Vix

1.9K posts

Vix banner
Vix

Vix

@VixWizzer

cybersec as passion, shitpost as personality all in on Cloudsec / Bug bounty / https://t.co/1NKed7mYNX

Taiwan Katılım Ekim 2019
886 Takip Edilen191 Takipçiler
Sabitlenmiş Tweet
Vix
Vix@VixWizzer·
I did some further research on @kfosaaen's blog (all kudos to them): "We Know What You Did (in Azure) Last Summer." Hopefully you can take a look, the research took around 5 or 6 days: vix-w1zzer.gitbook.io/vixwizzer/tech…
English
2
4
10
1.2K
Vix
Vix@VixWizzer·
so uh am I cool now?
Vix tweet media
English
0
0
1
447
Cthulhu ( ;,;)
Cthulhu ( ;,;)@Cthulhu_Answers·
Elder God version of the Cthulu badge!
English
8
2
76
1.1K
Vix retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️ Nightmare-Eclipse just dropped "LegacyHive," a new Windows privilege-escalation zero-day PoC that targets the Windows User Profile Service, the component that loads a user's settings during sign-in. The PoC reportedly uses a carefully timed path-switching trick to make Windows mount another user's Registry file, potentially an administrator's, under a standard "helper" account. Nightmare-Eclipse claims it works across supported Windows desktop and server builds patched through July 2026. Nightmare-Eclipse says a private version could load arbitrary Registry hives, but that broader version has not been published. Interestingly, Nightmare-Eclipse previously told us that vulnerability names are inspired by random events in his life. "LegacyHive" appears to break from that convention. Deja vu: Microsoft patched this broad ProfSvc trust-boundary failure in 2015 as CVE-2015-0004, which also loaded another user's hive. LegacyHive appears to use a new path-swap to revive that bug class. As of writing: no CVE, no Microsoft advisory, no comment.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
14
94
763
33.1K
Vix
Vix@VixWizzer·
cybersecurity community is gotta be the best and the worst community ever
English
0
0
1
52
Low Level
Low Level@LowLevelTweets·
IS TWITTER SAVED?
English
31
2
275
19.3K
Vix
Vix@VixWizzer·
I'm 80% away from finishing the book, it's been great so far, learned so much
English
0
0
1
31
Vix retweetledi
solst/ICE of Astarte
>be Google >slowly work on Gemini >have all the data anyway >anthropic, openai, and xai completely self-immolate due to sheer greed >win It’s so easy when you’re patient. It doesn’t matter who is first.
English
33
14
365
12.7K
International Cyber Digest
International Cyber Digest@IntCyberDigest·
Last month I took Nightmare-Eclipse out for dinner. He's the person behind all those Windows zero-day PoC drops. He wanted to eat fish — a specific kind of fish. I'm not really fond of fish, so I had no idea where you could even get it; it's always something my brain skips over when reading a menu. I took him to a restaurant where he could have fish and I could have steak. When he took his first bite, he almost choked — he hadn't expected the bones to still be in it. I'd forgotten to warn him. After that, he started picking the fish apart with nothing but his knife. He went at it so methodically you'd think he ate fish like this for a living. He's a bright young fella, to say the least: very calm and professional. And after hearing his story, it sounds to me like Microsoft really screwed him over and sent him off the rails. I'm not allowed to say more, but this story still hasn't ended — that's for sure. Things will keep going like this for a while.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
49
54
992
60.1K
Vix retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️ BREAKING: xAI's Grok Build CLI was uploading entire Git repositories to a Google Cloud bucket, private codebases and unredacted secrets included. The uploads quietly stopped via a hidden server-side flag, and xAI still has not said a word about scope, retention, or deletion. The scale is staggering. On a 12 GB test repo, 5.1 GB flew out the door to xAI's grok-code-session-traces bucket while the actual coding task needed just 192 KB. The tool grabbed whatever repository it ran in, not the files it needed. The fix arrived as a hidden flag, disable_codebase_upload: true, a day after a researcher's wire-level analysis. The "Improve the model" opt-out never stopped the uploads. Still no advisory, no scope, no word on whether already-uploaded code gets deleted. For anyone pointing AI coding agents at proprietary code, what crosses the wire matters more than what the settings page says.
International Cyber Digest tweet mediaInternational Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
429
1.1K
8.5K
1.9M
Vix
Vix@VixWizzer·
brother what is this 😭😭
Vix tweet media
English
0
0
0
24
Vix retweetledi
Low Level
Low Level@LowLevelTweets·
🧙 NEW LINUX EXPLOIT🧙BIG AI🧙 SMOL AI 🧙 AI HACKS THE PLANET🧙ROBOTS TAKING OVER 🧙 AI HACKS THE PLANET🧙 x.com/i/broadcasts/1…
English
1
1
65
4.3K
Vix retweetledi
Ben Sadeghipour
Ben Sadeghipour@NahamSec·
I had Ads back on the channel and he did NOT disappoint! He hacked a major retailer's AI chatbot over DNS and walked me through the whole thing live. Also built a free lab so you can try it new ep 👇 🎥 Video youtu.be/w7cH0xZp5oc 💻 Lab: app.hackinghub.io/hubs/ecorp-ai
YouTube video
YouTube
Ben Sadeghipour tweet media
English
4
16
194
11.2K
Vix
Vix@VixWizzer·
so uh my PR just merged into Internal All The Things, well that's pretty cool. I'll do more ig. btw this is what I edited if you're curious about it: swisskyrepo.github.io/InternalAllThe…
English
0
0
0
23
Vix
Vix@VixWizzer·
I was reading Pentesting Azure by David and Karl, some parts are deprecated as of now, so I made a tool that's not being maintained. The tool is pretty simple and it's something I'll actually use it. Like it or hate it, idk what I'm doing. More tools? github.com/V1xW1zz3r/azur…
English
0
0
1
60
Vix retweetledi
sudox
sudox@kmcnam1·
sudox tweet media
ZXX
14
17
198
4.4K