Forrest Orr @_ForrestOrr
Red Teamer, low level coding extremist and malware researcher. Windows exploit writer and bug hunter forrest-orr.net Joined September 2017-
Tweets179
-
Followers4K
-
Following526
-
Likes261
Does anyone know what mechanisms can be used to detect suspended (non-UWP) and frozen UWP app processes, and how to programmatically wake them up in a safe and persistent way where they don't just immediately freeze again?
3
0
3
1K
2
Is the ability of a non admin user to obtain a full query handle to a System integrity process and unravel its ASLR considered a security boundary? I know a PROCESS_QUERY_INFORMATION handle on a PPL is considered a breach of a security boundary even if the owner is local admin.…
I’m surprised to have recently learned that there does not seem to be a trivial way to receive notifications of suspended process launches in Windows via kernel proc notif callback, kernel ETW or EtwTi. Any ideas on how to do this? @zodiacon
Great patch, thanks for making the pull request.
Great patch, thanks for making the pull request.
Very well put together research that expands on some of the memory forensics articles I wrote several years ago, it’s excellent to see improvements are still being made to malware tradecraft in this niche
Very well put together research that expands on some of the memory forensics articles I wrote several years ago, it’s excellent to see improvements are still being made to malware tradecraft in this niche
Forrest Orr retweeted
My first research and tool are finally out. If you want to deep dive into some CLR internals and understand how we can abuse it to blend-in within its own logic go check it out. Hope you'll enjoy the read. ipslav.github.io/2023-12-12-let…
Forrest Orr retweeted
CVE-2021-38001: A Brief Introduction to V8 Inline Cache and Exploitating Type Confusion y4y.space/2023/05/06/cve…
Forrest Orr retweeted
Today I am releasing a blog about kernel exploitation in the age of HVCI. This post addresses calling arbitrary kernel-mode APIs, to go beyond “traditional token stealing” data-only attacks, while also dealing with kernel control flow integrity. connormcgarr.github.Io/hvci
Last summer I attended the Advanced Windows Heap Exploitation class given by @corelanc0d3r and cannot speak highly enough of his skill, dedication and enthusiasm for the topic. This is the training I recommend for learning memory corruption exploits. Truly one of a kind.
Excellent work, I think you’ve found (what is at present) the most optimal fusion of stealth techniques for evasion in memory. It doesn’t get any more cutting edge than this when it comes to the memory dimension of malware design these days
Excellent work, I think you’ve found (what is at present) the most optimal fusion of stealth techniques for evasion in memory. It doesn’t get any more cutting edge than this when it comes to the memory dimension of malware design these days
Excellent work on this. Well done!
Forrest Orr retweeted
Going to Blackhat USA this year? I’ll be teaching a 2-day training: Day 1 - Browser internals (Firefox and Chrome) Day 2 - Virtualisation Internals (VirtualBox and QEMU) Come learn from real source code and debug real world targets! blackhat.com/us-22/training…
Forrest Orr retweeted
Already released way earlier but I'm sharing on Twitter too just because. Blog post + poc on detecting malware through return addresses. Recommend also looking at the following made by @thefLinkk github.com/thefLink/Hunt-… arashparsa.com/catching-a-mal…
Thanks for bringing this to my attention Andrew, this would be a much more elegant way of filtering CLR JIT memory in Moneta.
Thanks for bringing this to my attention Andrew, this would be a much more elegant way of filtering CLR JIT memory in Moneta.
My personalized Windows 10 re-creation of the HYDSEVEN exploit chain used to target Coinbase. This chain involves the use of a Firefox RCE (CVE-2019-11707) and Firefox sandbox escape (CVE-2019-11708) for shellcode execution as Medium Integrity github.com/forrest-orr/Ex…
Forrest Orr retweeted
Full moneta bypass with 0FPs! A few more tweaks and I’m hoping peseive is next! @_ForrestOrr
vx-underground @vxunderground
368K Followers 290 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
Yarden Shafir @yarden_shafir
24K Followers 309 Following A circus artist with a visual studio license
Josh @passthehashbrwn
10K Followers 332 Following Adversarial Simulation at IBM, tweets are mine etc.
Grzegorz Tworek @0gtweet
36K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
hasherezade @hasherezade
89K Followers 910 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 812 Following 🔴 Operator, Initial Access afficionado, Researcher, ex-AV engine developer, ex-Malware analyst 🦋 @mgeeky.bsky.social 🫖 green tea lover
Dave Kennedy @HackingDave
223K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
klez @KlezVirus
8K Followers 706 Following Independent Cyber Security Researcher - Opinions are my own
Mike Felch (Stay Read... @ustayready
16K Followers 2K Following Targeted Ops Red Team @ TrustedSec | Hacking since Renegade BBS backdoors | Prior CrowdStrike/BHIS | In Christ's grip | I speak for myself only | K1HAQ
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / t501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Dominic Chell 👻 @domchell
18K Followers 540 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
h0mbre @h0mbre_
15K Followers 641 Following # Exploit Reliability Engineer # Developing a full-system snapshot fuzzer: https://t.co/mfVXhwoGYD # Avi: https://t.co/3fsQfVprCf
Jean @Jean_Maes_1994
12K Followers 1K Following @sansoffensive Certified instructor/SEC565 author/SEC699 co author
Nikhil @Ox4d5a
18K Followers 1K Following Penetration Tester | i XCHG 0's 1's and do hacks | Red Team Sorcery https://t.co/6LUhkvN2hz | #eJPT | #OSCP | #CRTP | #CRTA | #CESP | #CRTE
Greg Linares (Laughin... @Laughing_Mantis
37K Followers 2K Following 20+ yrs in Infosec. Malware Influencer. I turn Malware into Art and Music. Art @MalwareArt. 4x Pwnie Nominee. 𝕍𝕏. GameDev. Autistic.
Filip Dragovic @filip_dragovic
7K Followers 1K Following My research unless stated otherwise. My opinions are my own and do not represent the views of my employer.
Matthew @embee_research
14K Followers 2K Following Security Researcher, Creating and Sharing Educational Content.
Jerry Solis @jsoulisss
0 Followers 53 Following Software Engineering @ JT4 CRTO | CRTP Prev: @calpolyswift | @globalcptc | @NCAECyberGames Blog currently under development
CanYouLearnAtWork @CanLearnWork
2 Followers 119 Following
Alex H @_alexHD
0 Followers 47 Following He/him, offsec enthusiast, currently working in threat hunting
Hassan Ali @casp3r0x0
111 Followers 721 Following OSEP OSWE OSED (OSCE3) | OSCP | CCNP ENCOR & SCOR | CCNA | Senior Penetration Tester | Red Teamer
Kaida @ShutenDoji1337
1 Followers 48 Following
Peter Schawacker @PeterSchawacker
1K Followers 7K Following Cyber Business Innovator & Strategist | CISO | AI | GRC & SOC | DFIR/TTX | SecOps | Drive Margin | Nearshoring | LATAM-USA | Emerging Markets | GTM Advisor
AISecHub @AISecHub
4K Followers 4K Following 🚀 AISecHub | AI & Cybersecurity | Discussing AI-driven threats, securing AI systems, and sharing insights on emerging challenges 💡
Amalia Radoi @AmaliaRado56600
5 Followers 359 Following
Sarvottam sharma @ZeroDayGhost
5 Followers 90 Following Bug Hunter | Software Engineer | Cyber security
Bumblebee @Lolippop23
182 Followers 2K Following Cybersecurity & AI enthusiast | Offensive Security Learner | Building, breaking & understanding systems | Curious mind
@Cravaterouge.bsky.so... @rouge_cravate
278 Followers 64 Following Need a hand with your IT security? Send me a DM You can also find me on @cravaterouge.bsky.social
Norval Ziemann @NorvalZ22038
34 Followers 2K Following
Ojaswi Kumar Mishra�... @0xojaxwi
74 Followers 2K Following Old-school Malware & Offensive Security REsearcher | ⚡Kernel Pwner⚡
Uworfu @Uworfu675754
32 Followers 1K Following
Vithor @m3mdump
1 Followers 159 Following
Bad user Experience @tOrbert_93
2K Followers 5K Following #Bayern in my DNA ||👨💻 Cloud Engineer ||A wanna be Pentester and Vulnerability researcher| C, PHP dev 🤡
ko ko @kokoasdxz
1 Followers 39 Following
"GREATEST PRESIDENT O... @2happyCSGO
83 Followers 805 Following I do everything in IT/AI. Coding, networking, Azure domains, servers, high end PC's, extreme OC, you name it - I'll build, optimize & automate it to your specs
Brawhsor @Brawhsor9941
73 Followers 3K Following
𝓓ᵉⓥ𝐎ⓝ Ǥ�... @DasMeDevon
503 Followers 908 Following Just trying to reach that upper level — where your mind body and soul become one 🤌🤌🤌
z4rathustr4 @z4rathustr4
15 Followers 343 Following 28. Cybersec. Red teamer & Bug Bounty Hunter. CTF Player. Linux enjoyer since Ubuntu 8.04.
🇪🇸 @researcher_ESP
17 Followers 961 Following
P2GONE @GoneP273734
0 Followers 11 Following
Jamie Orr @JamieOrr276327
2 Followers 175 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/eHgjt9VqJe
Haifei Li @HaifeiLi
8K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
Hussein Sherafat @Hussein_Sherafa
234 Followers 6K Following
Jessica Gulick @jess_gulick
59 Followers 393 Following GET IN THE GAME. Serious gaming = Careers, @USCyberGames Commissioner; @Wicked6 Founder; @KatzcyLLC and @PlayCyber CEO; Cyber Sports Advocate; ❤️🏀🎶🐱 🖖
dXtPwN @dxtpwn
3 Followers 163 Following
flux @0xfluxsec
1K Followers 942 Following Cyber professional (red team), security and systems programming | Rust | https://t.co/QIih2B7vya | https://t.co/VC3xsm0Wvq
Haytam inc @inc_haytam
29 Followers 2K Following
K1r4sh1m0 @k1r4sh1m0
0 Followers 154 Following
jin huo @JinHuo21
3 Followers 105 Following
Erick Jonathan @ErickJo91206581
2 Followers 117 Following
Sivakumar @Sivakum63286269
23 Followers 119 Following
vx-underground @vxunderground
368K Followers 290 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
cts🌸 @gf_256
61K Followers 820 Following Co-founder and hacker @zellic_io & @pb_ctf | https://t.co/nlNai6iiMP | 24 Intern @egirl_capital slow to reply to DMs
John Hammond @_JohnHammond
298K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
Nicolas Krassas @Dinosn
146K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Yarden Shafir @yarden_shafir
24K Followers 309 Following A circus artist with a visual studio license
Josh @passthehashbrwn
10K Followers 332 Following Adversarial Simulation at IBM, tweets are mine etc.
Grzegorz Tworek @0gtweet
36K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
hasherezade @hasherezade
89K Followers 910 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
x86matthew @x86matthew
21K Followers 189 Following C / asm / system emulation / reverse engineering. @the_secret_club
Florian Hansemann @CyberWarship
84K Followers 47 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98M
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 812 Following 🔴 Operator, Initial Access afficionado, Researcher, ex-AV engine developer, ex-Malware analyst 🦋 @mgeeky.bsky.social 🫖 green tea lover
Dave Kennedy @HackingDave
223K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
klez @KlezVirus
8K Followers 706 Following Independent Cyber Security Researcher - Opinions are my own
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
Binni Shah @binitamshah
141K Followers 165 Following Linux Evangelist, Malwares, Security enthusiast , Investor, Contrarian , Philanthropist , Reformist , Sigma female 🦋 https://t.co/WOvf41tMKV
Nick Carr @ItsReallyNick
38K Followers 3K Following Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA
Josh @XJosh
26K Followers 178 Following Host of Mad at the Internet (https://t.co/kNjaVAgSE0). Operator of @KiwiFarmsDotNet. President of the US Internet Preservation Society (@USIPSorg). Just some fucking guy.
[email protected]... @0xdea
14K Followers 19 Following When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
Pirate Software @PirateSoftware
287K Followers 312 Following Game Dev - Streamer 💛 Go Make Games - https://t.co/IfsqGOr7jG 💜 Ferret Rescue - https://t.co/r761eUgXNe 💛 Business: [email protected]
Haifei Li @HaifeiLi
8K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
Microsoft Threat Inte... @MsftSecIntel
187K Followers 1K Following We are Microsoft's global network of security experts. Follow for security research and threat intelligence.
Hossam @0xHossam
1K Followers 1K Following I love doing hacky stuff | red team operator @CyShieldCompany | adversary simulations newbie | interested in malware & windows security research
Prelude @preludeorg
2K Followers 506 Following Prelude is building the next generation of endpoint security to augment existing tools and catch the threats they can't see yet.
DirectoryRanger @DirectoryRanger
35K Followers 96 Following This account assembles and disseminates information related to Active Directory and Windows security.
trickster0 @trickster012
3K Followers 270 Following In the land of the blind, the one-eyed man is king.
WaaWaa @frodosobon
488 Followers 479 Following Security Research Manager at SentinelOne || https://t.co/TD2cZi4g3X || Opinions are on my own. Soy un mono de fuego, soy imbécil y agresivo
sixtyvividtails @sixtyvividtails
3K Followers 393 Following Currently working as an independent GUID merchant. Fully licensed. I acquire, produce, and sell high-quality GUIDs.
AppSec Village @AppSec_Village
11K Followers 6K Following AppSec Village @DEFCON & @RSAConference A volunteer-run, non-profit focused on education, awareness, and community. Founded by @erezyalon and @tzionit411.
Mạnh Lê hữu @MnhLhu426089
3 Followers 171 Following
Kim Dotcom @KimDotcom
1.7M Followers 19K Following Entrepreneur, Innovator, Gamer, Artist, Internet Freedom Fighter & Father of 6
Duncan Ogilvie 🍍 @mrexodia
9K Followers 332 Following Reverse engineer, creator of @x64dbg and 100+ other projects. Love binary analysis and Windows internals. Dreaming about doing open source full time...
vxdb @vxdb
18K Followers 421 Following Journalist | Cybercrime News | Signal - vxdb.99 | PGP - https://t.co/VWwniNXrEc
Aurélien Chalot @Defte_
3K Followers 459 Following Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher https://t.co/SqDDhIGGGh 📖 🔥 Hide&Sec 🔥
🤷♂️ @floesen_
2K Followers 98 Following
Jean @Jean_Maes_1994
12K Followers 1K Following @sansoffensive Certified instructor/SEC565 author/SEC699 co author
Eric Wall @ercwl
168K Followers 5K Following troll-demon @taprootwizards, board @starknetfndn, gmeow @quantumcatsxyz, ex-business partner of @
Gabriel Landau @GabrielLandau
4K Followers 707 Following Tech Lead @ Elastic Security. Thoughts are my own. Also @[email protected] & @gabriellandau.bsky.social
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
KevinLu @K3vinLuSec
3K Followers 1K Following Bluehat Speaker, Vulnerability Research, Malware Analysis, Reverse Engineering on macOS, Android, Windows, IoT(Views represented are solely my own)
lxf @lxf02942370
441 Followers 81 Following Windows vulnerabilities hunting and exploitation. MSRC Most Valuable Security Researchers 2020 #10
S4ntiagoP @s4ntiago_p
3K Followers 852 Following Infosecing at @MDSecLabs, ex @CoreSecurity CVEs: -1
Cody Thomas @its_a_feature_
7K Followers 310 Following Mythic Developer (https://t.co/Uz4fOxIUbe) | @SpecterOps @[email protected] | @its-a-feature.bsky.social
Jason Lang @curi0usJack
16K Followers 200 Following @TrustedSec Red Team lead | Hi-Fidelity trolling | Privacy Enthusiast | Putting the "no" in nano | Avatar: https://t.co/3XHmKR8nCk
☠️ Brandon @__mez0__
3K Followers 432 Following 👽 UNC1194 🔥 Targeted Ops @TrustedSec 🤖 Dev @preemptdev "purveyors of the prettiest log files"
sn🥶vvcr💥sh @snovvcrash
12K Followers 488 Following Sr. Penetration Tester / Red Team Operator @ptswarm :: Author of the Pentester’s Promiscuous Notebook :: He/him :: Tweets’re my pwn 🐣
`Ivan @Ivanlef0u
11K Followers 3K Following
winterknife 🌻 @_winterknife_
4K Followers 5K Following low-level developer with a focus on 𝙸𝚗𝚝𝚎𝚕 𝚡𝟾𝟼 ISA devices running 𝚆𝚒𝚗𝚍𝚘𝚠𝚜 | R&D @BHinfoSecurity | https://t.co/lyJL0y7qRZ
NULL @NUL0x4C
9K Followers 393 Following Windows Malware Researcher | co-founder of https://t.co/1YRk2CEjaO
Rob Fuller @mubix
79K Followers 25K Following Dad / Husband / Marine / Student / Teacher / @Hak5 / @NoVAHackers / @SiliconHBO / @NationalCCDC / @MARFORCYBER Auxiliary
Raul • 𝖙𝖍𝖊... @theg3ntl3m4n
1K Followers 646 Following Lead Red Team @beyondtrust | Ex-Red Team @mandiant @crowdstrike
Larry Spohn @Spoonman1091
972 Followers 261 Following Hacker/Practice Lead of Force team @ TrustedSecTrends for United States
125 B posts
27,2 B posts
2.939 posts
35,8 B posts
3.982 posts
34,2 B posts
8.563 posts
1.394 posts
46,4 B posts
62,6 B posts
62,3 B posts
101 B posts
3.810 posts
23,3 B posts
294 B posts
72,2 B posts
84,3 B posts
83,2 B posts
49,4 B posts
You might like
x86matthew
@x86matthew
21K Followers
Matt Hand
@matterpreter
10K Followers
Ori Damari
@0xrepnz
6K Followers
Connor McGarr
@33y0re
10K Followers
S3cur3Th1sSh1t
@ShitSecure
26K Followers
spotheplanet
@spotheplanet
11K Followers
Mr.Un1k0d3r
@MrUn1k0d3r
13K Followers
SEKTOR7 Institute
@SEKTOR7net
15K Followers
Ryan Cobb
@cobbr_io
11K Followers
Pavel Yosifovich
@zodiacon
14K Followers
Melvin langvik
@Flangvik
10K Followers
Yarden Shafir
@yarden_shafir
24K Followers
Dwight Hohnstein
@djhohnstein
4K Followers
mgeeky | Mariusz Bana...
@mariuszbit
14K Followers
Bobby Cooke
@0xBoku
11K Followers