silentwarble retweetet
We're happy to announce a long-term partnership with Motorola. We're collaborating on future devices meeting our privacy and security standards with official GrapheneOS support.
motorolanews.com/motorola-three…
English
silentwarble
171 posts
@GrapheneOS @0xcyp Do you know a rough price range for these new devices? I've been holding off on upgrading waiting to see these new ones.
English
@0xcyp We're working with a major OEM on meeting our update and security requirements for a subset of their future devices. Earliest device meeting our requirements may launch in 2026 but it may be in 2027 instead. It's not easy to make secure devices providing what GrapheneOS needs.
English
> trying to switch to a privacy-focused phone
> @GrapheneOS seems like the best OS
> only supported by Google phones
mfw 💀
English
Good stuff as always
Tim Blazytko@mr_phrazer
The recording of our (CC @nicolodev) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl is now online! Recording: youtube.com/watch?v=QxSGWk… Slides: synthesis.to/presentations/… #BinaryNinja Plugin: github.com/mrphrazer/obfu…
English
silentwarble retweetet
lol whole new calling conventions for PIC literally a day after I release my kit 😅 aff-wg.org/2025/10/13/wee…
English
silentwarble retweetet
We at @emproofsecurity open-sourced a free firmware reverse engineering workshop for self-study.
Topics: ELF analysis, cracking, malware triage, embedded-Linux, bare-metal, crypto-key extraction, anti-analysis. Docker setup and solutions included.
github.com/emproof-com/wo…
English
silentwarble retweetet
silentwarble retweetet
You can only score 100% ATT&CK coverage for so long
x.com/nickvangilder/…
Nick VanGilder@nickvangilder
Microsoft: After extensive deliberation, Microsoft has decided to not participate in the evaluation this year. This decision allows us to focus all our resources on the Secure Future Initiative and on delivering product innovation to our customers. (techcommunity.microsoft.com/blog/microsoft…’s-participation-in-mitre-attck®-evaluations-enterprise-2025/4422639) S1: This decision was reached after a thorough review internally and is being made so that we can prioritize our product and engineering resources on customer-focused initiatives while accelerating our platform roadmap. (sentinelone.com/blog/sentinelo…) Palo Alto: After thoughtful evaluation of our priorities, we have decided to adjust the focus of our engineering and testing resources and will not be participating in this year’s MITRE evaluation. This decision enables us to further accelerate critical platform innovations that directly address our customers' most pressing security challenges and respond even faster to the evolving threat landscape. (paloaltonetworks.com/blog/security-…)
English
silentwarble retweetet
We've just pushed details on our latest #Nighthawk release (Sivako) nighthawkc2.io/sivako/ - including async BOF support, native kerberos and more 🔥 vimeo.com/1115201393?sha…
English
@tijme @OrangeCon_nl this looks cool. Haven't tested yet but added to pic library github.com/silentwarble/P…
English
silentwarble retweetet
Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl !
Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode.
github.com/tijme/dittobyt…
English
@Flangvik I've enjoyed my Yamaha monitors as well. Never got a sub as they had enough bass for me.
English
silentwarble retweetet
Do you want to trigger shellcode only when:
- Certain DNS resolution happens?
- Certain servers are reached out to?
- When you get a 112 byte long response?
...etc
Meet InternetSetStatusCallback() for fine tuning execution (or if you are just bored):
gist.github.com/whokilleddb/59…
English
silentwarble retweetet
Are you thinking of writing a C2? Do you want to modify an existing C2? Have you ever thought "why on earth did they do it that way"? Join me as I show what I've learned from 7 years of open source C2 and agent development so you can start off with success :) I can't wait!
GIF
Florian Hansemann@CyberWarship
The Agenda for 2025 is live, Its a blast 💥💥💥 Check it out! mcttp.de/agenda
English
@HackingLZ I'm not sure what to tell people trying to break into the field. I've just been saying its possible but way harder. Not sure where to point them as an alternative.
English
The problem with entry and mid level taking drastic hits is AI needs to keep advancing at a fast enough rate because you’re killing the talent pipeline
Florian Roth ⚡️@cyb3rops
I’ve been a vocal critic of AI developments – in 2023 I still dismissed a lot of the hype. Last year, I stayed mostly silent. Not because I agreed, but because I started seeing signs that impressed me. This year, after what we’ve built and tested internally across several areas, I’ve decided to speak up. The results are undeniable. Things will change. Drastically. I used to think the AI hype was exaggerated. Then I started quietly replacing tasks I once gave to interns, junior devs, content writers, and analysts. The revolution already happened. You just didn’t notice because it speaks politely and has good grammar. What machines did to manual labor in the last century, AI is doing to cognitive work now. Software development, design, analysis, monitoring, even documentation – all of it is shifting. And no, it’s not “coming soon.” It’s already here, and it’s accelerating. Entry-level is gone. Mid-level is on thin ice. Senior? You’d better be excellent and adaptive. If you’re still asking “why?” – you’re either not looking, or you don’t want to see it. You will. Probably the hard way.
English
@xCipher007 Wouldn't be a proper ctf without some jank in the testing lab. I've never had a test where everything went without a hitch...🤬
English
Gave my OSED attempt and finished 2 challenges but one of them didn't seem to work on the target, but worked well in dev 🥲. Anyways it was definitely an amazing attempt. Took me ~9 hrs for both challenges and all the remaining time debugging the issue with the target server 💀. I was really close to getting it, but it's alright. Will try harder next time 🫡
English
silentwarble retweetet
New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers. ibm.com/think/x-force/…
English
@RedTeamTactics I have my team generally match the pace of the org. Unless we think it's a major issue, I've found that maintaining internal relationships and not stressing everyone out provides more value. So we just pick our battles. We set fires occasionally but we're selective about it.
English
This continues to be a great tool. I'm using it to make stripped down throwaway VMs for when we do ops. Otherwise win11 is such a hog: github.com/ntdevlabs/tiny…
English
Ooh someone's taking notes. @SentinelOne If ya'll got any questions feel free to hit me up. Referrers hitting the Hannibal agent repo:
English