Alice Climent

2.1K posts

Alice Climent

@AliceCliment

Malware and EDR stuff @harfanglab 🤓 || PTC || Sister of @h313n_0f_t0r & @lauriewired

xchg eax, eax Katılım Kasım 2018

282 Takip Edilen3.4K Takipçiler

Sabitlenmiş Tweet

Alice Climent@AliceCliment·4 Nis

Curious about what's happening in the Windows Kernel after a Syscall? I just wrote this post following the worfkflow from the Syscall instruction to the target kernel routine ⬇️ alice.climent-pommeret.red/posts/a-syscal… Thanks again to @Set_hyx for the proofreading!

English

248

570

Alice Climent retweetledi

Karsten Hahn@struppigel·4 Oca

I have created a website, where you can share your sample analysis (via links or posts) and search samples for training based on tags and difficulty. If you write analysis blogs, you can share them there. samplepedia.cc

English

122

404

29.9K

Alice Climent@AliceCliment·7 Oca

@Myrtus0x0 👀

QME

139

Myrtus@Myrtus0x0·6 Oca

hi :) if you wrote (or know who wrote it) elastic.co/security-labs/… can you reach out please

English

8.9K

Alice Climent retweetledi

Amnesty Tech@AmnestyTech·4 Ara

🚨 A new investigation jointly published by @insidestory_gr @haaretzcom & WAV Research Collective with the technical assistance of @Amnesty has exposed the internal operations of Intellexa, a company notorious for selling Predator spyware. amnesty.org/en/latest/news…

English

Alice Climent@AliceCliment·1 Eki

@vxunderground this tbh

English

274

Alice Climent retweetledi

vx-underground@vxunderground·30 Eyl

You don't have to write super sophisticated malware with 9000 different evasion techniques Just name it important_file.pdf.exe and have it prompt for UAC. They'll probably allow it

English

828

36.5K

Alice Climent@AliceCliment·2 Eyl

@gzobraJn 🫡

QME

GzobraJn@gzobraJn·2 Eyl

@AliceCliment Welcome back.

English

Alice Climent@AliceCliment·1 Eyl

My blog is back online \o/ The new domain is alice.climent.red

English

11.4K

Alice Climent@AliceCliment·2 Eyl

@duckyctf Thna' you 🙏

English

Alice Climent@AliceCliment·13 Şub

@matteyeux

GIF

QME

1.5K

matteyeux@matteyeux·13 Şub

Looks like someone got a 0day burned ?

ZeroZenX@zerozenxlabs

🚨 $1,000,000 Bounty for iOS Zero-Day! 🚨 ZeroZenX is offering a $1M reward for a working zero-day exploit that bypasses USB Restricted Mode on the latest version of iOS. If you’re a top-tier security researcher and have a reliable exploit, we want to hear from you! 💰 Reward: $1,000,000 🔎 Target: iOS USB Restricted Mode Bypass 📩 Submit here: vrp.zerozenx.com We value responsible disclosure and work with researchers to ensure security vulnerabilities are handled ethically. If you have what it takes, submit your findings today! #zerozenx #CyberSecurity #cybersecuritynews #vulnerability #ios

English

244

37.5K

Alice Climent@AliceCliment·13 Şub

@artem_i_baranov Absolutely!

English

Artem I. Baranov@artem_i_baranov·12 Şub

@AliceCliment We need a better vulnerability severity scoring system, right?.. It's typical that in most cases each side calculates the score differently

English

116

Alice Climent@AliceCliment·12 Şub

I just realized something. The advisory says: "This issue does not add additional capabilities to an attacker with administrative privileges to damage the attacked system." Well, that's not true. The PoC allows an attacker to remove EDR/AV files (exe, dll, drivers) and

Alice Climent@AliceCliment

The vulnerability I've found last year in @kaspersky AV is nows patched 🥳 #220125" target="_blank" rel="nofollow noopener">support.kaspersky.com/vulnerability/…

English

1.9K

Alice Climent@AliceCliment·13 Şub

🤩🔥🔥🔥🤩

Artem I. Baranov@artem_i_baranov

Windows Rootkits and Bootkits Guide is available in an eye-friendly design and colors 🕶️🎆🎄 github.com/ArtemBaranov/W…

ART

896

Alice Climent@AliceCliment·12 Şub

@YoursSto @BrHackeuses @kaspersky 🥹

QME

Sto@YoursSto·12 Şub

@BrHackeuses @AliceCliment @kaspersky She's such an inspiration 🔥💘

English

BrHackeuses@BrHackeuses·12 Şub

Kudos to @AliceCliment for her great work ! 🎉 She found a vulnerability in @kaspersky AV, now patched. 🔎✨ Proud to celebrate our @BrHackeuses members making the world safer! 💜 🔗 Read more: #220125" target="_blank" rel="nofollow noopener">support.kaspersky.com/vulnerability/… #CyberSecurity #BrHackeuses #BugHunting

Alice Climent@AliceCliment

The vulnerability I've found last year in @kaspersky AV is nows patched 🥳 #220125" target="_blank" rel="nofollow noopener">support.kaspersky.com/vulnerability/…

English

186

Alice Climent@AliceCliment·12 Şub

@artem_i_baranov 4.4 according to them. They choose None for availability. For me it's High 🤷‍♀️ #CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" target="_blank" rel="nofollow noopener">first.org/cvss/calculato…

English

129

Artem I. Baranov@artem_i_baranov·12 Şub

@AliceCliment CVSS?

Dansk

Alice Climent@AliceCliment·12 Şub

@artem_i_baranov No... But I submited a CVE request to MITRE yesterday. We'll see 🤷‍♀️

English

Artem I. Baranov@artem_i_baranov·12 Şub

@AliceCliment They didn't agree to CVE?)

English

Alice Climent@AliceCliment·12 Şub

@artem_i_baranov Yes ! I just need to find the time to write it 😄

English

Artem I. Baranov@artem_i_baranov·12 Şub

@AliceCliment Congrats! Should we expect a blog detailing it?

English

Alice Climent@AliceCliment·12 Şub

@artem_i_baranov yes and no. Usually vuln that need admin priv are not eligible for the bounty (which was ok with me because I wasn't asking/seeking any bounty. However after they analyze my report and PoC they decided to give me 1000€. Which was pretty cool of them !

English

Artem I. Baranov@artem_i_baranov·12 Şub

@AliceCliment Was it eligible for bug bounty?)

English

113

Alice Climent@AliceCliment·12 Şub

a registry key, they are able to remove any AV/EDR on a Windows machine. BYOVD Style ( but without interacting directly with the driver though 😅). If I found the time I'll write a blog post about this vuln

English

513

Alice Climent@AliceCliment·12 Şub

without any tools. The PoC is using the driver indirectly (via specificaly crafted data in registry keys) to remove ANY files or registry keys after a reboot. So yes, it adds new capabilities for the attackers to damage the system. Because with just the driver load and data in

English

575

Keşfet

@Myrtus0x0 @insidestory_gr @haaretzcom @amnesty @vxunderground @gzobraJn @matteyeux @artem_i_baranov