Alex Ionescu

@aionescu

Windows Internals Expert, Speaker, Trainer and Security Researcher. He/Him. RTs are not endorsements, opinions are my own.

Seattle, WA
Vrijeme pridruživanja: travanj 2008.

Tweetovi

Blokirali ste korisnika/cu @aionescu

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @aionescu

  1. Prikvačeni tweet
    11. ožu 2019.
    Poništi
  2. proslijedio/la je Tweet
    2. velj

    Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't. and I wrote about these!

    Poništi
  3. 31. sij

    Windows 10 19555: "MiMirrorBlackPhase". Can't tell if someone's a fan of or if this is yet another thing Justin Trudeau is up to.

    Poništi
  4. proslijedio/la je Tweet
    21. sij

    In those CET times: It's possible to return in unwinding to any address in the SSP, causing a "type confusion" between stack frames ;) I really like the different variants of this concept :) Type confusions are on fire! (stack frames, objc for PAC bypass)

    Poništi
  5. 20. sij
    Poništi
  6. 20. sij

    The only right answer to “honey, I really hate Valentine’s Day and commercial couple stuff” is a ridiculously outrageous infosec party in Berlin. Can’t wait to see everyone at this awesome conference, the speaker lineup is amazing and the trainings are stellar!

    Poništi
  7. proslijedio/la je Tweet
    20. sij

    It's finally here, guys - is back! Checkout the schedule && register now!

    Poništi
  8. proslijedio/la je Tweet
    20. sij

    The wait is finally over! Registration & schedule for 2020 are live. Places are limited so register NOW:

    Poništi
  9. proslijedio/la je Tweet
    16. sij

    After a lot of work and some crypto-related delays, I couldn't be more proud to publish 's and mine latest research - The complete overview of CET internals on Windows (so far!):

    Poništi
  10. 16. sij

    CVE-2020-0601 Day 3: It begins

    Poništi
  11. 16. sij

    If you’re tired of hearing about crypto32, elliptic curves, and other CVE-2020-0601 shenanigans, have a read over our new blog post on Windows’ Intel CET implementation in the face of SetThreadContext and NtContinue. Come for the exploit mitigation, stay for the XState Internals.

    Poništi
  12. 14. sij

    Is that a base point in your elliptic curve parameters, or are you just happy to see my public key?

    Poništi
  13. 14. sij

    Thanks to some amazing last-minute work by multiple teams, I'm happy to share that Falcon detects exploitation attempts of CVE-2020-0601 and shows the Certificate Authority, SHA-1 of the malicious certificate, and ECC curve parameters. More details in our Tech Alert

    Poništi
  14. 14. sij

    -2020-0601: "Certificates containing explicitly-defined elliptic curve parameters which only partially match a standard curve are suspicious, especially if they include the public key for a trusted certificate, and may represent bona fide exploitation attempts."

    Poništi
  15. proslijedio/la je Tweet
    14. sij

    I was supposed to publish something awesome today and crypt32 ruined my plans. But I look cute so here's a selfie instead 🥰

    Poništi
  16. 14. sij

    I feel out of shape. Time to get on the Elliptical.

    Poništi
  17. 14. sij
    Poništi
  18. 4. sij

    Happy birthday, mami. Thank you for existing for yet another year. 😘

    Poništi
  19. proslijedio/la je Tweet
    4. sij
    Poništi
  20. 3. sij

    Love ? Still wondering why “security companies” are writing C89 file format parsers in Ring 0 kernel mode drivers that handle IOCTLs from unprivileged user mode processes? So are we. We are hiring:

    Poništi
  21. 1. sij

    Happy 2020 everyone! I hope you all get your hearts’ desires and wishes.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·