chompie
@chompie1337
Followers
72,004
Following
998
Media
182
Statuses
3,708
Explore trending content on Musk Viewer
Rio Grande do Sul
• 134797 Tweets
Madonna
• 126157 Tweets
Boeing
• 119118 Tweets
Nathan
• 92350 Tweets
Irak
• 64008 Tweets
عدنان البرش
• 41958 Tweets
#SRHvRR
• 35919 Tweets
Olimpiade
• 28951 Tweets
Bhuvi
• 22955 Tweets
KPLC
• 19730 Tweets
Bruno Mars
• 19651 Tweets
Marselino
• 19279 Tweets
زياد
• 17375 Tweets
Ernando
• 14499 Tweets
Canna
• 14176 Tweets
ALGS
• 12294 Tweets
Guinea
• 12169 Tweets
Hubner
• 12081 Tweets
Pinned Tweet
Wow!! Thank you ALL for so much support on my first
#Pwn2Own
win!! I’m very lucky to have a team and leadership that believes in me. I’m really proud of this bug; this is one of hardest exploits I’ve ever written. I can’t wait to share the details with you once it’s patched!
85
88
2K
dentist: so, are you flossing?
me: are you using a unique password for every account?
390
10K
122K
why when you work in tech everyone expects you to maintain some super complicated home network as a hobby? do u think I wanna be a sysadmin for fun
403
466
7K
The C programming language is so unserious. Who fucking thought that "long long" was alright
253
244
5K
yes of course you can write secure C code, sweetie. you can do anything you set your mind to, mommy believes in you
56
364
5K
ok trying but I’m running out of spells
58
458
4K
Demonstrating CVE-2022-37958 RCE Vuln. Reachable via any Windows application protocol that authenticates. Yes, that means RDP, SMB and many more. Please patch this one, it's serious!
78
1K
4K
i hate going to the Releases in a repo and seeing this. this is not a release. this is putting your code in a folder.
69
189
4K
@Dixie3Flatline
a girl in front of me asked for one on my flight the other day and the pilot said “ask for one after we land, ever since that girl blew it up on TikTok we never have any 🙄”
1
11
4K
Remotely exploiting CVE-2022-34718, TCP/IP RCE bug
#EvilEsp
for DoS. This is a bug in Ipv6 fragmentation/IpSec, which allows OOB write if an Ipv6 fragment is contained inside an IpSec ESP payload.
55
521
3K
Thrilled to share my new blog post: Put an io_uring on it: Exploiting the Linux kernel. Follow me while I learn a new kernel subsystem + its attack surface, find an 0day, build an exploit, + come up with some new tricks. I go deep and demystify the process
48
642
2K
5 years ago today I had never used Linux, thought CLI was type of makeup brand, and the word “exploit” was not in my vocabulary. This Friday at 2pm I’ll be giving a talk
@reconmtl
on sandbox escape bugs in the Linux kernel. Time flies, trying to enjoy every moment 😌
59
121
2K
Releasing a Windows 11 LPE exploit by
@FuzzySec
and I. Exploits CVE-2023-21768, a vuln in afd.sys. Blog post soon!
32
574
2K
tried something new and wrote an LPE exploit for CVE-2021-3490, a bug in the Linux Kernel eBPF verifier. was fun and learned a lot - blog post + PoC coming soon. happy memorial day!
23
280
2K
So excited to finally release my blog post- Kernel Pwning with eBPF: a Love Story. I cover eBPF, the verifier, debugging, exploitation, mitigations and other cool findings! I do root cause analysis and exploit CVE-2021-3490 for LPE with PoC included.
36
590
2K
Curious about exploiting VMs or memory bugs in a safe language? Read my new blog post, where I attack Firecracker, AWS' VMM written in Rust. Learn about the various layers of virtualization + the attack surface, and how design decisions impact security.
30
454
2K
looking at stackoverflow always makes me feel better bc I’m pretty sure no one else can code either
28
147
2K
i'll admit - when i found it, i wasn't totally sure if i could get LPE with this strange little kernel bug alone. it took triggering the vuln 4x to do a full privesc with
#CVE
-2021-41073, a vuln in io_uring. blog post soon :)
39
222
2K
I’m usually pretty private on here, but it’s not everyday I get to brag about marrying the most amazing person I’ve ever met. I’m filled with love, happiness, and gratitude 🥰
232
15
2K
Windows has WinDbg 🥰 Linux has gdb 🥹 and on macOS you get immediately taken to jail if you have a passing thought about reverse engineering it
40
114
2K
responding to recruiter LinkedIn messages when ur feeling burnt out from your job is the corporate equivalent of redownloading Tinder
23
116
1K
still thinking about the time i asked my then boss for a Sublime Text license because I was sick of clicking the popup and his only reply was instructions on how to install vim
41
38
1K
In case you aren’t following along, Microsoft is trying to get employees to quit (so they don’t have to pay severance) by creating bad working conditions and skipping yearly raises. This follows other great moves such as switching to “unlimited” vacation right before mass layoffs
I don’t think I’ll ever forgive Microsoft for hiring the single greatest group of humans I’ll most likely ever work with and then making it impossible for us to stay.
107
142
3K
24
166
1K
If you missed the stream of my talk “Deep Attack Surfaces, Shallow Bugs” at SSTIC you can watch the recording here:
26
211
1K
html is a programming language and it’s how i learned to code. the T in STEM stands for tumblr
39
103
1K
My new blog post! Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”. Reverse engineering CVE-2022-34718 + write a remote Denial of Service exploit. Covers IPsec and IPv6 fragmentation in the Windows kernel, bin-diffing, and making weird packets
14
315
1K
Pleased to announce I’ve joined the
@xforcered
Adversary Simulation team. I’ll be focusing on exploit development and offensive security research. Stay tuned for new things ahead :)
63
33
1K
low level hacking: accidentally becoming a world expert on a very specific thing only like 8 other people know about (including the developers)
21
80
1K
BORN TO CODE
KERNEL IS A FUCK
Compile Em All C89
I am mailing list man
410,757,864,530 CVEs
10
103
969
started to learn how to cook to save money and now I just have an expensive hobby lmao
27
60
974
learned a ton about userland heap exploitation in Windows + DNS protocol writing an RCE exploit for
#SigRed
CVE-2020-1350. detailed technical writeup + PoC coming soon (sans rickroll 😇)
18
222
959
did you know? the syscall for WinAPI function GetAsyncKeyState queries the global keymap gafAsyncKeyState (exported) in the kernel. you can poll for keystrokes w/o registering a hook, installing a filter driver, or calling the WinAPI func- bypassing like 100% of A/Vs and ACs lol
28
193
952
Personally, I am ready for the ARM revolution
x86 has too many instructions and I'm tired
44
60
895
putting obscenities in your debug prints makes them work better
52
68
863
Since hacker conference szn is upon us, I’m taking the opportunity to remind everyone that neurodiversity looks different on everyone. I’m not a bitch , I’m just autistic and shy. please do say hi lol 💞
47
30
861
arch Linux, the OS you use while stealing wifi from the McDonald’s parking lot
39
52
844
Many have asked about the process of doing security research. Mostly it's a lot of troubleshooting and getting bullied online. Join me for my new blog post which details the process of exploring an attack surface, finding 0day, and exploit dev. PoC inside
19
221
849
this is a neat kernel bug I found in io_uring that is exploitable for LPE. was fun learning about and breaking another Linux kernel meme
CVE-2021-41073 loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
4
61
214
22
145
818
SandboxEscaper (Essbee) found her cryptographic memory corruption bugs ☺️ (she discovered the recent OpenSSL bugs). Was determined to go from logic LPE bugs to remote memory corruption; found both kernel and user 0click in < 3mo. One of the most prolific bug hunters of all time
19
69
826
At Black Hat tomorrow!! "Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation" by
@FuzzySec
and I. Come if you want to learn cool kernel techniques and evade those pesky mitigations. Sneak peak demo: leveraging 0-day to load our rootkit 😎
18
147
813
Officially been in the security industry for 5 years! Sounds like a long time, but still feel like a noob. The feeling will probably never leave; all I can do is challenge myself and grow. Thankful to the cool people I’ve met + being able to afford bills on autopay lol
44
24
799
not gonna post a bikini pic, just assume I’m extremely hot, ty
18
23
782
he was ransomware, she was a key, can i make it anymore obvious
30
82
760
You don’t FIND exploits. You build them. You FIND vulnerabilities and exploit them. As an exploit developer that has failed to exploit lots of bugs that look good, the distinction is important 😭
23
90
780
“but…but… the developers of the world’s most popular encryption framework were simply not experienced enough and did not possess the skill to code in an advanced programming language like C”, he said to himself, while crying
11
75
753
Finally get to release the video for my Recon2022 talk: Breaking the Glass Sandbox - Find Linux Kernel Bugs and Escape. It's awkward - A/V issues with slides. But, I expand on much more than what my slides contain. And the slides are edited back in 😎😌
11
189
745
messing up the python env to reinstalling the entire OS pipeline
25
68
736
My first ever blog post: Anatomy of an Exploit: RCE CVE-2020-1350
#SIGRed
. RCE PoC included, for research purposes. This was my first userland Windows heap exploit and I hope a deep dive into the process will help others. Patch or apply the workaround.
14
273
692
gonna guess this guy is a gamer thinks reverse engineering is only finding memory offsets to cheat
18
16
656
look, assembly is assembly. when one architecture dies, you learn another. why are you afraid of a CPU? are the wittle circuits scary lmao
39
38
650
I hope WinRAR offers Linux support soon. I’ve been waiting 5 years to unzip a file
31
35
651
New blogpost by
@FuzzySec
and I! Patch Tuesday -> Exploit Wednesday: Pwning Windows afd.sys in 24 Hours. We reverse engineer a bug + write an exploit using a cool new primitive. We also find out that it's been exploited in the wild (previously unknown).
9
240
645
has anyone tried telling the OpenSSL devs to simply stop making mistakes
20
30
637
it’s a shitpost bros. serious replies in this thread don’t be long long
12
4
625
Another Linux Kernel vuln with no CVE: “…can lead to a negative value
that will later be passed to access_remote_vm(), which can cause unexpected behavior.” In my culture we call that a buffer overflow
10
137
576
Just saw that this vulnerability I reported to Microsoft was found to be exploited in the wild. Guess we are looking in the right places. Blog and exploit code to be released soon.
10
84
572
I feel like bug bounty is the MLM of cyber security. The bug bounty platforms get rich and only a very small percentage of hunters can make a living.
Bug bounty isn't a way to get rich quick no matter how many bounties you see posted on Twitter
20
31
423
39
62
564
If an open source project supports building on Windows and Linux, I build it with Linux. The number of times I've successfully compiled someone else's code on Windows on the first try is approximately zero
20
33
560
can someone please buy me IDA pro, this north korean malware version ive been using is kind of slow..
22
23
553
what’s with the “mac users don’t understand technology” meme ??
69
47
543
astrology? no thanks, i majored in Math, so my brain doesn’t have any more room for completely made up information
26
36
549
Now have a dedicated place to find all my blog posts past and present: ! If you come across a dead link for a blog post of mine, you can find it there
16
123
548
interviewer: would you like to explain the TCP handshake?
me: no thank you, i prefer THC 😎
27
24
524
ngl if you show me something in AT&T syntax im gonna assume you’re a serial killer
27
37
524
TFW you think you’re just writing really good malware and accidentally morph into a systems programmer
14
25
514
it didn’t go as planned, but so grateful for the support. cheers to a first successful REcon 💕🙏🏼
Fangirling over
@chompie1337
for facing every speaker’s worst nightmare and delivering a 🔥🔥 talk
7
3
198
20
11
511
Have you ever loaded a dependency you didn’t build yourself? Ran a program you downloaded from the internet? Sorry but You got hacked
24
28
511
them: “what tools do you use to do advanced kernel hacking?”
me, pasting printk(“lol”) for the 12th time that day: “well you see… it’s quite complicated…”
17
27
512
I use Ghidra, Binary Ninja, and IDA - usually all at once. The performance of the first two is good enough that the price tag of IDA just isn’t warranted.
Sorry. Binja is my daily driver because it’s the only one of the that’s not a pain in the ass to use.
32
23
507
I don’t like it when (well intentioned) ppl tell me to “ignore the haters”, as if some random twitter troll is causing me distress, like I give a shit. I highlight it bc otherwise no one believes it happens. I find the older gen doesnt think there are barriers for women in tech
44
11
503
Almost a year and a half since I posted this, and it’s more true than ever.
It’s an especially lonely feeling when things seem to be going well. Feels like a dirty secret I’m hiding. Sure that bug/exploit was cool or whatever, but it’s the last one I’ll ever find!
29
28
505
A lot of tradecraft being burned here. Generally, good backdoor OpSec means shipping the least code possible. Later on, deploy additional stages to the desired targets.
Not only bc you risk burning less, but because more code samples means more “DNA” left behind for attribution
the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n
35
1K
6K
6
69
493
any hacker born after 1993 can’t code. all they know is printk, segfault at 0x41414141, be gay, do crimes, and lie
38
31
476
I often get asked for advice about break ing into Infosec, or how to start doing security research, in particular exploit development or vulnerability research. I’m no longer able to keep up with everyone that reaches out, but I want to give back to the community.
11
37
482