Shmuel Cohen

81 posts

Shmuel Cohen

@_BinWalker_

Former Security researcher @SafeBreach | Former malware researcher @_CPResearch_ | 3x BlackHat speaker | DEFCON speaker | SecTor speaker

Katılım Eylül 2018

246 Takip Edilen259 Takipçiler

Sabitlenmiş Tweet

Shmuel Cohen@_BinWalker_·19 Nis

If you heard about my research "The Dark Side of EDR: Repurpose EDR as Offensive tool" Make sure you also check out my tool :) github.com/SafeBreach-Lab…

English

162

17.7K

Shmuel Cohen@_BinWalker_·24 Tem

@alon_leviev @PwnieAwards Oh that’s look very interesting 👀 👀 Can’t wait to hear more about it

English

114

Shmuel Cohen retweetledi

Alon Leviev@alon_leviev·14 Tem

Our research on BitLocker got nominated for not one but TWO Pwnie Awards - “Best Desktop Bug” and “Most Innovative Research”! Happy for the 3rd Pwnie Award nomination in two consecutive years @PwnieAwards !

English

3.5K

Shmuel Cohen@_BinWalker_·15 May

@alon_leviev @NetanelBenSimon @BlackHatEvents That’s amazing news Well done 💪🏼💪🏼

English

112

Alon Leviev@alon_leviev·15 May

I am beyond thrilled to share that @NetanelBenSimon and I have been accepted to present at @BlackHatEvents USA 2025! We will present our talk "BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets", where we share our VR journey of WinRE! See you there! #BHUSA

English

4.2K

Shmuel Cohen@_BinWalker_·27 Nis

@PsExec64 How the hell PaloAlto is rated as A? You can literally change your ransom binary to be something like “explorer.exe” and it will bypass Cortex completely (You can read more about it with my CortexVortex research)

English

1.1K

Shmuel Cohen@_BinWalker_·8 Nis

@theXappy 😂😂😂

QME

Xappy@theXappy·7 Nis

"Mark of the Web" sounds way too cool for what it really is

English

Shmuel Cohen@_BinWalker_·12 Şub

@nirohfeld As always, great findings, and a super cool blogpost! keep up the good work ;)

English

114

Nir Ohfeld@nirohfeld·12 Şub

Thrilled to finally share this—one of the coolest container escapes I’ve seen! 🔥 wiz.io/blog/nvidia-ai… A subtle logic bug that lets you break out to the host on ANY NVIDIA GPU-supported container 🤯 Can’t believe we had to sit on the technical details for so long! Incredible research by @shirtamari @ronenshh @AndresRiancho

GIF

Ronen Shustin@ronenshh

A couple of months ago, we at @wiz_io discovered a container escape vulnerability in the NVIDIA Container Toolkit, which impacts many cloud and AI SaaS providers. We're finally able to share the technical details. wiz.io/blog/nvidia-ai…

English

Shmuel Cohen@_BinWalker_·6 Ara

@theXappy The official name of this behavior is RVO (Return Value Optimization)

English

Xappy@theXappy·5 Ara

TIL: If you "return a struct" from a C/++ function, and it's larger then 8 bytes, it becomes a by-ref argument. Caller created an empty struct -> Passes pointer to the func, as the last arg -> func populated the pointed struct. * at least for MSVC for x64

English

211

Shmuel Cohen retweetledi

Binni Shah@binitamshah·26 Eki

Windows Downdate : Downgrade Attacks Using Windows Updates : safebreach.com/blog/downgrade… Slides : i.blackhat.com/BH-US-24/Prese…

English

Shmuel Cohen retweetledi

Alon Leviev@alon_leviev·17 Eki

My DEF CON 32 talk “Windows Downdate: Downgrade Attacks Using Windows Updates” is live on YouTube! youtu.be/HHmxuxQ7bE8?si…

YouTube

English

287

24.4K

Shmuel Cohen retweetledi

Or Yair@oryair1999·1 Eyl

If you're into researching Google's Quick Share, don't forget to check out QuickShell! It implements the RCE chain we found and tools allowing to sniff, receive and send the protocol's packets, fuzz the protocol, exploit vulnerabilities we found and more! github.com/SafeBreach-Lab…

English

12.2K

Shmuel Cohen@_BinWalker_·27 Ağu

It looks like we finally got POC for CVE-2024-38063 Check it out, looks good github.com/ynwarcs/CVE-20…

English

270

Shmuel Cohen retweetledi

Alon Leviev@alon_leviev·16 Ağu

Had the best time presenting Windows Downdate at @BlackHatEvents USA and @defcon 32, thank you all for joining. Windows Downdate is now live! Blog - safebreach.com/blog/downgrade… GitHub repo - github.com/SafeBreach-Lab… #BHUSA #DEFCON32

English

6.5K

Shmuel Cohen retweetledi

Or Yair@oryair1999·15 Ağu

I had the best time presenting QuickShell with @_BinWalker_ at @defcon !! 👨‍💻🥷 True enthusiasts in this conference you just can't ask for a better audience as a speaker Blogpost is live - safebreach.com/blog/rce-attac… And don't forget to check out the tool - github.com/SafeBreach-Lab…

English

658

Shmuel Cohen retweetledi

Alon Leviev@alon_leviev·7 Ağu

Reminder: tomorrow at @BlackHatEvents 10:20 AM in Oceanside A - I will be sharing my journey of researching downgrade attacks on Windows and their severe implications on Windows’s platform security. Join my talk “Windows Downdate: Downgrade Attacks Using Windows Updates” #BHUSA

English

2.1K

Shmuel Cohen@_BinWalker_·24 Tem

@_0xDeku That's amazing!!

English

105

Alon Leviev@alon_leviev·24 Tem

Super excited that my research on Windows downgrade attacks has been nominated for the most epic achievement pwnie award!

Pwnie Awards@PwnieAwards

🚨We are very pleased to announce the nominees for the 2024 Pwnie Awards! Be sure to tag your friends and catch us at Def Con! 🚨 🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇 docs.google.com/document/d/13J…

English

4.1K

Shmuel Cohen@_BinWalker_·3 Tem

@chompie1337

QME

205

chompie@chompie1337·3 Tem

since MS doesn’t consider Admin to Kernel a boundary then is it chill to publish about one without telling them? i know one of you has done this so just give me the tea before I get in trouble

English

345

71K

Shmuel Cohen@_BinWalker_·1 Tem

@_0xDeku 😂😂😂

QME

Alon Leviev@alon_leviev·1 Tem

Just hit the 5-hour work mark and explorer.exe hasn’t crashed even once. Wondering if I should report this bug to MSRC

English

700

Shmuel Cohen@_BinWalker_·10 Haz

It's my honor to present alongside Or. This talk is going to be amazing, I promise ;) See you at #DC32

Or Yair@oryair1999

Honored to announce that @_BinWalker_ and I were accepted to speak at @defcon ! Our research - "QuickShell: Sharing is caring about an RCE attack chain on Quick Share" showcases 10 vulns in Google's Quick Share, chained to a creative RCE attack chain on Quick Share for Windows

English

229

Shmuel Cohen@_BinWalker_·10 Haz

@KMA_Akai Yea sure! safebreach.com/blog/dark-side…

English

Akai 🇻🇳@KMA_Akai·30 May

@_BinWalker_ great, can u share your presentation?

English

Shmuel Cohen@_BinWalker_·19 Nis

Make sure you read this cool article about my recent research "The dark side of EDR: repurpose EDR as an offensive tool"

Dark Reading@DarkReading

Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware: informatech.co/3U8BsWu by Nate Nelson

English

528

Shmuel Cohen@_BinWalker_·10 Haz

ProcessHacker is now called SystemInformer, and it looks just amazing with lots of new features. Make sure you check it out if you use the old ProcessHacker: github.com/winsiderss/sys…

English

217

Keşfet

@alon_leviev @PwnieAwards @NetanelBenSimon @BlackHatEvents @PsExec64 @theXappy @nirohfeld @shirtamari