flawedworld | @[email protected] @flawedworlddev
A random person on the internet interested in InfoSec and NatSec. Tweets are my own and do not reflect my employers views. Engagement is not endorsement. github.com/flawedworld Nuclear bunker in New Zealand Joined May 2021-
Tweets1K
-
Followers1K
-
Following800
-
Likes3K
Still waiting for the day that FIDO2 can be implemented without JavaScript...
Today at work: Been waiting over 40 minutes to provision a damn PostgreSQL server on Azure...
Jia Tan found a way to get paid to work on open source. Why can't you
Exploit dev? Reverse engineer? Forensics specialist? Feel free to come and join our community! Collaboration is the best way to progress research, no matter if you are working on defensive or offensive work in the industry.
Been waiting for this announcement for a while!
Been waiting for this announcement for a while!
I really find it amusing how Microsoft flags their own emails as Junk in my Exchange account.
The xz backdoor was the final part of a campaign that spanned two years of operations. These operations were predominantly HUMINT style agent operations. There was an approach that lasted months before the Jia Tan persona was well positioned to be given a trusted role.
We’re responding to CVE-2024-3094, a reported supply chain compromise affecting XZ Utils versions 5.6.0 and 5.6.1. XZ Utils may be present in Linux distributions. See our additional guidance at cisa.gov/news-events/al….
So is this going to be how KYC is rolled out on Twitter?
So is this going to be how KYC is rolled out on Twitter?
inb4 hardware or wireless security nerds find vulnerability in Neuralink and hijack peoples brains
Extortion is the new exit scam. The #1 darknet drug market took all of its users' money days ago. Now its admin Pharoah is demanding that each seller pay a ransom or he will turn their data over to the police. We'll see how this plays out for him.
Some seriously, seriously impressive work right here!
Some seriously, seriously impressive work right here!
I really don't understand why people are so shocked that BitLocker with just a TPM is just shit. You need a PIN in conjunction with it at the very least with ideally a startup key as well to actually have (in my opinion) some form of meaningful disk encryption. Also TPMs suck.
Announcing the latest report from Threat Analysis Group documents the rise of commercial surveillance vendors and the industry that threatens free speech, the free press and the open internet blog.google/threat-analysi… Some highlights below. 🧵
My personal speculation is that GPU driver fingerprinting is likely going to be used as a means of detecting virtualized Android devices being used in bot farms etc
My personal speculation is that GPU driver fingerprinting is likely going to be used as a means of detecting virtualized Android devices being used in bot farms etc
Mishaal Rahman @MishaalRahman
61K Followers 491 Following The best source for Android OS news. Senior contributor @AndroidCentral, @AndroidAuth, @AndroidPolice. Podcast @AndroidFaithful.Danny Lin @kdrag0n
14K Followers 592 Following building a better docker @OrbStack · dev exploring new things · @stanfordMetropleX | @metr0pl3.. @Metr0pl3x
511 Followers 162 Following Freedom is the right of ALL sentient beings. @GrapheneOS Moderator Personal Acct. Views Explicitly My Own Likes/Retweets ≠ EndorsementLonghorn @never_released
14K Followers 130 Following Kernel/hypervisor engineer @awscloud EC2. Hobby @checkra1n. Mastodon: https://t.co/DsXP8PFgL0 Bluesky: https://t.co/dAOfFSSqY4akc3n | @akc3n@graphe.. @JuriAksenov
251 Followers 37 Following Just an ordinary human. Love learning, puzzles & food! Project: @GrapheneOS Matrix: @akc3n:https://t.co/A1LKIsfrJ8 https://t.co/A1LKIsfrJ8 | https://t.co/1OHHU1IdwPTommy @TommyTran732
260 Followers 25 Following System administrator. Creator of @PrivSec_Dev. Community moderator at @GrapheneOS (not a developer or project member). Views are my own.Dylan Roussel @evowizz
4K Followers 2K Following Crafting software, shaping components & discovering hidden features.Mirabelle Gutzler @MirabelleG14047
88 Followers 5K FollowingDaniel Morrow @morrowdaniel
135 Followers 264 FollowingEve Yunan @yunan11396
57 Followers 5K Followingzzz @zzzaccounting33
0 Followers 57 FollowingShawn Bruce @Sansui350A
94 Followers 361 Following Computers, car stuff, etc, possibly some medical stuff too. Some of you may know of me from my other account. Much respect for EMS, healthcare folks, LEOs!Jaap @tweetofjaap
0 Followers 131 FollowingKyle @cranberry6579
0 Followers 43 FollowingMila-rose Juarez @MilaJua
31 Followers 2K Following 🔑Mila-rose , 19 , Biggest crypto casino presale👇🚀Jinny Trench @jinny56841
86 Followers 5K FollowingGabriel S. @gblsouza05
437 Followers 696 Following UofA Political Science 2027. Christian. Conservative. Brasilian-Canadian 🇧🇷🇨🇦Lolita Lokey @loli_lok
46 Followers 5K FollowingDianna Guerero @DianGuere
64 Followers 5K FollowingScarlett Alaibilla @ScarlAlaibil
53 Followers 5K FollowingEula Haskell @EulaHaske
41 Followers 5K FollowingAslan Yıldız @a4sec
44 Followers 1K Following Penetration Tester, Reverse engineering fan. OSCP, OSED certificated听众 @e7HoldYoung
86 Followers 3K FollowingEthical Hacker @offethhacker
2K Followers 5K Followingd @d71367708
0 Followers 1K FollowingPaul Walters @CynicClinicP
1 Followers 83 Followingpokemon rule @HakingEverythng
0 Followers 38 FollowingGreen Sheep @ImGreenSheep
17 Followers 58 Following #Nostr is better [email protected] (not an email) or npub18m6az6939auxwgl3dvpq0slxglv6ez64fzhns5u5qstgdtedmxds9e47pz https://t.co/XgJFotPhg9Rob Felmey @felmey
68 Followers 711 Following "And let him who has no sword sell his cloak and buy one" (Luke 22:36).Crashoverride @Crashov11979551
92 Followers 582 FollowingMixnClip @IjoWet
14 Followers 30 FollowingNavaneeth Rao @navaneethstwt
31 Followers 293 Following Full Stack / Android / Bug Bounty #LearningInPublicLelia Falge @falg_lel
72 Followers 5K Followingkreed @kreedashwood
76 Followers 169 FollowingEmily Mccuan @EMccuan29098
66 Followers 5K FollowingMichelina Bergsma @MichelinaB8840
68 Followers 5K Followinghanmajid @hanmajid_
15 Followers 83 Following Software Engineer | Flutter, Android | Writing Android NotebookEncrypted Services @Encryptservices
21 Followers 225 Following Installation, service and maintenance of CCTV, Alarm and access control systems. Consultancy for privacy/security smart phone usage. Prefers #bitcoin est:82482219100FX @19100FX
101 Followers 24 FollowingKnase @knase77
22 Followers 202 FollowingTony Eastwood @Tony_Eastwood88
25 Followers 33 FollowingHanna Garafano @hann_garafa
63 Followers 5K FollowingGrapheneOS @GrapheneOS
48K Followers 0 Following Open source privacy and security focused mobile OS with Android app compatibility. Forum, Discord, Telegram, Matrix: https://t.co/C0RaJbZosjMishaal Rahman @MishaalRahman
61K Followers 491 Following The best source for Android OS news. Senior contributor @AndroidCentral, @AndroidAuth, @AndroidPolice. Podcast @AndroidFaithful.Proton @ProtonPrivacy
298K Followers 483 Following A better internet starts with privacy & freedom. Take control of your data with @ProtonMail, @ProtonVPN, @ProtonDrive, and @Proton_Pass.vx-underground @vxunderground
291K Followers 210 Following The largest collection of malware source code, samples, and papers on the internet. Password: infectedDanny Lin @kdrag0n
14K Followers 592 Following building a better docker @OrbStack · dev exploring new things · @stanfordJohn Wu @topjohnwu
63K Followers 72 Following Creator of Magisk. Hacking Android since 2016. Android Platform Security @Google. ex-Apple. Tweets are my own.Signal @signalapp
590K Followers 24 Following Signal is an end-to-end encrypted messaging app. Privacy isn’t an optional mode, it’s just the way that Signal works. Every message, every call, every time.Jameson Lopp @lopp
466K Followers 293 Following Insights on security, privacy, technology, money · Co-founder & Chief Security Officer @CasaHODL · creator of https://t.co/q2pgFGTJZh, https://t.co/xUkNreXj20Accrescent @accrescentapp
361 Followers 1 Following The Accrescent Android app store. Main Matrix room at #accrescent:https://t.co/rrcEbaUHIZ. GitHub: https://t.co/jh87T95a1E. Currently in alpha.Longhorn @never_released
14K Followers 130 Following Kernel/hypervisor engineer @awscloud EC2. Hobby @checkra1n. Mastodon: https://t.co/DsXP8PFgL0 Bluesky: https://t.co/dAOfFSSqY4Matthew Green @matthew_d_green
143K Followers 1K Following I teach cryptography at Johns Hopkins. Mastodon at [email protected] and BlueSky at https://t.co/GI4QlxYTdk.SwiftOnSecurity @SwiftOnSecurity
403K Followers 9K Following computer security person. former helpdesk.akc3n | @akc3n@graphe.. @JuriAksenov
251 Followers 37 Following Just an ordinary human. Love learning, puzzles & food! Project: @GrapheneOS Matrix: @akc3n:https://t.co/A1LKIsfrJ8 https://t.co/A1LKIsfrJ8 | https://t.co/1OHHU1IdwPkamila 🌸🏳️.. @Za_Raczke
9K Followers 298 Following kamila wojciechowska | notably annoying | see my face and intrusive thoughts here @whatsfemininityJane Manchun Wong @wongmjane
165K Followers 2K Following the real hidden features are the friends we made along the way・forbes 30u30・engineer × security at @instagram・🇭🇰×🇯🇵The Tor Project @torproject
463K Followers 2K Following We're a nonprofit defending your privacy and freedom online. Download Tor Browser for protection against surveillance and censorship. https://t.co/ROuSDYAs6FAndreas Kling @awesomekling
36K Followers 394 Following 🌅 Recovering addict 🐞 Building a truly independent web browser (@ladybirdbrowser) 💕 Married to @KatalinKultcts🌸 @gf_256
52K Followers 623 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iiMP Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboyTommy @TommyTran732
260 Followers 25 Following System administrator. Creator of @PrivSec_Dev. Community moderator at @GrapheneOS (not a developer or project member). Views are my own.Seth For Privacy | Ac.. @sethforprivacy
29K Followers 1K Following Freedom maximalist || Privacy advocate || Head of Strategy and Marketing for @FOUNDATIONdvcs || Editor of @freedomtechThe Standeford Journa.. @StandefordSJ
5K Followers 726 Following Independent news and live intel updates. Reliable, accurate news without the agendas, fluff, or exaggeration. OSINT Intel here: https://t.co/UXBWL57owJAndres Freund (Tech) @AndresFreundTec
9K Followers 105 Following FWD: @[email protected] Postgres developer, working at Microsoft. For politics: @AndresFreundPolsimo @_simo36
7K Followers 106 FollowingSimpleX Chat @SimpleXChat
5K Followers 158 Following SimpleX - the first messaging network without user identifiers - private by design! Get the apps: https://t.co/x2SRewagRP Posts by @epoberezkinBest of Dying Twiter @bestofdyingtwit
108K Followers 3 Following Looking into it. Chief Looker: @jenntakahashiJitesh Singh @jiteshsingh_
25 Followers 141 Following Android Systems Developer @Esperdev. Previously @PacketZoom.Kraken Exchange @krakenfx
1.5M Followers 49 Following Kraken is your bridge to the world of crypto. Spot, Futures, Margin, NFTs, Staking & OTC Buy, sell, trade, earn, explore and learn Need help? @krakensupport 👈Wayne Hale @waynehale
16K Followers 382 Following Former Space Shuttle Program Manager & Flight Director for 40 missions. Now retired from NASA after 32 years. Currently consults for SAS & a full time grandpa.SECurityTr8Ker @SECurityTr8Ker
3K Followers 5 Following I monitor the SEC's RSS feed for 8-K and 6-K filings with Item 1.05. Last SEC check: 2024-04-27 19:26:21 ET.professional rustacea.. @adhsec
426 Followers 5K Following RE&VR, ex @mwrlabs,generally bad at computers, memory safe(probably), OS internals/hypervisor/browser research and bug hunting r&d also @ https://t.co/U0AuQYxIe1Dave W Plummer @davepl1968
46K Followers 59 Following Hi! I'm Dave Plummer. You might remember me from such Windows components as Task Manager, Windows Pinball, Calc, ZIPFolders, Product Activation, etc. Cheers!Signal Labs @signal_labs
277 Followers 1 Following Modern Offensive Security Training @ https://t.co/s02rnYlYiJ Business Inquiries: https://t.co/tRxhJMpyzVDavid Adrian @davidcadrian
2K Followers 475 Following @scwpod, @censysio cofounder, ZMap. Adding value / PM @googlechrome Security. “Refreshing”. Go blue![email protected] @amyexp
580 Followers 391 Following security gal | resident Chrome Security border collie && VRP lead | outdoor super-enthusiast | pop culture glutton | she/her/y'all | not here much / see uname🕊 @sephr
1K Followers 1K Following Goals: Defeat my enemies, optimize our galactic entropy. Enemies: Mortality, ignorance, hate, ennui. ❤️/🔁/ ≠ endorsement. Views are my own. 📨 ~@eligrey.comErin Gallagher @3r1nG
13K Followers 10K Following @3r1ng.bsky.social - independent researcher. previously: @TaSCResearchJon Millican @JonMillican
754 Followers 650 Following Software Engineer on @Messenger privacy and E2EE. he/him Can't provide Facebook/Instagram account support. Mastodon: @[email protected]Malcore @Malcoreio
7K Followers 69 Following Simple File Analysis: simplifying reverse engineering, malware analysis, and creating accessibility. An @internet2pointO product. Sister product: @5thcolumn_I20Allen Jones @ajMSFT
2K Followers 869 Following Retired internet plumber. Threat analyst emeritus. Former co-founder, Microsoft Threat Intelligence Center.Hackers_paid_83.5BTC_.. @83_5BTC
613 Followers 17 Following404 Media @404mediaco
17K Followers 10 Following a journalist-founded tech outlet here to fuck up the internet.CreepNT @CreepNTech
40 Followers 130 Following 🇫🇷/🇬🇧 - Embedded/CS student - PS Vita developer & reverse engineer - Ratchet & Clank fan -🐱 loverOpen Source Intellige.. @OSIA_RUSI
1K Followers 166 Following Delivering cutting-edge open source and geospatial intelligence to derive insights on a range of defence and security issues @RUSI_org📔 Michael Grafnett.. @MGrafnetter
3K Followers 114 Following IT Security Researcher and Trainer, Author of the DSInternals PowerShell Module, Microsoft MVPguyru @guyru_
839 Followers 478 Following Vulnerability research, cryptography, FOSS, finance and random stuff. Leading @cellebrite's iOS research.Nullnet Services ADM @nullnetservices
40 Followers 98 Following official Nullnet Services account | email (proton backed): [email protected]Paul Chichester 🏴�.. @0xChich
2K Followers 401 Following Director Operations, NCSC, GCHQ. Views entirely my own and do not necessarily reflect those of my organisation. 🏴 @[email protected]htmx.org / w4c enthus.. @htmx_org
44K Followers 230 Following high power tools for html - ʕ •ᴥ•ʔ made in montanaThe Grug Brained Deve.. @GrugBrainedDev
6K Followers 0 Following complexity very, very bad https://t.co/KTeN6qL3JMCsaba Fitzl @theevilbit
7K Followers 905 Following macOS Security -- Trail running 🏃 -- Mountains ⛰ -- Tolkien fanTom Warren @tomwarren
275K Followers 2K Following Senior Editor at The Verge @verge ║ I cover all things Microsoft, PC, and tech║ DMs open║ Got a news tip? msg me on Signal: tomwarren.01OpenWallet Foundation @OpenWalletFdn
691 Followers 24 Following Enabling a trusted digital future for a wide range of wallet use cases | @LF_Europe open source projectDavid Parkinson Frost @ParkinsonFrost
4K Followers 29 Following Britain's finest humorist. Host of various infosec shows against my will. Phish me, I must be dreaming.Silent @__silent_
10K Followers 197 Following Game developer, modder, reverse engineer, legacy code specialist. I port games for a living and patch them as a hobby. Also known as CookiePLMonster.Ellen Nakashima @nakashimae
86K Followers 1K Following National security reporter for The Washington Post. [email protected]cats with jobs 🛠 @CatWorkers
2.2M Followers 173 Following Good cats being workers • Unionized • Mascot @JobertTheCat • Takedown/credit/submissions: [email protected]Joshua J. Drake @jduck
28K Followers 2K Following A funemployed researcher living in the intersection between security and embedded Rust.iBotPeaches @iBotPeaches
1K Followers 106 Following @Sourcetoad Employee, Apktool Maintainer, PHP nerd, Leaf Halo stats, Cicada 3301 researcher. Opinions are my own.PixelBoot @BootingPixel
697 Followers 2K Following AOSP Enthusiast 📱 | Aviation Enthusiast ✈️ | Conference Speaker 🔊 | Open Source Contributor 🌍 | Tech Enthusiast 💻 | [email protected] ✉️Cellebrite @Cellebrite
16K Followers 2K Following Cellebrite, the global leader in digital intelligence solutions, empowering agencies to protect & save lives, accelerate justice and preserve privacy.Paraben Corporation @parabencorp
4K Followers 275 Following Digital Investigation Technology for DFIR, OSINT, and CYBER.Proton Drive @ProtonDrive
28K Followers 28 Following Free end-to-end encrypted cloud storage made by @ProtonPrivacy. Securely backup and share your files. Open source, publicly audited, and Swiss based.@flawedworlddev finally a good open-source OS I can daily drive 🤩
@flawedworlddev Me: "I know, I'll type this fixed attack sequence at the top of a file of critical data, so I can use it later to play with some things. I'll be clever and stick a space in the middle of it so AV won't wipe my file." TIL: Spaces are not considered significant by this AV engine.
ProTip: Don't type a malicious RTF sequence that exploits Office 97 at the top of a text file full of critical and unreplaceable data. 🤦
A Go CL has been proposed to implement Encrypted Client Hello (client-side only for now): go-review.googlesource.com/c/go/+/578575
The United States FTC has banned non-compete agreements. We look forward to all of you creating a cyber security startup ftc.gov/news-events/ne…
One of the greatest moments in Pentagon history occurred during today’s press conference. @billyjoel
Today we will give all of you a lesson on computer hardware. This comprehensive video will explain the different components of a computer and how it all comes together to make the magic of the world wide web
In less than 24 hours from now, the unix timestamp will be 17,1337,1337
This is what UAF looks like with FUGC. This is guaranteed. It'll always trap. No tagging. No probabilities. No shenanigans. No way around it. Your program just gets fugced.
If you've never seen "The Net" starring Sandra Bullock, you're over due. Starting to wonder if these security product companies watched it and got crazy ideas.
Jia Tan found a way to get paid to work on open source. Why can't you
@GrapheneOS @dwizzzleMSFT Hm this is bizarre. At least on the PC side at QCOM, encrypted DRAM is used with a key thrown away between reboots
@flawedworlddev @GrapheneOS @dwizzzleMSFT Advertised as runtime memory encryption @ qualcomm.com/products/mobil…
@flawedworlddev You know, you'd think this would've been done sooner.
I’m looking forward to Device Bound Session Cookies which would have a meaningful impact on the online security of billions of people. blog.chromium.org/2024/04/fighti…
"Coding in C++ is too hard!" my honest reaction: