TinySec
@TinySecEx
Followers
2K
Following
337
Media
42
Statuses
315
Security Researcher. Usenix 2017 ,MSRC top 100 2016/2017/2018. All the tweets are totally my personal opinions, not about any of my current employer stuff.
China
Joined November 2015
Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities https://t.co/lvkazLnJyQ
0
35
87
AI-assisted data mining can yield good results even with small models, but it can also make mistakes.
2
0
12
Modern automated patch analysis makes life easier , power of CFG!
4
19
120
I heard you like using static typing, and so do I. Use static typing to manipulate binaryninja and write native plugin !
github.com
BinaryNinja dotnet C# Bindings (Typed, Safe, Native AOT Ready) - tinysec/binaryninja
0
14
78
Great work! you guys are geniuses. You also made a PatchDiff bot! Is the OpenAI o1 POC generation so good? Unfortunately it is not available in China.
I have posted the slides for the talk @chompie1337 and I gave this past weekend at @h2hconference -> The Kernel Hacker’s Guide to the Galaxy: Automating Exploit Engineering Workflows #H2HC
https://t.co/Cl8b58KkAv
1
4
53
#patchdiff The patch is so simple, I was surprised i didn't notice there was no check here before this patch.
2
1
40
me too, nice to meet you sir.
It was really nice to meet some former colleagues @long123king and @TinySecEx today at #POC2024 #livelongandpwn 😎
0
0
3
nice to meet you again after so many years
1
0
16
The best security researcher.
Personal update: if you need a guy who is passionate on innovative in-the-wild zero-day exploit detection and advanced vulnerability research, please let me know. DM open. :)
1
1
11
This patch day, Microsoft introduced new garbage collection mechanism in win32k. In addition to the previously introduced type isolation mechanism, there is now garbage collection, making it more difficult to control the heap feng shui.
3
44
149
MS assign CVE-2024-38057,CVE-2024-38052,CVE-2024-38054 for ksthunk.sys. Is this one of them? Before this month, Did not check the stream header size . so if setup two stream and control the first header size less then 0x30 will corruption the next header?
0
2
38
As we all know, releasing security patches for operating systems to fix bugs is a serious matter and should not be used for commercial competition.
1
0
3
it's hard , but finally works! a poor man's binary ninja headless & remote mode in c# without commercial licence!😂
0
0
6
I'm so excited today to announce that I'm launching my own online training platform @CalypsoLabs 🎊 The first course to appear on Labs is "Windows Instrumentation with Frida", check it out: https://t.co/iCm2JEsuH9 Labs is partnering with @vector35, when you sign up you get a
38
112
404
If you also need to reverse and debug windows , this simple but useful project maybe can make your life easier. https://t.co/TLvFofuwS9
0
22
45
In my opinion, this humble fix may be much more important than something like CVE-2024-21338.
0
0
0
sorry for typo , 'attach' -> 'attack' . And this vulnerability is also not included in the patch announcement. Is it also a silent fix?
1
0
0
Interesting patch. so before this month, it's possible totally bypass CI by attach CiBuildEaCacheContents cache win race condition? and the CI cache is build from SHA1/SHA256 of file.
2
2
15