Đào Trọng Nghĩa @nghiadt1098
Pwn2own Vancouver 2021/2022. Pwner at @dfsec_com. Tweets are my own. https://t.co/4Y2w4FalIC Joined June 2018-
Tweets854
-
Followers1K
-
Following1K
-
Likes2K
Recently, many people have been asking me on how to get started with their reverse engineering journey. So I will try to share my path and what helped me on the way 🧵
Difficult vulnerabilities make you more cultured. Difficult exploits make you more persistent. Difficult detection evasion makes you wiser. If in doubt, choose the more difficult path.
Excellent LPE write-up by @gabe_k , where he details how suspected compiler changes lead to the introduction of double fetch vulnerabilities. Also discusses a KASLR side channel bypass. PoCs included. Definitely check it out exploits.forsale/24h2-nt-exploi…
I had an inquiry about ACPI checks, and decided to run through how they work and how to mitigate them on VMware and QEMU. It's a quick and dirty write-up, so excuse the brevity. revers.engineering/evading-trivia…
So @j00ru published two posts on Windows Registry; given that there were a lot of fixes in Windows Registry in recent months I expect these to be fun ;) googleprojectzero.blogspot.com/2024/04/the-wi… googleprojectzero.blogspot.com/2024/04/the-wi…
Here's my blog post about CVE-2024-26230. I aim not only to introduce the exploit stage but also hope to share my thoughts on how I completed the exploitation step-by-step in all my posts from now on. whereisk0shl.top/post/a-trick-t…
I just created the tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs. github.com/binderlabs/Dir…
New blog post is up, exploring detection options for some recent In- the- Wild Windows LPE 0- days elastic.co/security-labs/…
If you also need to reverse and debug windows , this simple but useful project maybe can make your life easier. github.com/tinysec/rtypes
@jvert @markrussinovich Well... It's not quite KD, but WinDbg has supported debugging the Linux kernel via an EXDI connection for some time. Easiest setup is to enable the gdbserver on QEMU and use EXDI in WinDbg selecting "Linux" as the OS. I've source level stepped the Linux kernel doing that...
Debugging the Windows Secure Kernel with JTAG, EXDI, LBR and Intel Processor Trace, Part 3: asset-intertech.com/resources/blog…
Intel Hardware Shield deep dive: part 1 is user-mode System Management Mode (ISRD). tandasat.github.io/blog/2024/02/2… ISRD is beautifully architected, and I have enjoyed studying it a lot. Excellent work by Intel.
#Lazarus exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools.CVE-2024-21338 Beyond BYOVD with an Admin-to-Kernel Zero-Day decoded.avast.io/janvojtesek/la…
Game hackers really do perform in-depth reverse engineering! A great post on analysis of Valorant's Guarded Regions reversing.info/posts/guardedr… by @Xyrem256 Reverse engineering integrity checks in Black Ops 3 by @momo5502 web.archive.org/web/2023052223…
One of our browser team members(@h0meb0dysj) wrote a detailed analysis on CVE-2024-0517 (Out of Bounds Write in V8). 📍For detailed information, please refer to the provided link. cwresearchlab.co.kr/entry/CVE-2024…
Today, we're disclosing an overlooked, wide-impact bug/attack vector affecting the Windows/COM ecosystem, dubbed #MonikerLink. In Outlook, the bug's impact is far and wide: from leaking NTLM creds to RCE. The same issue may exist in other software, too. research.checkpoint.com/2024/the-risks…
Rootkits, keyloggers, and DKOM (oh my!). The video is finally up for @FuzzySec and I’s BlackHat talk: Close encounters of the advanced persistent kind: Leveraging rootkits for post-exploitation. Check it out ☺️ youtu.be/t7Rx3crobZU?si…
Operating Systems Course: youtube.com/playlist?list=…
I get lots of requests for recommended resources for learning Windows, exploitation, VR, etc. I have some good links but there’s lots of others I don’t know or forgot about. Give me your best suggestions please! Feel free to link your own stuff, I wanna see it!
Our Managed Defense team identified a threat actor, UNC4990, who uses USB devices for initial attacks. They have moved from using seemingly benign encoded text files to hosting payloads on popular websites. Read more: mandiant.com/resources/blog… #Malware #ManagedDefense
Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdBien Pham 🇻🇳 @bienpnn
4K Followers 398 Following P (Million Live!) / LoveLiver / Shihainin hackerman at @qriousec & @ProjectSEKAIctf traveling around the world (mostly to 🇯🇵) Tiếng Việt / English / 日本語 范阮玉邊Pham Khanh @rskvp93
1K Followers 286 Following Security Engineer at @calif_io. Winner of Pwn2own Vancouver 2021, Torento 2022, Vancouver 2023. MSRC top 100 2019,2020,2021.Nguyen The Duc @ducnt_
2K Followers 393 Following Just another web warrior ⚔️ Security Researcher ۞ Principal Security Engineer @vngsecresponse ۞ Pwn2Own 2023 ۞ @vnsec squad ۞ 💰https://t.co/wuyz6IfAbA ۞ nano 💻LamScun @LamScun
2K Followers 785 Following Researcher of mobile and web security issues. It's safer in the forest than on the internet.LiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeioNguyen Xuan Hoang @hoangnx99
631 Followers 107 Following Security Researcher at @vcslab Chief Finance Officer of @u0Kplusplushuyna @huyna89
747 Followers 928 FollowingMd Ismail Šojal @0x0SojalSec
22K Followers 4K Following Cyber_Security_Researchers || 0SINT || Digital Forensics System Analysis / incident Response II Pwn || GH0ST_3xP10iT || 0ld Accounts Suspended @0xSojalSec ||Khoa Dinh @_l0gg
580 Followers 112 Followingcrazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not groupthAI Duong @XorNinja
4K Followers 514 Following Chief at @calif_io | ex-Google | I'm hiring https://t.co/OPTRTOOjlSb33f | 🇺🇦✊ @FuzzySec
32K Followers 844 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabsKHALIL AHMAD @KhalilAhmad3385
42 Followers 487 FollowingCassidy Waddington @CassidWaddingto
63 Followers 5K Followingv0ldemort (blas) @floridacyborg
165 Followers 488 Following Part of FLARE @Mandiant / @GoogleCloud 💻👾🔬 @uf_fics Alum 🐊 Some Web3 & Mobile Sec 📞💰CTF Welcome Challenge Conqueror 🚩 opinions are my ownDenny Emiliano @denny_emili
51 Followers 5K Followinghái nguyễn @hai0207e
5 Followers 19 FollowingChristina @foster46christi
198 Followers 3K FollowingT-Rex @0xt_r3x
10 Followers 267 FollowingBAALI Mohammed @_EDBAALI
3 Followers 188 FollowingBd55 @Bd5511
3 Followers 15 FollowingJoseph Kanko @JosephKanko4
44 Followers 1K FollowingWayne @ssh_rootAlpine
0 Followers 53 FollowingLê Văn Chinh @Vn_sou1
0 Followers 18 FollowingNghi Vi @NghiVi1
20 Followers 104 Followingcrazyman @crazyman823886
340 Followers 649 Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities pre account @CrazymanArmystackHeaper @Stackmemory
0 Followers 59 Following Binary Exploitation student. Interested in Low level stuff RE-VR-Fuzzing-Assembly-C/C++ ProgrammingThái Lê minh @LmThai99
0 Followers 17 Followingjovial @grepNstep
44 Followers 2K Following Retweet != endorsement. Trust those who seek the truth, doubt those who find itShimi Segal @shimisegal8
27 Followers 162 Following Reverse Engineer || Vulnerability Research Student @SelfLearningAlex @0xr0y4l
1 Followers 288 FollowingAva Cizek @cize_av
77 Followers 5K FollowingAlina Parrino @ParrinoAli85716
70 Followers 5K FollowingYuriko Peschong @YPeschong21439
30 Followers 5K FollowingAlisa Esage Шевч�.. @alisaesage
35K Followers 143 Following Independent hacker, solo winner Pwn2Own • Building my system of power knowledge @zerodaytrainingJoe @Joe31764327
33 Followers 485 Followingquang vu @quangvuk
59 Followers 861 Followingbaysao @baysao
205 Followers 2K FollowingNhan Vo @nhanvoht
13 Followers 349 FollowingOliver Michels @oliver_44227
0 Followers 116 Followingb-rad @bradcyb3rguy
0 Followers 53 FollowingSang @Sang32798028
51 Followers 59 Followingjiya cheka @jiyacheka20
81 Followers 601 FollowingNgo Thanh Van @_EaZyq_
15 Followers 84 FollowingWin win @nonameno1082
1 Followers 8 Followingdatdt97 @datdt97
16 Followers 81 FollowingMd Mosaraf Hossain | .. @mosarafit
24 Followers 194 Following 🏅 Certified by @Google 🎵 #YouTube & #MusicPromoter 📱 #SocialMediaManager ✨🌍 @SEO Analyst #spotify 📌 Webinar registration 📩DM me for HelpTính @ @tinhxxxx
3 Followers 48 FollowingdarshanNaik @ismat_darshan
5 Followers 101 FollowingOwen @owench3rn
0 Followers 50 FollowingMe0x2 @Me0x2Gain
1 Followers 35 Followingkumar_sidhant @sidhant_kumar3
0 Followers 48 FollowingPanPanss @HenPanss
11 Followers 64 FollowingKelvin @Kelvin74223507
9 Followers 50 Followingrthhh @rthhh17
2K Followers 572 Following Hyper-V Security Researcher. Black Hat USA 2021/2022 Speaker. MSRC MVR 2019/2020/2022.Zero Day Initiative @thezdi
77K Followers 17 Following Trend Micro’s Zero Day Initiative (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowdcts🌸 @gf_256
52K Followers 624 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboyBien Pham 🇻🇳 @bienpnn
4K Followers 398 Following P (Million Live!) / LoveLiver / Shihainin hackerman at @qriousec & @ProjectSEKAIctf traveling around the world (mostly to 🇯🇵) Tiếng Việt / English / 日本語 范阮玉邊Nicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3Pham Khanh @rskvp93
1K Followers 286 Following Security Engineer at @calif_io. Winner of Pwn2own Vancouver 2021, Torento 2022, Vancouver 2023. MSRC top 100 2019,2020,2021.starlabs @starlabs_sg
7K Followers 16 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks against the ever-evolving threat of cyber attacks.Nguyen The Duc @ducnt_
2K Followers 393 Following Just another web warrior ⚔️ Security Researcher ۞ Principal Security Engineer @vngsecresponse ۞ Pwn2Own 2023 ۞ @vnsec squad ۞ 💰https://t.co/wuyz6IfAbA ۞ nano 💻Ptrace Security GmbH @ptracesecurity
53K Followers 883 Following Empowering IT Security Professionals through Hands-On Online Courses.VCSLab @vcslab
2K Followers 31 Following This is the Twitter channel of VCSLab - the research team of Viettel Cyber Security0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |Alex Plaskett @alexjplaskett
9K Followers 590 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.Haifei Li @HaifeiLi
7K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.LiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeioϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected]Chromium Disclosed Se.. @BugsChromium
8K Followers 0 Following Tweets publicly disclosed bugs in Chromium. Not an official Google product. Run by @SecurityMB. Mastodon: @[email protected]Nguyen Xuan Hoang @hoangnx99
631 Followers 107 Following Security Researcher at @vcslab Chief Finance Officer of @u0Kplusplusv0ldemort (blas) @floridacyborg
165 Followers 488 Following Part of FLARE @Mandiant / @GoogleCloud 💻👾🔬 @uf_fics Alum 🐊 Some Web3 & Mobile Sec 📞💰CTF Welcome Challenge Conqueror 🚩 opinions are my owncrazyman @crazyman823886
340 Followers 649 Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities pre account @CrazymanArmyStephen Sims @Steph3nSims
20K Followers 601 Following Perpetual Student | SANS Fellow | Musician | Braggart Hater | Gray Hat Hacking | VR | 🏂 | d3adc0de | oNLyHaCKeRs | https://t.co/CadJehomsU4n0nym4u5 @ArjunGU2
200 Followers 242 Following 21 yo undergraduate. CTF Player @ProjectSEKAIctf | Red Team | Vuln Researcher Seeking for job/internship opportunities. Ex NDay intern @ Exodus IntelligenceIsmael Valenzuela @aboutsecurity
17K Followers 9K Following VP Threat Research & Intelligence @BlackBerry ▪️ Ex @Foundstone @Intel @McAfee ▪️ SANS Senior Instructor, GSE #132 ▪️ Author #SEC530 #SEC568 #ThinkRedActBlueCZ 🔶 BNB @cz_binance
9.0M Followers 2K Following @binance co-founder and former CEO, holder of #bnb #btcthaihust @thaihust
6 Followers 51 FollowingGareth Evans @kryc_uk
469 Followers 140 Following Security Researcher. Microsoft Edge Security Lead. Words & Opinions are my own.Kelvin Chan @KelvinMsft
917 Followers 13 Following @Microsoft Windows Core Kernel Engineer | @HongKong People in America | Opinions are my own.Aleksei Kulaev @flat_z
10K Followers 948 Following Console hacker, former Kaspersky Team Lead of Exploits & Network Threat Detection, security researcher. For tips (thx!): https://t.co/VxJMiawFpPh0mbre @h0mbre_
12K Followers 577 Following tryhard at linux kernel && avatar is by Ching Yeh: https://t.co/oanjFPPhe7Nick Carr @ItsReallyNick
38K Followers 4K Following Lead, Cyber Crime Intelligence @Microsoft ☠🏛️ Former Incident Response + Threat Research @Mandiant 🦅 Former Chief Technical Analyst @CISAgov 🛡️Ramin Nafisi @MalwareRE
5K Followers 2K Following Malware RE Lead @ Microsoft Threat Intel Center (MSTIC) || Fascinated & humbled by your complex malware, me vs. your code, not me vs. you/yours.crazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not groupTruong Nhat Tran🇻�.. @nhat_truongsec
170 Followers 330 Following Product Security, RedTeam, Security Blogger: https://t.co/LBYn1ENRUv Parttime Bug bounty Hunter (less time now:v) @Hacker0x01-@SynackRedTeamChavda Zeel @ChavdaZeel
590 Followers 4K Following Pentester | @synack | Web Security | Learner. My tweets are my ownPrateekg147 @prateekg147
4K Followers 1K Following Focusing on *OS and Browser Security. Research @8ksecIgor Kuznetsov @2igosha
2K Followers 325 Following Reverse engineering, soldering, programming, digital forensics & random stuff | Director @ Kaspersky GReAT | Tweets are my ownt3ft3lb @t3ft3lb
2K Followers 182 Following Threat researcher, Malware analyst All tweets represent my personal opinionLeonid Bezvershenko @bzvr_
3K Followers 286 Following Studying math, reversing and Twitter... | Security Researcher @ Kaspersky, GReAT | Drovosec CTF team | Tweets are my ownFabio Assolini @assolini
13K Followers 485 Following Cybersecurity Expert at @Kaspersky. Cyberthreats hunter. Infosec Speaker. Jesus follower. Tweets in 🇬🇧🇪🇸🇧🇷🇮🇹Andrew Richards @ARichardMSFT
853 Followers 230 Following Principal Developer in Windows Reliability - !analyze, Symbol Protocol, Sysinternals ProcDump. Co-host Channel 9 Defrag Tools (@defragtools) and Inside Show.Clint Rutkas @ClintRutkas
9K Followers 2K Following Lead for developer experiences on @Windows. Windows Terminal, Microsoft PowerToys, Sudo on Windows, Dev Home and more. I do #woodworking too. Happy to help.frust @frust93717815
1K Followers 399 Following Majoring in Civil Engineering & English as Vulnerability researcher.Danis Jiang @danis_jiang
2K Followers 896 Following Yuhao Jiang / former ctfer @ Vidar-Team / Security Researcher @ Ant Group Light-Year Security Lab / GeekPwn 2022 / Pwnie Awards 2023 / Tianfu Cup 2023Longhorn @never_released
14K Followers 130 Following Kernel/hypervisor engineer @awscloud EC2. Hobby @checkra1n. Mastodon: https://t.co/DsXP8PFgL0 Bluesky: https://t.co/dAOfFSSqY4Benoît @benoitsevens
745 Followers 134 Followingocdsec @0xocdsec
3K Followers 4K FollowingMicrosoft Threat Inte.. @MsftSecIntel
180K Followers 1K Following We are Microsoft's global network of security experts. Follow for security research and threat intelligence.Tuấn Kiệt @allforest01
115 Followers 555 FollowingSatoshi Tanda @standa_t
7K Followers 358 Following Engineer & Trainer. My DM is open. https://t.co/hqylaDLtNvb1n @b1n0hypn05
3 Followers 81 Followinghex nomad @hexnomad
978 Followers 265 Following researcher, developer, @fieldeffectsoft, [email protected]Recently, many people have been asking me on how to get started with their reverse engineering journey. So I will try to share my path and what helped me on the way 🧵
Difficult vulnerabilities make you more cultured. Difficult exploits make you more persistent. Difficult detection evasion makes you wiser. If in doubt, choose the more difficult path.
Excellent LPE write-up by @gabe_k , where he details how suspected compiler changes lead to the introduction of double fetch vulnerabilities. Also discusses a KASLR side channel bypass. PoCs included. Definitely check it out exploits.forsale/24h2-nt-exploi…
Raise your hand if you saw a rust program segfault today ✋
Today Microsoft open-sourced MS-DOS 4.0. You can check it out here: github.com/microsoft/MS-D…
I had an inquiry about ACPI checks, and decided to run through how they work and how to mitigate them on VMware and QEMU. It's a quick and dirty write-up, so excuse the brevity. revers.engineering/evading-trivia…
So @j00ru published two posts on Windows Registry; given that there were a lot of fixes in Windows Registry in recent months I expect these to be fun ;) googleprojectzero.blogspot.com/2024/04/the-wi… googleprojectzero.blogspot.com/2024/04/the-wi…
Project Zero: The Windows Registry Adventure #1: Introduction and research results googleprojectzero.blogspot.com/2024/04/the-wi…
Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled. github.com/floesen/KExecDD
I'm digging even deeper into hypervisor debugging. This viewer enables visual reading and writing of bit fields within the VMCS Guest state, Host state, entry, exit and control fields.
XZ backdoor story – Initial analysis securelist.com/xz-backdoor-st…
Here's my blog post about CVE-2024-26230. I aim not only to introduce the exploit stage but also hope to share my thoughts on how I completed the exploitation step-by-step in all my posts from now on. whereisk0shl.top/post/a-trick-t…
New Google Chrome Blog: blog.chromium.org/2024/04/fighti… Windows 11 VBS and TPM defaults are used by Chrome to prevent cookie theft. "Chrome will use facilities such as Trusted Platform Modules (TPMs) for key protection, which are becoming more commonplace and are required for…
I spent the last 5 months reverse engineering Denuvo's protection in Hogwarts Legacy and finally managed to bypass it using more than 2000 hooks 😂 One of the toughest challenges of my life. Here's my blog post about it: momo5502.com/posts/2024-03-…
I just created the tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs. github.com/binderlabs/Dir…
New blog post is up, exploring detection options for some recent In- the- Wild Windows LPE 0- days elastic.co/security-labs/…
Uploaded my script here: github.com/yardenshafir/W… It's very POC-like, requires some manual steps in the debugger and I'm sure someone with read programming skills can make it way nicer (please do!). But it works so I'm calling it done.
Anyone who uses WinDbg a lot should learn to use Symbol Builder (by @wmessmer). Using it here to define a function signature and combining it with FileSystem module to write log all IOCTL requests to a file.
Good luck to all #Pwn2Own partecipants. A friendly reminder that for real money, not peanuts, you can turn to your friendly zero-day broker :)