Jimmy Wylie

@mayahustle

Adversary Hunter at . Lead Analyst on TRISIS. Spend my days (and nights) searching for and tearing apart threats.

Baltimore, MD
Geregistreerd in april 2009
142 foto's en video's Foto's en video's

Tweets

Je hebt @mayahustle geblokkeerd

Weet je zeker dat je deze Tweets wilt bekijken? @mayahustle wordt niet gedeblokkeerd door Tweets te bekijken.

  1. heeft geretweet
    27 jun.

    Absolutely stoked to get published in PoC || GTFO, but all credit goes to for making it happen! He polished this ridiculous exploit and authored an equally funny write-up. Want to exploit 20yo software like a boss? Get your PoC here -->

    3 antwoorden 22 retweets 40 vind-ik-leuks
    Deze collectie tonen
    Deze collectie tonen
    Ongedaan maken
  2. 28 jun.

    On the plus side, sounds like a good research area. WASM disassembler anyone?

    1 antwoord 2 vind-ik-leuks
    Deze collectie tonen
    Deze collectie tonen
    Ongedaan maken
  3. 28 jun.

    My heart goes out to colleagues working on web-based malware: "there are not many publicly available tools for analyzing Wasm binaries. Similarly, hardly any documentation exists on how to analyze a Wasm application at this time"

    1 antwoord 1 retweet 1 vind-ik-leuk
    Deze collectie tonen
    Deze collectie tonen
    Ongedaan maken
  4. heeft geretweet
    27 jun.

    Want to run powershell without using powershell.exe! If your target have Microsoft SQL Server installed use sqlps.exe

    14 antwoorden 364 retweets 674 vind-ik-leuks
    Ongedaan maken
  5. heeft geretweet
    27 jun.

    Some of the compiler-based security mitigations we've added in Android P

    1 antwoord 36 retweets 40 vind-ik-leuks
    Ongedaan maken
  6. 28 jun.

    Filed under: Reasons I dislike COM. No need to do DLL replacement+proxy. Just use an abandoned reference. Only difference is the attacker will have to load the DLL as opposed to it getting loaded by the owning program. Solid work.

    [Blog] Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32
    1 antwoord 3 vind-ik-leuks
    Ongedaan maken
  7. heeft geretweet
    28 jun.

    Slides from my talk “A Code Pirate’s Cutlass: Extracting Software Architecture from Embedded Binaries” (automated recovery of object file boundaries) are posted here:

    27 retweets 46 vind-ik-leuks
    Ongedaan maken
  8. 27 jun.

    If you're interested in seeing the slides from our talk, we were on Day 3.

    We started releasing Recon Mtl 2018 Slide, they are integrated in the schedule talk description we are still missing a few slides.
    3 retweets 4 vind-ik-leuks
    Ongedaan maken
  9. heeft geretweet
    27 jun.
    Als antwoord op

    Concision is the most important skill in reverse engineering. Conveying only the details that matter, and their role in the bigger picture.

    2 retweets 5 vind-ik-leuks
    Ongedaan maken
  10. 27 jun.

    Related to this idea of keeping your customers Q in mind, or maybe an effect of this? Analysis doesn't require starting at the top of the graph (i.e. Main). Instead, start at whichever point in the graph you think is most relevant.

    2 vind-ik-leuks
    Deze collectie tonen
    Deze collectie tonen
    Ongedaan maken
  11. 27 jun.

    This breakdown is on point and is applicable to much more than RE. -- Reminds me of advice I gave a student once: What does your customer need? Find it, interpret it and report it. Stop bathing in bits and move on.

    Als antwoord op @mayahustle
    it helps to follow the Alexiou Principle 1. What question are you trying to answer? 2. What data do you need to answer that question? 3. How do you extract that data? 4. What does that data tell you? i.e. IMHO client's Qs drive the RE, not the analyst
    2 antwoorden 4 vind-ik-leuks
    Deze collectie tonen
    Deze collectie tonen
    Ongedaan maken
  12. heeft geretweet
    27 jun.

    Our network has been under sustained attack this morning. We are working with our upstream providers to mitigate the attack. Emails are delayed but will not be lost. Thank you for your patience.

    79 antwoorden 441 retweets 1.142 vind-ik-leuks
    Ongedaan maken
  13. 27 jun.

    💯 This.

    Als antwoord op @gutterchurl @mayahustle @reconmtl
    My mentor used to say, "as pentesters we don't get paid for our hacks, but what we put in customers' reports". If a customer cannot understand and redo your extremely technical hack then how would they fix it? Any question from customer for details meant we could've done better.
    1 retweet 7 vind-ik-leuks
    Ongedaan maken
  14. 27 jun.

    There aren’t a whole lot of us, so we can’t expect the folks who read or listen to our output to understand in the way we do. Frankly, it’s the most challenging part of this gig and why cons like are so nice. You can remove the filter and be with your own kind (3/3)

    3 antwoorden 1 retweet 16 vind-ik-leuks
    Deze collectie tonen
    Deze collectie tonen
    Ongedaan maken
  15. 27 jun.

    Otherwise, in some sense, the audience has to be an RE to understand the explanation. Then, why do they need the RE to begin with? If an RE can tear apart the most complex, obfuscated malware, but can’t make its operation understandable then that RE is just a puzzle solver. (2/3)

    1 antwoord 1 retweet 8 vind-ik-leuks
    Deze collectie tonen
    Deze collectie tonen
    Ongedaan maken
  16. 27 jun.

    I’ve come to realize that the most important part of RE is to translate code into language understandable to the audience. Whether C coders, SOC analysts, or newbies, an RE should be able to tailor an explanation accordingly. (1/3)

    7 antwoorden 21 retweets 39 vind-ik-leuks
    Deze collectie tonen
    Deze collectie tonen
    Ongedaan maken
  17. heeft geretweet
    26 jun.

    Did you know our 1000th penguin chick, Millie, eats one pound of fish every day?! You can help provide for our colony by donating to the Maryland Zoo today, before the fundraising year ends June 30th:

    4 retweets 12 vind-ik-leuks
    Ongedaan maken
  18. 26 jun.

    TFW you find seemingly incorrect timezone conversions in and can't figure out whether it's intentional or ignorance.

    1 retweet 3 vind-ik-leuks
    Ongedaan maken
  19. heeft geretweet
    25 jun.

    Send your great ICSsec work / session proposal to the CFP ... S4x18 was 447 attendees, 3-days, 3-stages and a lot of fun social

    6 retweets 6 vind-ik-leuks
    Ongedaan maken
  20. 26 jun.

    In case PPC isn't your jam, we summarized important findings from our analysis in this Dragos blog post. For example, there are 12 hookable network commands, leaving 11 other options for the attacker.

    and share their key takeaways from the "Analyzing TRISIS" webinar last week in today's blog: If you missed this webinar, be sure to check out our webinars page for the recorded version!
    1 retweet 3 vind-ik-leuks
    Ongedaan maken

@mayahustle heeft nog niet getweet.

Het laden lijkt wat langer te duren.

Twitter is mogelijk overbelast of ondervindt een tijdelijke onderbreking. Probeer het opnieuw of bekijk de Twitter-status voor meer informatie.

    Je bent misschien ook geïnteresseerd in

    ·