Carolina Trigo @hacknlearn
exploit development | reverse engineering instagram.com/lowlevelclub Joined February 2024-
Tweets206
-
Followers48
-
Following194
-
Likes402
Trying to learn security research and getting overwhelmed by all the details? I just published a guide showing my process for step-by-step analysis of a security feature: windows-internals.com/an-exercise-in…
C God’s programming language.
Alexandre Borges has published over 700 pages of free security, malware and vulnerability research. A complete Malware Analysis Series covering Windows, macOS, iOS, Linux and shellcode. An Exploiting Reversing Series covering Windows kernel exploitation, Hyper-V, Chrome, and a three-part deep dive on CVE-2024-30085. No paywall. No course. Just research. Free as in beer. exploitreversing.com Author: @ale_sp_brazil #ReverseEngineering #MalwareAnalysis #InfoSec
0days-in-the-Wild — Real Zero-Day Exploits Analyzed by Google Project Zero 💀🔥 Want to study how real-world zero-days happen? • Tracks vulnerabilities actively exploited in the wild • Includes detailed Root Cause Analysis (RCA) reports • Covers browser, mobile, OS, and enterprise software exploits • Shows exploitation trends, bug classes, and attack techniques • Maintained by Google Project Zero researchers Instead of learning from theoretical examples, this repository lets you study actual zero-days that attackers used against real targets. 🔗 github.com/googleprojectz… #ZeroDay #ThreatIntelligence #GoogleProjectZero #CyberSecurity #InfoSec #RedTeam
Security research reporting is kinda the only situation where an individual has any power over a corporation. What goes unsaid: the researcher could easily sell exploits on the grey market and get rich. Most report out of morals, lowk a refusal to contribute to cyberwarfare. Vendors relying on those morals to bully are happily prodding good people until they crack
Not that ‘responsible’ disclosure shit again 🙄 No vendor uses that term unless they want to call someone irresponsible. Even if someone drops 0day, patch & move on. Going after a researcher is a great way to turn 1 bad relationship into many terrible relationships.
x86 segmentation maps memory references through segment registers. It is still used in modern x86-64 for FS/GS, especially thread-local storage and kernel per-CPU data. In sandboxing, segmentation can restrict untrusted code to a fixed memory region. MIT 6.858.
Plugin Contest winners used it. Binarly built award-winning Rust bindings with it. BinSync added an idalib mode for headless pipeline support... ... Now it's your turn. We're hosting a free virtual workshop on idalib — IDA as a library. Call IDA's analysis engine directly from your own code, automate workflows without launching the GUI, and integrate IDA into any toolchain you're already running. Free. Virtual. Hands-on. 👉 2dgu4h.share-eu1.hsforms.com/2D4ZYPjdCRFODE…
eBPF is kinda insane and nobody talks about it enough Netflix uses it to trace flow logs across their whole fleet without tcpdump eating the CPU. Cloudflare drops millions of malicious packets per second with XDP, before the kernel even bothers building an skb. that's the trick btw: XDP runs at the driver layer, so you reject junk traffic before the network stack wastes a single cycle on it. Google GKE dataplane v2 is built on Cilium/eBPF, and Google wrote about pushing it to 65,000-node clusters, which is frankly a stupid-big number. Netflix found a noisy-neighbor disk latency bug in prod that classic tools just couldn't see, because the latency was hiding between syscall and disk. practical tip most people miss: you don't need to write raw BPF bytecode like it's 2016. grab bpftrace, write a one-liner, get histograms of syscall latency in 10 seconds. and boom, you can see your prod read sizes live. no recompiles, no restarts, no downtime. the wild part is it's basically a tiny VM running sandboxed inside the kernel and the verifier won't even let you crash the thing. observability without the observer effect, finally. btw, I am building pktz - github.com/immanuwell/pktz - eBPF-powered network traffic monitor, per process, per connection, live. #ebpf #networking #cilium #devops #k8s #kubernetes #sre #cloud
This blog walks through bypassing ASLR and NX on ARM64 with two bugs that only work together. One leaks a memory address. The other turns that address into a shell. Either alone is harmless. Full walkthrough: 8ksec.io/arm64-reversin… Follow @8kSec for more practical security content
AI is good at identifying other weird machines. This is an interesting example of the not-so-trivial bug discovered by Mythos in the Linux epoll (event poll) subsystem.
We live in interesting times. Last month Linux patched a core uaf in the epoll subsystem, we rarely see these kind of bugs. As i like these kind of bugs, i wrote a few words about it here: guysrd.github.io
One of the long-standing challenges in C++ RE has always been vtable REconstruction. AI now solves this, and you actually get richer context than you'd ever get from manual recovery. Previously, HexRaysCodeXplorer plugin was born to ease that pain back in the day, but now I need to rethink how to make it truly effective in this new reality.
Sploity sense is getting good thanks to OST2 and Chompie’s blogposts lmao
Uninitialized data use, race conditions (TOCTOU), Use-After-Free (UAF), type confusion & info leaks: Vulnerabilities 1002 ost2.fyi/Vulns1002 by @XenoKovah teaches real CVEs, not fake toy examples. Real exploit walkthroughs included. Level up your 'sploity sense!
Oh, yes. Now we can understand things faster and get a lot of data to figure things out with more information in mind. Specially when learning complex stuff
@S1r1u5_ To me it feels like there’s more time and bandwidth to execute complex ideas. Pain of tedious time sucking parts largely alleviated. Reminds me of studying math when WolfRamAlpha got rly good. Students that used it to cheat + never learned to derive the equations didnt make it
I don’t play CTFs for a while and now I’m hearing colleagues and other competitors discussing the problem of solving the competition using AI. It seems so weird smh
Process Explorer has no driver file in its directory. It embeds the driver, and the 64-bit variant, as custom PE resources inside its own binary. Here's how that works: trainsec.net/library/window…
This talk is not about C++. This talk is about something more fundamental than C++. This talk is about the hardware. I want to talk about CPU caches because this is what is ultimately going to determine the performance of your program - Scott Meyers You are in for a treat with an opener like this! CPU Caches and Why You Care youtu.be/WDIkqP4JbkE.
Cache Design, Management, and Tradeoffs by Onur Mutlu (@_onurmutlu_) youtu.be/_CzOaPRjt4Q
wrote an article about the write() syscall explaining how a simple write call in Linux works all the way down to the electron level. Your binaries do not get saved the moment you call write(). They get saved when electrons are physically trapped inside the SSD. Check that out.
Before I started learning binary exploitation, a segfault just meant the program crashed and I needed to fix something. Now when I see a segfault I immediately want to know what address it tried to access, whether I put that address there, and how far into the buffer I was when it happened. The crash is not the end of the conversation anymore. It is the start of one. That shift in how you read a crash is actually what separates someone who is debugging from someone who is exploiting. The program is giving you information either way. What changes is what questions you are asking when you receive it. pwndbg makes this very visible. You can see exactly where execution stopped, what the stack looks like at that moment, what registers are holding and where they are pointing. Nothing is hidden. You only have to know what you are looking at. Learning to read a crash properly is probably the most transferable skill in this entire process. #pwncollege #BinaryExploitation #InfoSec
Something nobody really talks about with buffer overflows is how much of the work is just reading. Reading the disassembly to understand what the binary expects. Reading the stack in pwndbg to know where you actually are. Reading the crash to figure out what you controlled and
Energy light worker �... @WorkerLight1
4K Followers 8K Following Truth, Freedom, Harmony, Nature, Wisdom, Art, Science, Spirituality, Christus
Anderson Nascimento @andersonc0d3
4K Followers 6K Following Director & Security Researcher @alleleintel
Abdur rahman rafi @Abdurrahmanraf6
3 Followers 848 Following
𝖘𝖒𝖔𝖐𝖊 @deeponvoid
0 Followers 70 Following
John @John48927796459
0 Followers 28 Following
0xM3m0ryK1ll3r @K1s4m3C75781
2 Followers 5 Following Красивая, умная и озорная девушка, просто прелесть. Программирование это сделка с демоном чисел без потери рассудка.
Maxine @maxinethesecond
3 Followers 276 Following
Andrea Di Dio @hammertux
229 Followers 1K Following PhD Candidate in Computer Systems and Security @vu5ec / @VUamsterdam
Alex Moshkov @amoshkov
2K Followers 1K Following Community Bro @ 🟥 Positive Technologies / @PTSWARM / @ptdbugs / @StandoffBB / #PHTalks / #PHDays / #PHCamp
Dan "18pF flip-flop" @dcominottim
2K Followers 6K Following Passionate about computer HW and SW design & architecture. Walking the Way of the Fool.
Allele Security Intel... @alleleintel
1K Followers 2K Following Allele Security Intelligence is an independent company specializing in Information Security research.
Alvez.X86 @Alvez_X86
0 Followers 22 Following
m4r1nh0xFF @m4r1nh0xFF
9 Followers 147 Following
Rafael Sousa @orafildiz
2 Followers 39 Following 🇧🇷 🧑💻 Estudante e entusiasta de Defesa Cibernética
Daniel Cesar @_caesar_cs
0 Followers 12 Following
SQU4NCH @SQU4NCH
121 Followers 112 Following Sr Penetration Tester | Security Researcher | Former Army Sargent
skate4ever @skate_forever
328 Followers 1K Following
invoke-virtual {Dai},... @wh0isdxk
7K Followers 2K Following ✨my opinions are on my own✨ ex gamedev, offsec, mobile hacker, rev engineer, Android&iOS. (pt/en/es/de/ch/no) - au + ah/sd. acesse @tramoia_sh
O Fantástico Sr.Chim... @DevChimpa
31 Followers 150 Following Apertando teclas aleatoriamente até sair um código que preste...
dammit adhd @lfjf94
0 Followers 340 Following
Alex José @agile_alex
0 Followers 157 Following
juju carente @juligaioso
10K Followers 392 Following trabalho com cybersegurança tenho 15+ anos em TI; gosto de web hacking e ai hacking também faço textos sobre tecnologia sob demanda.
Alex @Alex12865237
18 Followers 273 Following
Ukonih @UkonihAkino
60 Followers 1K Following
TH @H0rmann
0 Followers 91 Following
pedruuv @PedroVitorGurg1
19 Followers 62 Following
O Fantasma Da Concha @aquele_sarta
124 Followers 974 Following I've been here and I've been there and I've been in between.
TheOne @OneAndOnlyCS
18 Followers 161 Following
[email protected] @r3tr074
2K Followers 584 Following Security research | https://t.co/SFZNGja5pn | CTF pwn/rev @eltctfbr + @r3kapig | yes, I'm the browser guy
João @joaogcuzzuol
23 Followers 413 Following
Arthur Soares @Arthur_ext
7 Followers 251 Following Não cabe a ti, escolher se sofres ou não, mas se no sofrimento tua alma de degrada ou dignifica.
las @albertolcsousa
46 Followers 804 Following
Elielson Melo @elielsonll77
22 Followers 71 Following Dev front-end👨💻💻 Redes de Computadores 3/5 - IFAP 💻 Nobody
Shift @Shiftreduce
3K Followers 2K Following
Petr Skocik @pskocik
421 Followers 324 Following Interested in high performance software, systems, langs & making better tools. https://t.co/zsqhoMpOWB
itszn @itszn13
11K Followers 734 Following Amy | Security researcher @ OpenAI | https://t.co/W1SE7NmCx8 | bsky: https://t.co/JBmOGE4YKO | LLM ART: https://t.co/7FtQ8O8nAW
Brandon Falk @gamozolabs
22K Followers 276 Following I find and exploit 0day, develop OSes, hypervisors and emulators, design massively parallel data structures and code, and do precision machining! Optimization❤️
Binary Gecko @Binary_Gecko
2K Followers 3 Following Binary Gecko GmbH. Custom Security Research Solutions. Organisers of @offensive_con.
starlabs @starlabs_sg
10K Followers 20 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
Seth Jenkins @__sethJenkins
3K Followers 132 Following Project Zero Security Researcher - Hang glider pilot - Loved by Jesus @[email protected]
Thach Nguyen Hoang �... @hi_im_d4rkn3ss
4K Followers 350 Following Security Researcher @starlabs_sg. Pwn2Own Mobile 2020, 2021, 2022, 2023. Pwn2Own Vancouver 2022, 2023, 2024, 2025.
REverse_Tactics @Reverse_Tactics
857 Followers 2 Following Software reverse engineering & vulnerability discovery company.
TrendAI Zero Day Init... @thezdi
89K Followers 16 Following TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Andre Lima @0x4ndr3
1K Followers 756 Following Exploit dev (windows) + Windows Internals + RE + Fuzzing
Piotr Bania @PiotrBania
3K Followers 108 Following The world needs bad men. We keep the other bad men from the door.
8kSec @8kSec
3K Followers 543 Following Offensive Security Trainings and Services. OnDemand Mobile Security & AI Security Courses - https://t.co/B8Q31o3VXY. Linkedin: @8ksec
Toluwanimicharles @charrlie3045
797 Followers 106 Following EE student • Mathematics enthusiast & researcher Building computer vision, audio recognition, and embedded systems from scratch. Interested in signal processing
Sherief, FYI @SheriefFYI
6K Followers 1 Following Performance Sisyphus. Contractually obligated to tell you that my views and opinions do not represent those of my employer.
leave @_leave07
154 Followers 77 Following i do linux kernel and x86 stuff for fun CTF player at @TheRomanXpl0it
Gabriel Prostitis @___prosti
329 Followers 149 Following CTF player for @TheRomanXpl0it, @towerofhanoi and @mhackeroni student at @polimi
Disconnect3d @disconnect3d_pl
4K Followers 705 Following Security Engineer at @trailofbits. Pwndbg maintainer, justCatTheFish CTF team captain. Opinions are my own =)
Intel Security @IntelSecurity
34K Followers 316 Following @Intel is at the forefront of silicon-level #security innovation working across the ecosystem to help protect customers from emerging threats.
celeste coenomia, thi... @vmfunc
23K Followers 1K Following silicon anthropologist, computer hacker, philes at @nullpt_rs & @0xud2 ΘΔ • EN/FR/DE/JP • blog/bsky @ https://t.co/j8wrRnByTc
iPower @iPowerPower
2K Followers 143 Following Just a guy who likes anime, fighting games, hypervisors and reverse engineering. Member of @the_secret_club. Do not DM me about game cheats.
HyperDbg @HyperDbg
4K Followers 2 Following We like hypnotizing computers. #HyperDbg https://t.co/FXulXKTGjp • https://t.co/u6lVGzQpCE • https://t.co/47t9Iyaigl
Zero-Point Security @_ZeroPointSec
14K Followers 6 Following
R.B.C. @G3tSyst3m
2K Followers 142 Following Security Professional and Researcher with over a decade of experience. I'm fairly low profile, but share useful info from time to time.
IDontCode @_xeroxz
4K Followers 568 Following Compilers, Windows, Obfuscation, x86-64, Hardware Hacking, and everything in-between Cofounder @BackEngineerLab building https://t.co/tlnjvFj2Lg
ThePrimeagen @ThePrimeagen
365K Followers 1K Following skill issues: 🟩⬛️⬛️⬛️⬛️⬛️(69/420) https://t.co/TYJ6aSq4O0 https://t.co/wQJlh4stsc https://t.co/wxeJWY8LmI
Samuel Tulach @tulachsam
1K Followers 186 Following web: https://t.co/IcZoSJKtPf git: https://t.co/TKQZNpsQHp
Back Engineering Labs @BackEngineerLab
2K Followers 4 Following Developing https://t.co/FGFRjFl0ql Discord: https://t.co/EeXwaigjlI
belabs_engineer @belabs_engineer
135 Followers 72 Following Interested in anything (de)obfuscation related.
Alex Matrosov @matrosov
20K Followers 2K Following Security REsearch @Anthropicai · Breaking & Fixing AI Failure Modes | Founder @binarly_io · @SBOM_Tools · @REhints | Author “Rootkits & Bootkits" (https://t.co/1wd2dfYHY6)
MatheuZ @MatheuzSecurity
2K Followers 362 Following Red Team Operator, Cyber Threat Intelligence, Malware Researcher
Alex Kuleshov @0xAX
11K Followers 174 Following Software developer. Posting about things that I've met during reading source code of different systems. Author of linux-insides.
AADITYANSHA @aadityansha_06
1K Followers 190 Following 18-yo || Learning C , Assembly X-86-64,CUDA | linux, nvim|Systems engineering | optimizing codes and my thoughts
Zed A. Shaw, Writer @lzsthw
19K Followers 447 Following Learn to code at https://t.co/M2PoncbFO6. I stream programming, games, and teach art at https://t.co/a41VlARoyB every day.
Cibele Russo, PhD @cibelerusso
8K Followers 1K Following 👩🏻🏫 Professora Livre-Docente em Estatística e Ciência de Dados 💻 Aprenda comigo direto da sala de aula USP: https://t.co/BkkGMYGAiG
Alex Plaskett @alexjplaskett
14K Followers 584 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Andrea Di Dio @hammertux
229 Followers 1K Following PhD Candidate in Computer Systems and Security @vu5ec / @VUamsterdam
NULLCON @nullcon
22K Followers 2K Following International #Security Conference, Training & Exhibition Platform - the neXt security thing! ✈️Up next #NullconBerlin2026
NULL @NUL0x4C
10K Followers 414 Following Windows Malware Researcher | co-founder of https://t.co/1YRk2CEjaOTrends for United States
You might like
