Michael B. @DownWithUpSec
Windows security researcher/reverse engineer. The more you know, the more you realize you don't. downwithup.github.io Internet, Earth Joined March 2019-
Tweets61
-
Followers804
-
Following51
-
Likes501
Here is an (another) IDA domain API MCP server that I worked on this weekend. It was an good experience using FastMCP. I might add more tools to the server as the need arises. For anyone interested: github.com/DownWithUp/IDA…
IDA and Codex preformed very well together. The prompt was surprisingly simple and I was generally impressed with the results.
An example of "vibe" malware reverse engineering. downwithup.github.io/blog/post/2026…
@winternl_t Very nice that this displays arguments as well as the return value. However, it didn't seem to work out of the box for me. Just ran and said "INFO: waiting for app to exit..." I'll have to investigate more.
AWStrace: Another Windows Strace attempt by me. Using a named pipe and shellcode inside the remote process, send registers back and pretty print the output.
Because of the recent Notepad++ situation here is another good source about WB. As opposed to just simple decryption/re-encryption, this also shows how to use the heap execute capability. cirosec.de/en/news/abusin…
@aionescu @witherornot1337 @HackingLZ @vxunderground I remember watching Alex's talk in 2020, and it was always on the back of my mind. I finally sat down around 2023 and worked out a simple PoC to use the decrypting/re-encrypting capabilities of it. Crazy to see it actually being used in the wild.
@diversenok_zero Awesome, this is great to know. I kept thinking maybe I had a permissions problem. 😅
Exporting registry data in the "hive" format seems to ignore the "BIOS" key under HKLM\HARDWARE\DESCRIPTION\System. You can export it directly, but exporting any parent will not contain the "BIOS" key and its values
"This thing I need is open source. Surely someone has audited this code?" 🙃
@sixtyvividtails Sadly not. Looks like all if your CPU doesn't support MPX (which newer ones won't) the MPX instructions will be treated as NOPs.
Something interesting I stumbled upon: In Windows, for Intel's MPX, a driver could use KeRegisterBoundCallback to handle/hook the BOUND #BR exception. This function will eventually get called from the IDT's KiBoundFault
😮New post on Windows Warbird encryption and decryption: downwithup.github.io/blog/post/2023…
Here's an old project that I polished up a bit: github.com/DownWithUp/WHP… Essentially the idea was to have some introspection into an OS at the hypervisor level. It was also a foray into the Windows Hypervisor Platform API.
Just a quick little post on how to use the the undocumented API NtPssCaptureVaSpaceBulk to gather a process' virtual memory in a single call. Read more here: downwithup.github.io/Blog/8.html
@EranShimony @MSRC I didn't even know this site existed...
So .msu files really are just .cab files? 😅
@hyp3rlinx Looks interesting! 3rd party contributions welcome?
What a shot taken from Melbourne Australia 🔭🪐
Yarden Shafir @yarden_shafir
25K Followers 317 Following A circus artist with a visual studio license
vx-underground @vxunderground
438K Followers 357 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Grzegorz Tworek @0gtweet
38K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
Western made @Western_made
1 Followers 57 Following
A @A7520592548190
2 Followers 36 Following
offsec @offsec225881
2 Followers 196 Following
Boyd Fields @boydfields
41 Followers 1K Following Tech superhero 🦸♂️ Solving problems and making magic happen 💻️ 20+ years in IT management, and still having fun! 💪️ #ITManagement | #ManagedServiceProvider
Anderson Nascimento @andersonc0d3
4K Followers 6K Following Director & Security Researcher @alleleintel
Baldrick @Baldrick922155
0 Followers 52 Following
Jonub @jonub58198
0 Followers 162 Following
vincenzo vetturelli @savillum
36 Followers 380 Following
Armada-Bis @ArmadaIV4
1 Followers 37 Following Just some guy Cybersecurity enthusiast and student in 1st year Particularly interested in malware analysis and reverse engineering A bit of a Data Hoarder
fkxxx @wngyuqng2
1 Followers 685 Following
gk98 @98erKAG
40 Followers 2K Following
Dream @LKasha45752
2 Followers 14 Following
Sidd @Sidd1362
0 Followers 39 Following
You don't need to kno... @Pyrothio
1 Followers 75 Following
Alexander reese @AlexanderR10508
2 Followers 248 Following
Ghost Byte @PickettTon18807
8 Followers 1K Following
Witchher @Witchher1727941
1 Followers 151 Following
vierito5 @vierito5
2K Followers 4K Following Gneeeeeeeeeeinfoseeeeeeeeeeeec. Broken villain, former something.
twigx @twigxyz
0 Followers 1K Following
ice @ice98079542
61 Followers 4K Following
Jinghua Zhong @zhongjinghua
0 Followers 5K Following
⛅🌤️Adrian☀�... @Nutritionist_AP
2K Followers 5K Following 🇩🇪🇷🇴🇺🇸 (DE/ROU/US) 🪲 🐞 = ❤️ I'm just around here sometimes. Views do not belong to my employer.
Securityblog @Securityblog
12K Followers 14K Following There are 10 types of people in the world. Those who understand binary, and those who don't. All opinions and views are my own. #BsidesDub organizer
FM @Skinny_El3phant
687 Followers 3K Following Often time #NSFW content. Somewhere between a feminist and a misogynist. RTs are not endorsement. I like good Desi food and secured systems.
floating @speck415
16 Followers 2K Following
Gerardo Iglesias @iglesiasgg
294 Followers 4K Following
allthingsida @allthingsida
5K Followers 396 Following All things IDA, security, reverse engineering, programming, AI and more. Friend and fan of Hex-Rays but non-official.
Antonio Antonio @AntonioMgmddsh
2 Followers 245 Following
bg side @BgSide14125
0 Followers 87 Following
Johnny @Luckyrocky2028
249 Followers 7K Following Stay Hungry, Stay Foolish. Only those who are self-disciplined can attain true freedom.|No Politics.
Yarden Shafir @yarden_shafir
25K Followers 317 Following A circus artist with a visual studio license
Alex Ionescu @aionescu
47K Followers 2K Following Chief Technical Innovation Officer @crowdstrike. Windows Internals author and trainer. He/Him. RTs are not endorsements, opinions are my own.
James Forshaw @tiraniddo
49K Followers 336 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]
Arthur "Gerhart" Khud... @gerhart_x
3K Followers 8 Following My hobby is Hyper-V researching | tweets are my own opinion
secret club @the_secret_club
17K Followers 0 Following secret club is a not-for-profit reverse-engineering group; publishing new research on popular software. No ads, no cookies, just research.
Project Zero Bugs @ProjectZeroBugs
37K Followers 0 Following A bot that posts the latest blog posts and disclosures from Google's Project Zero
flux @0xfluxsec
4K Followers 1K Following Senior Security Research Engineer @elastic | Opinions are my own | Rust | Ex-Red Team | Security & Systems Dev | https://t.co/QIih2B7vya https://t.co/VC3xsm0Wvq
allthingsida @allthingsida
5K Followers 396 Following All things IDA, security, reverse engineering, programming, AI and more. Friend and fan of Hex-Rays but non-official.
Souhail Hammou @Dark_Puzzle
2K Followers 994 Following Reverse Engineering - Windows Internals - Malware Analysis - Vulnerability Research - Principal Reverse Engineer @Intel471Inc
ic3qu33n @nikaroxanne
2K Followers 212 Following reverse engineer | hacker | vx artist | malware witch | my artistic process is a daemon process. @[email protected]
eversinc33 🤍🔪�... @eversinc33
7K Followers 1K Following reversing/deobfuscation/drivers @ https://t.co/64HAro8Scw
Satoshi Tanda @standa_t
8K Followers 397 Following Software security engineer and trainer https://t.co/tenaquooTc
diversenok @diversenok_zero
2K Followers 39 Following A security researcher specializing in Windows internals working at @huntandhackett
Nightmare Eclipse @ChaoticEclipse0
10K Followers 574 Following
jonpalmisc @jonpalmisc
800 Followers 317 Following iOS exploits, (de)compilers, etc. — https://t.co/Tdx9Z5i1Ks
HyperDbg @HyperDbg
4K Followers 2 Following We like hypnotizing computers. #HyperDbg https://t.co/FXulXKTGjp • https://t.co/u6lVGzQpCE • https://t.co/47t9Iyaigl
@[email protected]... @buherator
4K Followers 907 Following this account is for archival purposes follow me on fedi for updates!
Yuriy Bulygin @c7zero
4K Followers 1K Following @eclypsium, @CHIPSEC. Former @intel, @IntelSecurity, @McAfee
Dmytro Oleksiuk 💥 ... @d_olex
13K Followers 2K Following zero-fucks-given infosec research | contacts: https://t.co/PhHyQg3G1E | 🇺🇦 Ukraine needs your help to kill Ruϟϟian zombies: https://t.co/u5vYgq3wrd
Ori Damari @0xrepnz
7K Followers 270 Following Low level developer, Reverse engineer, Windows kernel. Read my blog! 😋
sixtyvividtails @sixtyvividtails
4K Followers 400 Following Currently working as an independent GUID merchant. Fully licensed. I acquire, produce, and sell high-quality GUIDs.
Dreg @therealdreg
4K Followers 364 Following Offensive hardware hacking & firmware dev, OS internals, C/C++, assembler, reversing, forensics, x86_64, AVR, ARM, PIC. Ex malware researcher
Matthias @not_matthias
821 Followers 360 Following Software Developer. Reverse Engineering Enthusiast. Occasional blogger.
Walied Assar @waleedassar
5K Followers 721 Following Reverse Engineer / Malware & Vulnerability Researcher / SOC Analyst / Pharmacist / Fisherman
Alisa Esage Шевч�... @alisaesage
41K Followers 99 Following Independent hacker and researcher, owner of Zero Day Engineering @zerodayalpha
Ionut Popescu @NytroRST
4K Followers 4K Following Interested in C/C++, ASM, Windows internals, reverse engineering, exploit & shellcode development and advanced web exploitation. GitHub: https://t.co/nyWUyFo0KW
Can Bölük @_can1357
9K Followers 301 Following Security researcher and reverse engineer. Interested in Windows kernel development, low-level programming, static program analysis and cryptography.
Oliver Lyak @ly4k_
9K Followers 267 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KI
Sinaei @Intel80x86
9K Followers 397 Following Windows Internals enthusiast, Interested in hardware design & low-level programming. An active developer of @HyperDbg debugger. https://t.co/TUALkTusHt
Hyp3rlinx @hyp3rlinx
2K Followers 69 Following Security Researcher, I exploit what I wanna exploit ... I exploit what I like..
monoxgas @monoxgas
4K Followers 368 Following Security engineering, research, exploits, ml. Co-Founder with @moo_hax at @dreadnode
noopnoop @owenflannagan1
153 Followers 160 Following UF Security Enthusiast, aka noopnoop (Kernel Sanders captain)
danx @__danx__
22 Followers 79 Following
Philip Tsukerman @PhilipTsukerman
3K Followers 79 Following I sometimes tweet about security stuff. Pondering whether to turn this into a music-focused account instead...
j00ru//vx @j00ru
37K Followers 821 Following (Mostly) Windows hacker & vulnerability researcher. Google Project Zero. @DragonSectorCTF
You might like
