Marcin Noga @_Icewall
Security Researcher / Pentester / Malware hunter icewall.pl/?lang=en Poland Joined August 2013-
Tweets187
-
Followers2K
-
Following1K
-
Likes5K
@yo_yo_yo_jbo @SEKTOR7net @yo_yo_yo_jbo That was my first idea. But unfortunately AsusCertService.exe contains UAC manifest requiring this exe to be run with admin privilege's. So, trying to spawn this exec as a suspended process and then inject arb code won't work.
@yo_yo_yo_jbo @SEKTOR7net @SEKTOR7net thank you for mentioning this research!
Exploiting Asus driver to escalate privileges. With few clever tactics Marcin Noga managed to bypass several constraints implemented by the driver devs. With hardlinks and ObfDereferenceObject() one can decrement PreviousMode of a process to enter god mode (this was patched in 24H2). Nicely done, @_Icewall! Post: blog.talosintelligence.com/decrement-by-o… #redteam #maldev #malwredevelopment
Thanks, @GamersNexus, for presenting the bugs I found in ASUS Armoury Crate to a wider audience in such an accessible way! youtube.com/watch?v=Vy_KWP…
@Void_Sec I guess so, that's why I mentioned the timeline in the blog post . On pasted screenshots I only mention about mem leak primitive, but in general I wanted to signal that after 24H2 the exploit won't work.
Exploitation of Asus Armory Crate AsIO3.sys driver | authorization bypass + ObfDereferenceObject primitive to LPE - blog.talosintelligence.com/decrement-by-o…
CVE-2025-1533 - Asus Armoury Crate AsIO3.sys stack-based buffer overflow vulnerability talosintelligence.com/vulnerability_… Remember that Windows paths can be longer than MAX_PATH(260)!!! I wrote a few words about this 15 years (sick!) ago : github.com/icewall/Public…
The biggest takeaway from this talk is that macOS font renderer ALMOST never invokes the interpreter. If you were fuzzing TTF bytecode without paying attention, it was probably not hitting the interpreter at all. I'll post slides shortly with other interesting details. #OBTS
📜 Starting Day 2 Talks of #OBTS with a dive into the unexpected: “Triangulating TrueType Fonts On macOS: Reconstructing CVE-2023-41990” by Aleksandar Nikolic (@FuzzyAleks). Who knew a simple PDF and the Fonts could be transformed into a digital weapon? In this talk, Aleksandar
@carste1n I have recently "built" for myself that thing : GMK87 + Brown Gaterons 3 Pro + Cherry profile PBT Dragon Ball keycaps
CVE-2023-39928 - Webkit MediaRecorder API stopRecording use-after-free vulnerability more info : talosintelligence.com/vulnerability_…
@oshogbovx Radio Naukowe - spotify.link/7wkNg88GCDb
Teammates have published an overview of five years worth of router security research which has resulted in hundreds of vulnerabilities discovered in routers from more than a dozen different companies.
Since the #VPNFilter malware several years ago, our vulnerability research team has looked into several popular wireless routers used in homes and small businesses. Now, we have a rundown of all the vulnerabilities we discovered as part of this research cs.co/6018PwImO
On Friday I'll be doing my "PCI Express To Hell" talk: youtube.com/watch?v=fE0fnG… If you're building your own PCs you should check it out! Last year I reworked my whole computer setup and learned a lot about PCIE. Don't make the same mistakes I did ;) Plz RT for range :)
Our vulnerability research team discovered 12 memory corruption vulnerabilities in MSRPC on #Apple macOS and #VMWare vCenter. We have a deep dive into how an attacker could exploit these vulnerabilities and what it says about the use of forked codebases cs.co/6012P3wLq
2 more to the collection : CVE-2023-33133 - Microsoft Office Excel WebCharts out-of-bounds write vulnerability : talosintelligence.com/vulnerability_… CVE-2023-32029 - Microsoft Office Excel FreePhisxdb arbitrary free vulnerability : talosintelligence.com/vulnerability_…
@maciej_je Gourdough's Big. Fat. Donuts. +1 512-912-9070 maps.app.goo.gl/LapXsrZZbUbv85…
Ok, I am looking out for security researcher role. If you can help, please DM. RT, like and recommendations are much appreciated. Here is My Linkedin profile, which will give you more details: linkedin.com/in/hardik05/
Remember these? Original Lytro! Lightfield cameras of the future! I grabbed a few off eBay some time ago and took a peek at the firmware. Found secret unlock that enables full remote control of all camera features. Full writeup here: github.com/ea/lytro_unlock
CVE-2022-31698 Pre-auth VMware vCenter Server Content Library denial of service vulnerability : talosintelligence.com/vulnerability_…
Grzegorz Tworek @0gtweet
38K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
ϻг_ϻε @steventseeley
23K Followers 557 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
hasherezade @hasherezade
91K Followers 954 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
ZaufanaTrzeciaStrona ... @Zaufana3Strona
46K Followers 278 Following Spowiedź bezpieczeństwa AD 2026 - poznaj sekrety moich zabezpieczeń: https://t.co/9hytFsalZ7
Gynvael Coldwind @gynvael
39K Followers 1K Following security researcher/programmer/director @ HexArcana Cybersecurity GmbH ⁂ @pagedout_zine ⁂ @DragonSectorCTF ⁂ https://t.co/ShG2c5As1K ⁂ ex-Google ⁂ he/him
SwiftOnSecurity @SwiftOnSecurity
410K Followers 9K Following computer security person. former helpdesk.
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / mobile research @ ▓▓▓▓▓ / Team 501 / ex IBM Capability Lead & FireEye TORE / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Axel Souchet @0vercl0k
13K Followers 582 Following ¯\_(ツ)_/¯, blogging on https://t.co/36oOc8Mgha and posting codes on https://t.co/P83Oen94Rc.
Jakub Mrugalski 🔥 @uwteam
41K Followers 548 Following 🤖 Piszę o technologii, automatyzacji, cybersecurity ✍️ Dokumentuję swoją drogę w biznesie 🖥️ https://t.co/7goCDafxgx ← to moje 😎
Kacper Szurek @KacperSzurek
16K Followers 413 Following Opowiadam o bezpieczeństwie w prosty i zrozumiały sposób. https://t.co/G7JVu4ctCU
Richard Johnson @richinseattle
19K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH
Dave Kennedy @HackingDave
231K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
Intigriti @intigriti
209K Followers 666 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Al Azif @_AlAzif
34K Followers 210 Following
Piotr Bazydło @chudyPB
5K Followers 318 Following Principal Vulnerability Researcher at watchTowr | Previously: Zero Day Initiative | @[email protected]
OS Dev @OSdev_
3K Followers 722 Following Senior Engineer @Qualcomm - Performance Engineering | Windows kernel | C/C++ | ARM64 | CPU & Memory Microarchitectures | SoC's
Ryan Hanson @ryHanson
7K Followers 894 Following Security Researcher hunting for weird bugs. Research Science Director @Atredis
Long on Minswap @longminswap
2K Followers 755 Following Founder @minswapdex drep1yty2qpvmmsvk5jzcjctuxr8v5264cz5sr965ryygxj9ae5seg7gah
QALTUM CONSULTING @QaltumX
3 Followers 94 Following Advisory in digital transformation and cyberdefense for the post-quantum era.
iDidThat @iAmYourBigHomie
44 Followers 258 Following Viral Clips | Not Impersonating Anyone | Powered by Tronix
WebSec @websecnl
230 Followers 12 Following WebSec, founded in 2018 and based in Amsterdam, is a cybersecurity company specializing in advanced security solutions.
arip petits @AripPetits
9 Followers 2K Following
timlake @timlake252160
1 Followers 2K Following
ENBP @ENBP3
4 Followers 320 Following Echangeons nos bons plans et conseils : Animés, Manga, Jeux Vidéos, Technologies, Internet, Trucs et Astuces, etc... Je souhaite partager et recevoir.
Yahya Alsify @YahyaAlsify20
88 Followers 914 Following Security Engineer at @CyberDefenders focusing mainly on adversary emulation and detection engineering
Mo0n Sha𝄞ow @null001__
41 Followers 3K Following
Soumyani1 @reveng007
1K Followers 2K Following Red mind. Blue mission. Turning attack tradecraft into detections | CRTO | CRTP | @BlackHatEvents 2024 Arsenal, @WWHackinFest 2024 Presenter and @BSidesSG 2023
d3vmzw5n @d3vmzw5n
23 Followers 897 Following Focus on android and linux vulnerability.All opinions are my own.
Brian Halbach ☕️ @brianhalbach
1K Followers 6K Following Who has two thumbs and can count to ten. Does cyber security things | abyss gazer | opinions are my own | (he/him)
6dr @x_6dr
3 Followers 30 Following
taobao86 @taobao861
101 Followers 3K Following
Eagle @EmersonJordan10
4 Followers 52 Following
hacker.house @hackerfantastic
106K Followers 5K Following Co-Founder @MyHackerHouse 💾 | Cybersecurity & Web3 🌐 | Author of Hands-on Hacking (ISBN 9781119561453) 📖 | Offensive Lua 💻 | ✝️
rozh ali @rozhali12
53 Followers 3K Following
FindmeX @LynnWsa
80 Followers 4K Following
clumsy @clumsy1077190
15 Followers 945 Following
stiv @stivfi
1 Followers 292 Following
10yotbg @10yotbg
0 Followers 87 Following
Axta @Asta_nine
5 Followers 902 Following
Aaa @Jahsbw495794
0 Followers 19 Following
h4ck.club @h4ck_club
1 Followers 724 Following
Uwu @Uwu79033065Uwu
230 Followers 7K Following
OogWay @way_oog
28 Followers 874 Following Threat Intelligence + OSINT + Anti Cybercrime from 🇻🇳 #Nodarkcornersforcybercriminals
FAMASoon @FAMASoon
1K Followers 858 Following Security research blog: https://t.co/iTsZ04qDQ8 GitHub: https://t.co/nfFPKkjf5O
zot1se @zot1se
24 Followers 223 Following
eran @eb271828
0 Followers 2K Following
Jonny @suprseksiturtle
82 Followers 1K Following
James Ibrahim @JamesIb54140322
50 Followers 4K Following
0x_aalex @0x_aalex
35 Followers 125 Following
Gangetik Prophet🕊�... @0xojaxwi
71 Followers 2K Following Old-school OS & Offensive Security REsearcher | ⚡Kernel Pwner⚡
Alibabas @0x_alibabas
115 Followers 601 Following
tomate podrido @tomatepodrido41
7 Followers 964 Following
vx-underground @vxunderground
438K Followers 357 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
chompie @chompie1337
89K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
Nicolas Krassas @Dinosn
157K Followers 763 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKZLB Posting content that I find interesting.
TrendAI Zero Day Init... @thezdi
89K Followers 16 Following TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
ϻг_ϻε @steventseeley
23K Followers 557 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
Alex Plaskett @alexjplaskett
14K Followers 584 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
starlabs @starlabs_sg
10K Followers 20 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
h0mbre @h0mbre_
16K Followers 661 Following # Exploit Reliability Engineer # Developing a full-system snapshot fuzzer: https://t.co/mfVXhwoGYD # Avi: https://t.co/3fsQfVprCf
Yarden Shafir @yarden_shafir
25K Followers 317 Following A circus artist with a visual studio license
lcamtuf @lcamtuf
40K Followers 498 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Ivan Fratric 💙💛 @ifsecure
19K Followers 209 Following Tech lead and security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
Project Zero Bugs @ProjectZeroBugs
37K Followers 0 Following A bot that posts the latest blog posts and disclosures from Google's Project Zero
hasherezade @hasherezade
91K Followers 954 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
Halvar Flake @halvarflake
45K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
Synacktiv @Synacktiv
21K Followers 274 Following Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.
ZaufanaTrzeciaStrona ... @Zaufana3Strona
46K Followers 278 Following Spowiedź bezpieczeństwa AD 2026 - poznaj sekrety moich zabezpieczeń: https://t.co/9hytFsalZ7
mdowd @mdowd
33K Followers 754 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
Brendan Dolan-Gavitt @moyix
33K Followers 6K Following Building offsec agents: https://t.co/G9EtnC2Gl3 PGP https://t.co/3WXr0RfRkv
OS Dev @OSdev_
3K Followers 722 Following Senior Engineer @Qualcomm - Performance Engineering | Windows kernel | C/C++ | ARM64 | CPU & Memory Microarchitectures | SoC's
Tailscale @Tailscale
32K Followers 168 Following Simple, secure networks for teams of any scale. Built on WireGuard.
Alibaba Cloud @alibaba_cloud
1.2M Followers 988 Following Computing for the Value beyond Computation
Hamid Kashfi @hkashfi
10K Followers 999 Following I do computers @xbow & https://t.co/DKXRMmo7nI . Previously Immunity Inc & Trail of Bits. Hobbyist photographer @[email protected]
SinSinology @SinSinology
13K Followers 735 Following Pwn2Own 20{22,23,24*2,25*3,26*2}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Jordy Zomer @pwningsystems
3K Followers 264 Following Security Engineer @ Google, likes fuzzing, static analysis and VR. The opinions stated here are my own, not those of my company.
Kacper Kita @KacperKita
27K Followers 3K Following Książki - "Epoka chaosu" (2026), "Saga rodu Le Penów" (2024), "Meloni" (2023), "Zemmour" (2022) @NowyLad [email protected]
Calif @calif_io
5K Followers 30 Following We're https://t.co/KTEDnC2VUV. Join us to make the Internet safer for your mum and everyone else: https://t.co/eUFMLkW9t2.
Kanał Otwarty @KanalOtwarty_pl
5K Followers 237 Following Kanał Otwarty - - budujemy nowe medium: całkowicie niezależne i bezstronne. https://t.co/hTxbBzLTPz
Taurin @Taurock
7K Followers 5K Following Texas based builder turning ideas into impact. Passionate about tech, strategy, and great conversations. Always learning, rarely serious, never boring.
Security Bug Aggregat... @BugsAggregator
3K Followers 1 Following Aggregate disclosed Chromium security bugs.
ClaudeDevs @ClaudeDevs
470K Followers 3 Following Official updates for developers building with @ClaudeAI
RunMaestro.ai @RunMaestroAI
172 Followers 42 Following Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for multitasking keyboard hackers.
Google Gemma @googlegemma
84K Followers 0 Following The official home of Google's Gemma. Lightweight, state-of-the-art open models by Google DeepMind, built on Gemini tech. What will you build? 🚀💻
OpenAI Developers @OpenAIDevs
354K Followers 1 Following Official updates for developers building with Codex & the OpenAI Platform • Service status: https://t.co/kZwnwdYYEq
LowcyChin.PL @lowcychin
45K Followers 74 Following Pokazuję ile naprawdę kosztują rzeczy 🔥 Okazje | testy | promocje 👉 https://t.co/KxMLqaeqc6 Kupony: https://t.co/6hzuPGeI6W Okazje zawierają link afiliacyjny.
GitLawb @gitlawb
28K Followers 88 Following The git layer for the AI-native internet. DIDs over accounts. Every commit signed agent or human.
Claude Code Changelog @ClaudeCodeLog
69K Followers 20 Following UNOFFICIAL – but tolerated – bot posting Claude Code CLI, feature flag & prompt changes. Full CC history in github repo.
Codex Changelog @Codex_Changelog
19K Followers 1 Following Unofficial Changelog for OpenAI's Codex CLI
Wojciech Szewko @wszewko
227K Followers 2K Following https://t.co/JO9ePMCFO7 Wojciech Szewko PhD, academic, scholar. Poland. News about Islam, jihad and international relations. Terrorism Research Center Collegium Civitas
Thariq @trq212
273K Followers 2K Following Claude Code @anthropicai. prev YC W20, @southpkcommons, @medialab
SEKTOR7 Institute @SEKTOR7net
17K Followers 350 Following Homo Aptus. Vincit qui se vincit - Publilius Syrus. Consulting, Training, Technology, Cyber domain, and more... @x33fcon founder.
GamersNexus @GamersNexus
536K Followers 252 Following Leading authority in computer hardware reviews: https://t.co/RXRomlllaO / email [email protected] for GN store assistance!
Kuba Gretzky @mrgretzky
17K Followers 754 Following Creator of Evilginx - Reverse Proxy Phishing Framework for Red Teams: https://t.co/hPg644CTnM
Paolo Stagno (VoidSec... @Void_Sec
5K Followers 2K Following Director of Research @Crowdfense. Windows Vulnerability Researcher and Exploit Developer, ex-@XI_Research
LaurieWired @lauriewired
155K Followers 292 Following researcher @google; serial complexity unpacker; https://t.co/Vl1seeNgYK ex @ msft & aerospace
Remek Kinas @KinasRemek
9K Followers 913 Following AI Researcher | Bielik LLM co-creator | Kaggle Grand Master
DeepSeek @deepseek_ai
1.0M Followers 0 Following Unravel the mystery of AGI with curiosity. Answer the essential question with long-termism.
Konfitura @KonfituraWAkcji
22K Followers 10 Following Piętnowanie i uwypuklanie szkodliwych zachowań na polskich drogach
Szafa @MocnyVlog
8K Followers 402 Following Zapraszam na YouTube, FB, Tik Tok i Insta - https://t.co/LZsskRtrv4
Shina Mashiro @ShiinaaM
388 Followers 4K Following
Ivan Kwiatkowski @JusticeRage
11K Followers 72 Following Security at a Big Tech company. Maintainer of Manalyze, Gepetto, and writer. Trolling on a purely personal capacity.
foxtrot_charlie @foxtrot_0x4fult
1K Followers 2K Following It won't get better. Brace for impact lads! IT security researcher/pentester, IRCop. Senior shitposter & meme evangelist. @pagedout_zine doorkicker.
IDEAS NCBR @IDEAS_NCBR
3K Followers 273 Following Scientific and research #AI centre founded by @NCBR_pl
Jordi Muñoz @Jrdmnz
3K Followers 135 Following Engineer and an occasional aviator. Co-founder of 3D Robotics Inc. and founder of mRobotics, an engineering & manufacturing fun house.
Binary Gecko @Binary_Gecko
2K Followers 3 Following Binary Gecko GmbH. Custom Security Research Solutions. Organisers of @offensive_con.
Dwie Lewe Ręce @2lewerece
16K Followers 448 Following Jakub Dymek & Marcin Giełzak ■ Najbardziej opiniotwórcze medium na lewo od centrum ■ Kluby DLR ■ https://t.co/xTluLT4t5rYou might like
