Joshua J. Drake @jduck
A funemployed researcher living in the intersection between security and embedded Rust. jduck.me Austin, TX Joined December 2009-
Tweets19K
-
Followers28K
-
Following2K
-
Likes13K
Recently finished Operating Systems: Three easy pieces (a.k.a comet book / OSTEP). Great book to learn about Operating Systems if you have basic understanding of C and Computer Architecture, also has a lecture series with it that you can watch while reading the chapters to…
Bug Bounty changed my life. If it wasn’t for the work by @Hacker0x01, @Bugcrowd and all the people before them, I wouldn’t be able to have a hobby that pays for a lifestyle based around creativity, hacking and freedom. People that hate on BB just don’t get it. It’s life changing.
A full 16 months after the pwn2own, where no less than 5 teams had exploit submissions with this overflow, a patch is finally out for an RCE in netgear products. Here is Netgear's advisory kb.netgear.com/000066096/Secu… And @Claroty 's writeup: claroty.com/team82/researc…
My design contest is almost over. I posted up one last poll for community feedback 99designs.com/contests/poll/… Feel free to reply or reach out if you have specific feedback.
Fresh blog post for ya; We introduce coverage-guided fuzzing as a concept to hunt down bugs faster via modification of the Fuzzilli fuzzer from Google Project Zero. blog.includesecurity.com/2024/04/covera…
As silly as it sounds, I've got fomo about missing RSA. Couldn't justify the expense :-/
General reminder. If you have Palo Alto firewalls that were exposed to CVE-2023-3400, get them checked thoroughly. We’re seeing dozens of threat actors active on single devices. Just patching wasn’t the end of this.
🎉The full speaker lineup is now posted!🎉 Get your Early Bird ticket today and join us on the island of Kaua'i July 17-18! 🎟️ locomocosec.com
New slides: An overview of Talkback by @lanjelot (CrikeyCon) github.com/elttam/publica…
New slides: Causing Funky Things in your NodeJS Servers by @GhostCcamm (Ruxmon) github.com/elttam/publica…
Because the power of the Twitter-verse has landed me my last three gigs I want to give back: Anyone know an incident response professional in DFW looking for work? Mid/senior level position, and I heard the team is fun to work with ;)
New batch of automatically identified vulnerabilities just dropped. Affects industrial ethernet router from Delta Electronics. onekey.com/blog/security-…
Last week I was looking for a non technical intro to reversing. Since I couldn’t find one. I wrote one myself piiano.com/blog/software-…
Last week I was looking for a non technical intro to reversing. Since I couldn’t find one. I wrote one myself piiano.com/blog/software-…
One last call if any @AustinHackers want hackable Crestron gear.
@SlackHQ A new update removed the ability to close threads. I find it much harder to focus now if I've ever opened a thread. Currently I'm navigating channels away then back but that's quite tedious. Was this change intentional? I don't see a hotkey to hide either.
i know this is a political topic, but code reviews aren't going to save your ass from some apocalyptic subtle change, but high quality testing on every PR will.
Last year, Brandon and Ali went looking for new attack surface area in Microsoft Exchange. Ultimately, they were able to crash the Exchange file scanner by simply sending an email. Read more on our blog: bit.ly/3xVt4Ch
The logo design contest for my new security company is in the final round! Please vote on what you think is the best! 99designs.com/contests/poll/…
My next in-person training will be at @hardwear_io May 28-30th in Santa Clara USA I’ll once again be teaching in my All-You-Can-Learn Buffet style, which will include the new RISC-V Assembly material (+ firmware security, C/C++ vuln hunting, etc) hardwear.io/usa-2024/train…
Halvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.mdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)thaddeus e. grugq the.. @thegrugq
129K Followers 423 Following Hacker :: https://t.co/km8BR8E1Ga :: [email protected] :: PGP https://t.co/dYipV8y3bo :: @warstudies :: https://t.co/H3dWknFCfk :: https://t.co/Z2lWqEVVualcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3Richard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHGreg Linares (Laughin.. @Laughing_Mantis
29K Followers 2K Following 20+ yrs in Infosec. Cybergoth. Musician. Autistic. Art @MalwareArt. 4x Pwnie Nominee. Red Teamer. 𝕍𝕏. Chronic Illness Fighter. I love Smite, Gamedev & SynthsDaniel Cuthbert @dcuthbert
30K Followers 1K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & UK Government Cyber Security Advisory BoardAnge @angealbertini
24K Followers 941 Following File Formats for ever! Corkami, CPS2Shock, PoC||GTFO, Sha1tered. Security engineer @ Google/Mandiant/Flare. He/him.ϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected]h0mbre @h0mbre_
12K Followers 577 Following tryhard at linux kernel && avatar is by Ching Yeh: https://t.co/oanjFPPhe7Nathaniel @nnwakelam
38K Followers 1K FollowingGareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5Will Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]Alex Plaskett @alexjplaskett
9K Followers 591 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.b33f | 🇺🇦✊ @FuzzySec
32K Followers 844 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabsHaifei Li @HaifeiLi
7K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.shubs @infosec_au
50K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnoteMax @weouttheeu
42 Followers 200 FollowingGeek Shark @RoyelMia
186 Followers 3K Following Ethical Hacker | Red Teamer | Penetration Tester | Malware Analyst | Mobile App VAPT | Cloud Security AssessmentAyush Goyal @sl4y3r__07
37 Followers 134 Following Undergrad at IIT Roorkee, 2nd Year | Interested in learning CS concepts, Windows Internals, low-level stuffs | CTFsAshish Kumar @0x526f6f744b
3 Followers 244 Following Machine Learning | Kaggle Contributer | CTF Playershantanu sawantbhosal.. @shantan93308960
2 Followers 27 FollowingThanks Always @iTimonPumbaa
9 Followers 368 FollowingEndless Router Bugs @router_bugs
32 Followers 31 Following Expect better from your router. Sponsored by Supernetworks (https://t.co/esdXjZWwso)Illusion31 @Keshavan3107
2 Followers 2K Following Security Enthusiast | Bug Hunter | VAPT | Pentest | Red Teamingwhatever douchebag @notsureigetthis
70 Followers 925 FollowingKurt Baumgartner @k_sec
7K Followers 1K Following principal security researcher - kaspersky GReAT. I have many leather-bound books and my apartment smells of rich mahogany. thanks for all the xorsam scholten @samkscholten
430 Followers 668 Following detection @sublime_sec 🕵️ fmr: @proofpoint https://t.co/SL2P9joPu8Antonio Díaz Del Val.. @AntonioDaz13948
2 Followers 79 FollowingOthwes @othwes
164 Followers 338 Following “Creativity is intelligence having fun.” — Albert Einsteinhackerfantastic.x @hackerfantastic
102K Followers 4K Following Co-Founder @myhackerhouse cyber security assurance & hacker training ~ ISBN9781119561453 ~ a book on professional hacking. Offensive Lua project.lala guo @lalaguo1
1 Followers 110 FollowingKeerthy @Keerthyvash
8 Followers 331 Following ʀᴅᴊ ғᴏʀ ᴇᴠᴇʀ | ᴛᴇᴄʜ ɢᴇᴇᴋ | ʜᴀᴄᴋᴇʀ| ғᴜʟʟ sᴛᴀᴄᴋ ᴅᴇᴠᴇʟᴏᴘᴇʀ | 21 | security researcher You know who I am.Z_bot_OFFICIAL @Zbot_official
32 Followers 170 Following Hi! I’m LLM based Artificial Intelligence Implemented by an Asian Punk Star X. CTO of Z-Bot Official.Larioce @yekedolary1
69 Followers 731 Following La vie est une pute et chaque soir je lui fais l'amour 🖕[email protected] �.. @kpcyrd
341 Followers 165 Following Rust Developer 🦀, {Arch Linux,Debian,Alpine} Package Maintainer 📦, Reproducible Builds Enthusiast ⛓, Security Researcher 🦝, Anarcho Communist 🏴Adam Mariš @neuralhax
51 Followers 470 Following Interested in hacking, red teaming, exploits and coffee. Opinions are anything but mine.Waffle2886 @waffle2886
2 Followers 40 Followingtsr @tsr1654079
4 Followers 128 FollowingCarmen finnley kait @finnley_C
1 Followers 27 FollowingGrace Burgess @Edwardvemin
305 Followers 5K FollowingTheGreatAugustin @BestAugustin
9 Followers 434 Following Cinema Studies postgraduate student. EN/CN. French learning.Radfem. She/Her.Aseri @AseriOCE
295 Followers 3K FollowingEdis @edis1250
435 Followers 3K FollowingFabrice Niyonizigiye @fabricefb112
27 Followers 398 Followingmaison millemont @maison1000mont
141 Followers 2K FollowingBob @flippityflop0
7 Followers 623 Followinguser31fibcxw2 @user31fibcxw2
0 Followers 564 FollowingCybermallard @cybermallard
199 Followers 2K Followingnoe @nopucopc
44 Followers 888 Followingchestnut @ch35tnut_
157 Followers 141 Following security researcher | code everything | to quieter you become the more you are able to hearSmith @anonymous467566
531 Followers 6K FollowingEgo @Ego985176282786
3 Followers 17 FollowingBoaz Maoz @boazmaoz
713 Followers 1K Following Managing Director, Google Cloud Israel. Tweets are my ownBahadur Das @Bahadur95097676
822 Followers 3K FollowingHalvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.mdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)thaddeus e. grugq the.. @thegrugq
129K Followers 423 Following Hacker :: https://t.co/km8BR8E1Ga :: [email protected] :: PGP https://t.co/dYipV8y3bo :: @warstudies :: https://t.co/H3dWknFCfk :: https://t.co/Z2lWqEVVualcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3Zero Day Initiative @thezdi
77K Followers 17 Following Trend Micro’s Zero Day Initiative (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.Richard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHGreg Linares (Laughin.. @Laughing_Mantis
29K Followers 2K Following 20+ yrs in Infosec. Cybergoth. Musician. Autistic. Art @MalwareArt. 4x Pwnie Nominee. Red Teamer. 𝕍𝕏. Chronic Illness Fighter. I love Smite, Gamedev & SynthsAnge @angealbertini
24K Followers 941 Following File Formats for ever! Corkami, CPS2Shock, PoC||GTFO, Sha1tered. Security engineer @ Google/Mandiant/Flare. He/him.ϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected][email protected].. @0xdea
12K Followers 19 Following When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.Saar Amar @AmarSaar
18K Followers 362 Following Reversing, exploits, {Windows, Hyper-V, *OS} internals, mitigations. Apple SEAR. Opinions are my own. @[email protected]h0mbre @h0mbre_
12K Followers 577 Following tryhard at linux kernel && avatar is by Ching Yeh: https://t.co/oanjFPPhe7Gareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5Will Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]Maddie Stone @maddiestone
64K Followers 847 Following Security Researcher - Google's Threat Analysis Group | 0days all day. Love all things bytes, assembly, and glitter. she/her.Alex Plaskett @alexjplaskett
9K Followers 591 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.Tactical Soap @doulos0
2K Followers 3K Following Christian, husband, father, conservative, OSCP, GWAPT, Red Team Lead, pursuer of fitness and discipline, 3D #HackerArt-- Είμαι δούλος του ΧριστούAlon Zahavi @Alon_Z4
64 Followers 158 FollowingSTÖK ✌️ @stokfredrik
127K Followers 1K Following Hi.. im that hacker / creative that your friends told you about. Creative Director & Hacks all the things at @truesecJonathan Jacobi @j0nathanj
3K Followers 923 Following CTO Office @Dazz_io. Co-Founder @pb_ctf, Member @pastenctf. Ex @Microsoft & @CheckPointSw. Cyber Security, AI and cool Tech in generalCiarán Cotter @monkehack
3K Followers 420 Following 22-year-old Irish web hacker living in The Hague. Cork native. 🇮🇪 / 🇯🇵. Newsletter every Monday. https://t.co/7IvJ9Od3ZcMr. Rc @rcx86
11K Followers 446 Following Low-Level CS, RE & Systems Programming. 16 y/o ◦ Member @thehackerscrew1 ◦ https://t.co/HDi3p5I8pV | 🇮🇳lanjelot @lanjelot
1K Followers 238 Following Pentester, member of @thegooniesctf CTF team, author of the brute-forcing tool Patatorhackerfantastic.x @hackerfantastic
102K Followers 4K Following Co-Founder @myhackerhouse cyber security assurance & hacker training ~ ISBN9781119561453 ~ a book on professional hacking. Offensive Lua project.Nick Percoco @c7five
25K Followers 889 Following Chief Security Officer at @krakenfx, hacker, @THOTCON OPER, @IamTheCavalry, @DEFCON NOC, @SpiderLabs founder - Opinions are my own, not my employer’s - #bitcoinꙅɿɘƚɔɘqꙅ @_specters_
5K Followers 938 Following Steal whips and do kick flips 🇵🇷 Hacker & Skateboarder wannabeDanis Jiang @danis_jiang
2K Followers 896 Following Yuhao Jiang / former ctfer @ Vidar-Team / Security Researcher @ Ant Group Light-Year Security Lab / GeekPwn 2022 / Pwnie Awards 2023 / Tianfu Cup 2023Nagli @galnagli
33K Followers 556 Following Hacker, Bug Bounty Hunter - Top 5 All Time @Hacker0x01, Top 20 @BugCrowd. Live Hacking Events Winner & Founder of @shockwave_sec - Attack Surface ManagementOSTIF Official @OSTIFofficial
2K Followers 794 Following Non-profit org that connects open-source projects with security resources. We are the Open Source Technology Improvement Fund.Critical Thinking - B.. @ctbbpodcast
13K Followers 50 Following A 'by Hackers for Hackers' podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest exploitation techniques.Matt @zap_rpisec
117 Followers 73 FollowingRyotaK @ryotkak
5K Followers 705 Following 20 years old / Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Keybase: https://t.co/At1h6p5Kxf | Misskey: https://t.co/63E5Rpv2pkFlatt Security Inc. @flatt_sec_en
344 Followers 1 Following A cyber security company based in Tokyo, Japan. We provide security assessment, penetration test services and a cloud security automation. JP: @flatt_securityHexacon @hexacon_fr
4K Followers 1 Following Offensive security conference in the heart of Paris. 13-14th October 2023 Join our Discord server! https://t.co/Btl15G8LsIdisclose.io (infosec... @disclose_io
3K Followers 926 Following Free open-source tools to standardize, normalize, and promote the adoption of vulnerability reporting and disclosure. #internetimmunesystem #hacktheplanetAnderson Nascimento @andersonc0d3
2K Followers 2 Following Founder & Security Researcher @alleleintelAllele Security Intel.. @alleleintel
473 Followers 1 Following We are an information security company that offers consulting, intelligence, training and research services. Efficient information security services.Lars Bergstrom @larsberg_
4K Followers 3K Following Google Director of Engineering, @android Platform Tools & Libraries. @rust_foundation & @risc_v Board of Directors. Powerlifter. (he/him)Filip Dragovic @filip_dragovic
6K Followers 1K FollowingKunlunLab @KunlunLab
1K Followers 87 Following Kunlun Lab from CyberKunlun, Vulnerability Research & Protection Solutionshex nomad @hexnomad
979 Followers 265 Following researcher, developer, @fieldeffectsoft, [email protected]Tal Be'ery @TalBeerySec
9K Followers 2K Following Security Research Manager Co-Founder, CTO @ZenGo Advisor @ZeroNetworks x-VP Research Aorato, acq by @Microsoft 9 times @BlackHatEvents speaker1377 High-yield Nukes @buptdsb
883 Followers 999 Following Frontend / Chromium / V8 / Devtools(TTD) / Networking(TCP/QUIC) / ?clearseclabs @clearseclabs
20 Followers 1 Following Clear Security, Training, and Solutions Check out website for latest course offerings.clearbluejar @clearbluejar
979 Followers 295 Following Research | Learn | Write | Code | Repeat | https://t.co/aMkHjDdfTq #patchdiffing | Author of #ghidriff | Security Researcher @clearseclabsCompass Security @compasssecurity
3K Followers 116 Following Penetration Testing, Red Teaming, Incident Response, Bug Bounty, Security Training, Cyber RangeKevin Dewald @KevinDewald
399 Followers 677 Following Making AI go brrr @mkoneai, Startup Mentor @ UC Berkeley StEP, creator of @LibSimpleBLE, ex-@Neuralink. Not an AI last time I checked.SimpleBLE @LibSimpleBLE
16 Followers 3 Following Official Twitter account of SimpleBLE, a fully-fledged cross-platform open-source library to use Bluetooth with a simple and straightforward API.MOGWAI LABS GmbH @mogwailabs
543 Followers 0 Following a infosec boutique with a strong emphasis on offensive security, based in Neu-Ulm (South Germany)hermit @ackmage
2K Followers 413 Following hacking, art, gaming • https://t.co/UOmNQkGjy2 • google dorks: @the_dork_web • pixel art: @halfpotion • https://t.co/A9DDoPlcqv • she/her/anyTweag @tweagio
5K Followers 260 Following The Open Source Programming Office (OSPO) of @ModusCreate. Improving the craft of software engineering.Endless Router Bugs @router_bugs
32 Followers 31 Following Expect better from your router. Sponsored by Supernetworks (https://t.co/esdXjZWwso)POC_Crew 👨👩�.. @POC_Crew
6K Followers 667 Following Organizer of Zer0Con, POC and MOSEC #Zer0Con2024 (4~5th April 2024 / https://t.co/7Eh8RkpPYJ)FuzzingLabs @FuzzingLabs
6K Followers 4K Following Research-oriented cybersecurity startup specializing in vulnerability research, #fuzzing, Browsers, Telecom & #blockchain security | by @Pat_VentuzeloJim Huang @jserv
12K Followers 7K Following "A hacker, a lecturer, a father" // Adjunct faculty at @NCKU_officialYesWeHack ⠵ @yeswehack
34K Followers 4K Following Global Bug Bounty & VDP Platform - #YesWeRHackers 🎯 https://t.co/57gODBq2WZ 👾 https://t.co/ICc6RyhJTp 💡 https://t.co/KNYxhkKuztCybersecurity and Inf.. @CISAgov
279K Followers 109 Following America's Cyber Defense Agency and National Coordinator for critical infrastructure security & resilience. Likes, RTs, follows ≠ endorsements.Looking forward to Nils presenting the Apple Watch ⌚️ Reverse Engineering at @reconmtl! It was fun to supervise this project and see the Android reimplementation grow. The most proprietary protocol stack ever, including the SOCKS 🧦 replacement SHOES 👞 and multiple crypto layers
@jduck Pixel Watch mostly made it non-interoperable with iOS Bluetooth on purpose by using RFCOMM instead of BLE/GATT for local configuration. Everything else goes via the Fitbit cloud ☁️ because that's where your health data belongs...
👀
It's the @DecipherSec Memory Safe episode you didn't know you wanted, but here it is anyway. @LindseyOD123 grilling me. Shoutouts to @window, @k8em0, @RSnake and many others in here. Super fun. youtu.be/WzJuXiW1drg?si…
Imagine seeing a comment in the source code saying: removing this because nobody was using it. And they remove everything but one line of the feature. That one line makes the code vulnerable….
Rust offers great coding flexibility and advantages on Ubuntu, but that's not all. 🧑💻 With eBPF, sched-ext, and Rust, you can hot-swap the Linux kernel scheduler at run-time with a user-space program. Learn more in our blog. canonical.com/blog/crafting-… #RustLang #OpenSource
Bug Bounty changed my life. If it wasn’t for the work by @Hacker0x01, @Bugcrowd and all the people before them, I wouldn’t be able to have a hobby that pays for a lifestyle based around creativity, hacking and freedom. People that hate on BB just don’t get it. It’s life changing.
I’m on a flight in US and an old lady has caused confusion, hilarity and then amazement as the crew expected her to be an infant. She is actually 101 and the computer can’t handle an age that high so just put her down as a 1 year old on the manifest. She laughed it off. Legend.
This weeks release includes a whooping 8 new modules including the latest PAN-OS RCE, and a slew of enhancements rapid7.com/blog/post/2024…
Details on CVE-2024-21473 are coming soon, and it looks like it affected more than Synology @Claroty @thezdi linkedin.com/feed/update/ur…
I thought about writing a proof of concept. A buffer overflow vulnerability in which the input is my heart rate. The vulnerability is triggered when my heart rate reaches 100 bpm. I have a Polar H10 chest strap.
Amazing news! Wrote a new song for @PanikArcade’s new game “Yellow Taxi Goes Vroom” and I think it kinda slaps. Get it now on steam! store.steampowered.com/app/2011780/Ye… Beat by me and @PhillHarmonix 🚕
in the react world it's not uncommon to spend 3 days debugging a widespread 3rd party UI dependency to conclude with writing your own minimal version that 1) actually works 2) doesn't hurt your users 3) can handle real amounts of data #spr #wireshark new plugin coming soon
It is frustrating (if understandable) that we don’t have trivial ways to answer questions like “can execution ever reach expression Y when global state satisfies X?” or “can execution ever reach expression Y after entering function X but before leaving it?” about a code base
I saw this car down the docks today. It took all my strength to control my natural instincts.
I improved the error message emitted by rustc when `->` is used for field access! github.com/rust-lang/rust…
Next time your management asks you to stack-rank your team, buy a small electrical motor assembly kit, drop it on their desk, and ask them to rank the components by importance/performance.
@ghidraninja @GaWojtek I've got its bigger CNC metal cousin. Much more of a PITA to adjust than the PCbite, but stays put much more. P.s. the robots are coming.