Stephen Sims
@Steph3nSims
Followers
20,404
Following
605
Media
415
Statuses
3,429
Perpetual Student | SANS Fellow | Musician | Braggart Hater | Gray Hat Hacking | VR | 🏂 | deadcode |
Berkeley, CA
Joined February 2014
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#getoutofrafah
• 1956319 Tweets
Dortmund
• 450334 Tweets
Mbappe
• 338757 Tweets
Reus
• 107849 Tweets
Palestino
• 96595 Tweets
iPad Pro
• 88136 Tweets
Dembele
• 83348 Tweets
Olón
• 81969 Tweets
Grok
• 73531 Tweets
FOURTH BE MINE 10M🩵
• 57913 Tweets
#น้องพลีสสิบล้านวิว
• 57897 Tweets
YAIBA
• 55640 Tweets
دورتموند
• 44083 Tweets
#WWENXT
• 30441 Tweets
Demichelis
• 25228 Tweets
backnumber
• 19872 Tweets
ズゴック
• 19459 Tweets
Chará
• 12429 Tweets
ゼウスシルエット
• 12148 Tweets
Flamengo de Tite
• 10955 Tweets
プレス機
• 10244 Tweets
Once I finally hit 10K followers I’m going to give away 10 copies of Gray Hat Hacking 6th edition to likes on this tweet. They’ve been hanging out in my office and I want them to go to good homes!
110
298
3K
Exploit dev tip in 1998: grep memcpy
Exploit dev tip in 2021: grep memcpy
6
145
784
During a webcast last week to announce the new Offensive Operations curriculum at SANS we gave away a free course. I made mention that we would give away a few copies of Gray Hat Hacking 5th ed. as well. Tomorrow,
@SANSOffensive
will randomly select 5 people who like this post.
12
42
637
I’m going to randomly pick 3 people who retweet this to receive a copy of the book. I’ll tweet out the winners tomorrow. I’ll also be giving away two more copies later this week complements of
@RayRedacted
! …and maybe a couple more next week just for university students
30
1K
582
That happened way faster than expected. I’m en route to the airport to fly to Vegas to teach. I’ll use the time on the plane to pick 10 random names and @ them in my next tweet. I’ll ship when home after the weekend. Thanks!
Once I finally hit 10K followers I’m going to give away 10 copies of Gray Hat Hacking 6th edition to likes on this tweet. They’ve been hanging out in my office and I want them to go to good homes!
110
298
3K
71
43
579
Debugging the Windows Kernel and Undocumented Structures
6
133
507
Zero to Hero: The process of reversing and exploiting complex vulnerabilities!
2
122
467
Just got the physical copies of Gray Hat Hacking 6th ed. in the mail! A few people were asking about the ToC. Here it is... I'm going to think of a way to give a couple copies away soon. I'll tweet when I figure that out!
33
54
431
Active Directory Certificate Services: The Latest Attacks - with Tim Medin
0
147
413
Tomorrow, I am presenting to a group of 12 girl scouts about infosec and hacking. For some reason I am more nervous about this than teaching a roomful of MIT PhD’s. 🙈
30
9
391
Join me on the Off By One Security stream this Friday with
@chompie1337
, to watch her walk through the process of reversing and exploiting complex vulnerabilities! This one will answer a lot of great questions commonly asked about exploit development!
12
75
327
Low-Level x86-64 Architecture, Linking & Loading, Memory Management, etc...
2
84
323
Browser Exploitation Introduction: Part 2 - Use After Free Against IE 11, Bypassing MemGC and Isolated Heaps
0
73
293
I get a lot of DM's, etc... from people saying that they "feel dumb," "..too far behind to get good at reversing," "..should probably change professions," "..are too late to the game." You're wrong! We all start somewhere. Would anyone be interested in a stream on how to start?
39
23
285
I had to delete an earlier tweet, sorry. I just found 10+ vulns so far in the pdf previewer used by Outlook, etc....Crazy part is that it was by doing some basic things from
@DidierStevens
tools here: with an interesting corpus (which was the hard part)...
2
74
282
Reverse Engineering Exploit Mitigations Series - Do Not Allow Child Processes
0
65
283
Windows Exploit Mitigation Series thus far:
- Do Not Allow Child Processes:
- Stack Pivot Protection:
- Isolated Heaps:
- High level look at CFG and Heap Spraying:
0
100
273
I’m down to teach the retired section from SEC760 on browser Use After Free exploitation during a couple public streams if folks would be interested. Would be against IE11, but the bug class and technique is still very relevant. Thoughts?
25
26
265
Upcoming Off By One Security Streams:
2-Feb -
@Steph3nSims
on IDA Pro
9-Feb -
@psifertex
on Reversing with Binja
16-Feb -
@_hugsy_
on GEF Unleashed!
23-Feb -
@asoni
on Reversing with Ghidra
1-Mar -
@mrgretzky
on What's new with EvilGinx!
10
67
252
Gray Hat Hacking 5th ed. is out! Just back from London to get my author copies. I need to figure out a good way to give away a couple copies
35
59
221
Breaking into Hacking as a Career!
1
80
218
Hacking Google Cloud Platform (GCP) with Kat Traxler!
1
50
219
Stoked! My first (sadly)browser 0-day of the year was approved for purchase and responsible disclosure. Info leak + RCE + SBX. Brutal.
Side-note: Why no matter where I live am I literally on the last USPS stop of the day?
17
11
216
Windows Exploit Mitigation Series - Reversing Export Address Table Filtering (EAF)
1
54
214
Web Bug Bounties: Tactics to Hunt for Logic Vulnerabilities
0
56
215
Would anyone be interested in a short(ish) session on intro to IDA Pro tomorrow (Friday at 11AM PT)? Even if you use ghidra, you'll still learn some things. I'll set an arbitrary number of 250 likes. Not because I care about ratio, but to make sure people are interested! haha
11
15
209
Windows Device Drivers Internals and some Reversing
3
44
206
The History of Heap Spraying
3
48
198
Off By One Security streams are back! Join me Thursday, the 7-DEC at 11AM PST with the amazing
@DidierStevens
, who will give us awesome insight (and likely some new tools) on Cobalt Strike from a Blue Team Perspective! AKA: Improve your red team chops!
2
48
184
Someone on LinkedIn sent a DM asking if I’d be interested in writing a “PERL for Kids” book. How could someone dislike children so much?
9
13
178
On January 20th,
@chompie1337
will be on the Off By One Security Stream to share knowledge on the process she uses to reverse and exploit complex vulnerabilities!
I'll be giving away a Proxmark3 during the stream!
YT:
LinkedIn:
4
44
167
I'm gauging interest in a possible course offered under my curriculum at SANS.
Could you like this tweet if you'd be interested in a 2-day lab heavy course on bug bounties / vuln discovery & disclosure, written by someone with cred from LinkedIn, Etsy, Facebook, ATT, & many more
11
14
167
Available for presale! I believe it ships in March. I’ll be giving some copies away as well when I get them. All proceeds for my portion are going to
@CAL_FIRE
!
7
45
166
IDA Pro and Hex-Rays Decompiler Giveaway! One lucky person will win by being the first to solve a challenge!
Join me this Friday at 11AM PT on the Off By One Security stream where I'll dive into Scripting with IDA Pro and static analysis for bug hunting!
2
38
167
Based on requests, I've posted my BSidesCharm slides on MS Patch Diffing for Exploitation to
2
85
159
I plan to do a series of short videos covering various Windows Internals components. Members helping with our tuition assistance and charity goals will get first access and then public to all in the days after.
What is the _CONTEXT structure
3
29
154
I’m recording SANS SEC760 “Advanced Exploit Dev” at home over the next week with
@jgeigerm
for OnDemand. Thinking about streaming/webcasting the module on IDA Pro while I’m recording this Saturday at 1PM Pacific Time if there’s an interest. Worth it?
12
18
153
I plan on doing a new Windows Internals stream, as people often ask for one, but here are a couple of existing videos on the topic:
from
@mrexodia
from
@alexsotirov
2
36
153
If you haven't had a chance to watch the chat between
@davidbombal
& myself, talking about getting into exploit development, check it out here: David has a lot of great content! I'm looking forward to catching up with him again to talk about new topics!
2
14
151
Join me tomorrow on the Off By One Security stream with special guest Pavel Yosifovich
@zodiacon
for a session on Windows Device Drivers Internals, ...and Some Additional Reversing! 19-April at 11AM PT. Looking forward to this one!
3
34
153
So, I’m thinking about doing a weekly stream where I have guests & we talk all things red, purple, exploit dev, etc.... Content focused. Certainly not a new concept by any means, and I’m not the streaming type, but I’m down if you all think it would be cool and useful. Yay? Nay?
24
7
148
Join us tomorrow (15-Mar at 11AM PT) on the Off By One Security stream with guest
@mrexodia
, creator of x64dbg, as we take a look at debugging Windows internals and such with this amazing debugger! Come with your questions!
2
26
144
To all of those waiting for SANS SEC760 "Adv Exploit Dev" to go live in OnDemand, sorry for the delay. I JUST got done re-recording book two on advanced Linux exploitation. It is finally done! Remote labs are done! So much work. Very excited and thanks for your patience.
4
32
146
SANS SEC760 IDA Pro Challenge
Binary:
Target: nc 5760
To win: DM me a screenshot of target compromise, your source IP, & exploit code. First one to do this wins the IDA license! I will post when a winner is identified. Good luck!
2
79
141
Tomorrow's Off By One Security stream will be my attempt to do another browser exploitation session. My very first stream was browser exploitation against IE 7. This one will be IE 11, and a mem-disclosure bug. I'm a bit rusty, but we'll try! Yay?
4
23
140
Join me on tomorrow's Off By One Security stream at 11AM PT, as we cover a bit on getting started with reverse engineering and debugging. This will be a series to help those of you preparing for your self-learning journey or an upcoming course!
This Friday's Off By One Security stream will be on the topic I've "Quote Retweeted." We're going to start with the introduction to reverse engineering. It will be technical, but introductory, and then we'll ramp up through a series over the coming months. Come with questions!
5
11
71
2
32
138
Exploiting Off By One Vulnerabilities
0
33
136
Any interest in a Blockchain and Crypto Security Summit? Would you attend? Would be virtual. Security has been lacking in that space.
33
9
133
In case you missed it, I did a 2 hour webcast on Use After Free exploitation here: Subscribe to my YouTube channel to find out when future streams will run and on what topics!
2
40
126
Tough question to summarize. Gray Hat Hacking is at the point where we'd normally start working on the next edition. Questions:
- Know any universities who use it?
- Are printed books still desired?
- Would you want a 7th edition?
The replies will help determine the outcome.
29
23
128
The most important slide in the updated version of SEC760. 😂
5
16
127
To all of those who track my posts, you need to check out
@ale_sp_brazil
work. He publishes so much quality research on reversing and more! Reading his work will save you countless hours. Thank you, Alexandre!
To date I've already written 644 pages to help the security community and, hopefully, more articles will be released in the coming months:
9.
8.
7.
6.
5.
4.…
10
278
898
2
26
125
Would anyone be interested in webcast sessions on exploit dev course content that is being retired to make room for other material? Still good stuff, but perhaps showing its age. I’d be happy to do some if it’s useful.
23
12
127
We'll see how this one goes!! I'll be "attempting" to stream a module from a class I'm teaching on OS architecture, linking & loading, etc.... I'm not sure if it will turn out well as it's a "rogue" stream. haha. 9AM EST, 27-March... Off By One Security
0
24
125
On the Off By One Security Discord server, I was asked to post some questions I'd ask a potential candidate applying for a vulnerability researcher position. I'm sure some will not agree with the questions, but they work for me! Feel free to use them.
1
20
123
Identifying Library Versions When Remotely Hacking Linux Vulnerabilities
Stephen Sims
-
@Steph3nSims
Identifying Library Versions When Remotely Hacking Linux Vulnerabilities
0
31
119
My CA plate is Ox9O & has been for over 10 yrs. I rarely get questions or comments on it. I was thrilled today to get approached by a high school kid today while taking my daughter to the park, who asked “Is that a NOP plate? I’ve used that hacking vid games.” She made my day! 🙌
4
8
118
I'm very excited to announce the release of the highly anticipated SANS SEC588 - Cloud Penetration Testing course. Congratulations to
@mosesrenegade
on completing it. Watch for the beta announcement date soon:
@SANSPenTest
7
45
117
That was a fun stream to do. If you're interested in seeing how an exploit mitigation works in Windows Defender Exploit Guard, you can see the recorded stream here:
In the image is a simple function that validates that the stack pointer hasn't been stolen
0
34
117
Hello! There will not be an Off By One Security stream today, but check out some of the upcoming streams with
@zodiacon
,
@cutaway
,
@haxorthematrix
,
@yarden_shafir
, and
@jstrosch
!
More to announce soon! Have a great weekend!
2
16
116
I’m going to leak a bit of cool news out about Hackfest Hollywood in Nov!
Day 1 Keynote:
@chompie1337
Day 2. keynote:
@inversecos
This event is gonna be 🔥🔥🔥! We also have comfirmed talks from
@FuzzySec
and
@33y0re
CFP is dropping soon. Get your submissions ready!
10
28
114
I should really pay more attention to how big things are before using all of my credit card points to buy something. 🤦♂️
23
2
114
About to start the SANS Offensive Operations webcast! Thought I’d sport my lucky binary shirt. Can’t take a selfie for the life of me.
8
4
111
If we were to do a Gray Hat Hacking 6th edition, what topics do you think should be covered, or just update it to be current?
20
26
108
Getting Started with Debugging Hyper-V for Vulnerability Research
1
28
105
Monday, August 29th will be my first stream. This one will just be me. I will teach content on Use After Free browser exploitation. I plan to do it weekly with lots of guests. Majority technical content. Minimal BS! More details soon! .
2
35
109
Just came across this silly image I made a long time ago when taking a mental break from reversing. It would be amazing if someone made a plugin to turn any recursive descent function view in IDA Pro into a Donkey Kong game!
5
8
106
Someone on my stream mentioned CET bypasses. To date, I've only seen this done by avoiding ROP, such as mentioned here using RPC:
If someone has seen a different way, please share if public.
2
20
106
Most CVE's are privately disclosed. Exploit framework vendors, and many others, want to have the most exploits for non-public vulns. Weaponization of n-day vulns has decreased over the years. It can be very time consuming and lead to non-exploitable bugs, but you learn a ton. 🧵
2
25
106
Check out the latest chat that I had with
@davidbombal
! I share my own journey a bit, as well as some considerations that might be useful to you, depending on your path.
Mind blowing 🤯 $20 million USD bounties!
Zero to Hero Money Hacking Roadmap with the amazing
@Steph3nSims
who shares his years of experience with us!
Watch and learn 😀
YouTube video:
#ios
#android
#apple
#cyber
#cybersecurity
#windows
#macos
…
6
26
153
4
13
105
GEF Unleashed: Tips and Tricks for Efficient Exploit Crafting
1
27
102
Probably only the 3rd or 4th selfie I’ve ever taken in my life, but proud of my 10 yr old boy for making it out of surgery to remove a mast cell tumor. Grade 2 thankfully!
9
6
104
New stream added to the Off By One Security calendar. March 22nd with
@ergot86
, one of my coauthors of Gray Hat Hacking 6th ed., as he takes us through "Getting Started with Debugging Hyper-V for Vulnerability Research!" This will be a good one!
3
24
105
Join me this Friday at 11AM PT with guest
@ergot86
for a session on Getting Started with Debugging Hyper-V for Vulnerability Research!
1
22
103
Any interest in a webcast walking through a browser memory disclosure bug? Would be advanced of course...
34
13
102
Twitter puts me in a bad mood way too often, so I’m just going to say something positive. I appreciate all of you who bring value to the platform. I look forward to seeing you in person again at conferences soon and to grabbing a coffee or a beer. So long to COVID-19. 😊
3
7
103