGBBQ / Personeel van @Alice_en_Bob / Tweets are my ownAlexandre Borges @ale_sp_brazil
23K Followers 111 Following Vulnerability Researcher and Exploit Developer𝙴𝚛𝚒𝚌𝚔 @bink
375 Followers 1K Following @[email protected] @bink.bsky.social Packet mangler and hardware dork. Слава Україні 🇺🇦 he/himPawel Wieczorkiewicz @wipawel
1K Followers 368 Following Low Level Security: CPUs, Kernels, Hypervisors and the like. I mostly break stuff. Offensive side of things.Specter @SpecterDev
35K Followers 266 Following Interested in Security and Exploit Development. Nano is the one true text editor.kmkz @kmkz_security
18K Followers 1K Following Offensive Security fanatic, Offsec Team lead... pom-pom girl? Who fuckin' cares ??wrongbaud @wrongbaud
4K Followers 1K Following Cars, Bikes, Coffee and Embedded Systems Security | Founder @voidstarsec Training and ConsultingDaniel Lemire @lemire
21K Followers 1K Following Computer science professor at @TELUQ (Université du Québec, @ReseauUQ), programmer, blogger. @Nasorg👨💻Colin McCarthy @US_Stormwatch
129K Followers 216 Following Worldwide Extreme Weather | Storm Chaser | Atmospheric Science @ucdavis ‘26 | Contact: [email protected]Bill Marczak @billmarczak
13K Followers 343 Following senior researcher @citizenlab, phd @UCBerkeley, co-founder @BHWatch. كلنا راجعينmRr3b00t @UK_Daniel_Card
93K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistRedTeam Pentesting @RedTeamPT
6K Followers 168 Following Official RedTeam Pentesting GmbH account -- Impressum: https://t.co/pS9oK62LsuDarren @fullspectrumdev
371 Followers 524 Following disassembler of gubbins, builder of awful things, breaker of worse things, herder of cats💾 Astr0 Baby @astr0baby
2K Followers 22 Following Numismatist, Starik and an occasional UNIX/Linux enthusiast. Persona non grata. Computer Hooligan. Experimental repo @ https://t.co/NuKUKMwI6iRET2 Systems @ret2systems
10K Followers 1 Following We strive to reimagine vulnerability research, program analysis, and security education as it exists today. An @RPISEC corporation.🆆 🅷 🅸 🅳 -.. @whid_ninja
8K Followers 2 Following Spreading Hardware Security Awareness and R&Ding IoOT ™ (Internet of Offensive Things) since 2017 {From 🇮🇹 with ❤️} - 🌐https://t.co/4txem9Ak30Who could have predicted this shocking outcome
Lennart Poettering intends to replace "sudo" with systemd's run0. Here's a quick PoC to demonstrate root permission hijacking by exploiting the fact "systemd-run" (the basis of uid0/run0, the sudo replacer) creates a user owned pty for communication with the new "root" process.
Very cute trick found in some CTF challenges written by @itszn13 that I'm reviving – the README/solver includes an ANSI escape that sets the text color to red on red and enables the "hidden" flag, so that spoilers won't show up when you cat the file :)
Like most people, I had convinced myself that I would avoid becoming boring as I aged. Unfortunately for me I just caught myself being excited about buying office furniture
@matthew_d_green What you guys are referring to as Linux, is in fact, Systemd/Linux, or as I've recently taken to calling it, Systemd plus Linux...
Lennart Poettering intends to replace "sudo" with systemd's run0. Here's a quick PoC to demonstrate root permission hijacking by exploiting the fact "systemd-run" (the basis of uid0/run0, the sudo replacer) creates a user owned pty for communication with the new "root" process.
the most annoying thing about the jailbreak beggars isn’t even the brazen entitlement. it’s refusing to understand that the time/effort needed to exploit something is not linear and often totally unpredictable. “Eta wen???” despite this being explained to them hundreds of times
Good short thread about backdoors / bugdoors
I am surprised that the academic security community has not really continued much research on backdoors despite the Dual EC incident. I am guessing people think there are vulnerabilities in every system, why should we look for backdoors, but I don't find the two the same.
Pretty cool bug! 1. Insane to see a known CVE from 2006 providing Remote kernel RW. 2. Only $12.5k ?? Not cool @Sony…
The PS4 (up to FW 11.00) and PS5 (up to FW 8.20) were vulnerable to CVE-2006-4304: hackerone.com/reports/2177925. I'll share details about successful exploitation at TyphoonCon.
Next time your management asks you to stack-rank your team, buy a small electrical motor assembly kit, drop it on their desk, and ask them to rank the components by importance/performance.
if you pass NULL to `munmap` it should just behave like `mmap` and be up to the kernel what mapping address gets unmapped,
Cherry blossom season :)
Nova is out of the shelter. Pledges can be honored at link below: nycsecondchancerescue.org/donate/ @breakfastv0dka $20 @drraid $200 @LivPetzold $10 @DD35216 $50 @LindaMayberry9 $15 @ohio_bonnie $15 @cathicus $15
Wild to me how so many people in tech can see that an artificial general intelligence would have to be one of the most complex entities in existence, but dismiss other humans, general intelligences that exist right now, as boring and barely worth understanding better.
Looks like a big unpriv leak: git.kernel.org/pub/scm/linux/…
BTW, I am not saying that this is what happened in the #xz backdoor case, but what does not help is, github makes it quite trivial to spoof user accounts... I was just able to make a commit as this person, in my own repository: github.com/malwerina/manu…
re xz backdoor: We do not live in a high trust society, we should finally realise that and stop pretending that we do. Open source projects must be treated accordingly, trust is something that has been sold out for a very long time. We should act before this breaks our neck.
Exciting news! 🚀 Just dropped my blogpost unveiling the universal Linux kernel LPE PoC for CVE-2024-1086 (working on v5.14 - v6.7) used for pwning Debian, Ubuntu, and KernelCTF Mitigation instances, including novel techniques like Dirty Pagedirectory 🧵 pwning.tech/nftables