︎

@crazyrdp @YogSoth0 just some AI generated nonsense sadly

@YogSoth0 doesn't HVCI block all 4 of these drivers before they even load? what's the actual use case?

#EDR Killer #2026 — Project "Silent Horizon" Overview Silent Horizon is a sophisticated, BYOVD (Bring Your Own Vulnerable Driver) based EDR (Endpoint Detection and Response) disabler for #Windows 11. It operates at the kernel level by loading a legitimately signed but vulnerable driver, gaining arbitrary kernel memory read/write capabilities, and surgically disabling EDR components from within kernel space — where EDR sensors cannot monitor. Key Features - BYOVD Kernel Access: Supports four vulnerable driver primitives for maximum compatibility - Multi-EDR Targeting: Detects and disables 10+ major EDR products - Comprehensive Disabling: Removes process, thread, and image load callbacks; patches ObRegisterCallbacks; unregisters ETW Threat Intelligence; patches IRP dispatch and DriverObject major functions - Stealth Mode: Minimal output option for operational use - Clean Cleanup: Unloads vulnerable driver and removes registry traces - Pattern Scanning: Dynamic kernel structure discovery via code patterns #security #hacking #0days #malware #drivers

@ludwigABAP please!!!!

i should start a group for people who aren't literally psychotic or completely one-shot some kind of group where only humans who don't have the most brittle and simplistic weltbild, their picture of the world, are allowed in bonus point if youre broad enough to have an interests ranging from branches of theoretical computer science (not just being a compute bag who can write leetcode hards), cognitive science, developmental biology, a penchant for proper abstraction, theory of computation, and actual hobbies that have nothing to do with this (and where the hobby's goal is not about you being a compute bag if possible!) and then we just close off entirely and just collectively block all inputs from retards like this - maybe we have a few tweeners who still take in inputs and report and that's it

@C2IRIS truth nuke

You can call yourself a "security researcher" and make hand-wavy statements about your desire to "improve the cybersecurity ecosystem" or whatever But the bottom line is that what you do is simply part of an assembly line, the end products of which, are tools to hack into computers and take information from them The only legitimate customer for this end-product are governments. "red teaming" is dead/dying. reduced to a dumb box checking/compliance exercise. so glad that we pivoted away from that business. Anyway... If you want your work to be truly valued, rather than, idk, being fired for finding too many vulns, then you should bring your talents to a company that actually pays the rent by producing hacking tools for (at least from my point of view) Western governments It's time to get over the lolbertarian delusional privacy activism schtick and just take pride in the fact that you are a hacker

@onehappyfellow And baby rudin for a bit of a primer on metric spaces & topology

@onehappyfellow Read Munkres for Topology

taking 2 week vacation soon. no plans other than chilling, swimming and reading. which maths book could I go through during that time? it's hard to answer in the abstract so read on for details

@gizmobly tbh the nice outdoor spaces are REALLY nice

I guess London is worse because of all the pollution and grime and poor urban planning, though

My timeline is complaining about the heat in the UK but tbh it's just pleasant for once Like, one of the only times in the last 8 months it's been nice and enjoyable

🔺NEW: Formally verified post-quantum ML-KEM and ML-DSA in corecrypto, with correctness proven from the FIPS spec down to hand-optimized ARM64 assembly — a world first at multi-billion device scale. And we're releasing our Isabelle libraries, ARM64 model, and Cryptol-to-Isabelle translator to advance the state of the art in verified cryptography! security.apple.com/blog/formal-ve…

people are too busy in exploring chrome, kernel and other oss CVEs, meanwhile a DOMPurify bypass was silently dropped 👀 github.com/cure53/DOMPuri…

@presilences I lack the words rn to explain my thoughts properly but I know the experience you’re describing

@presilences don’t worry, things will work out :)

My youth to recemt constant ideation of what I should become + depressed + very harsh on myself had me bottle up everything promising myself that one day I would be worthy Had it all wrong what a catastrophic outcome 99% of energy spent being miserable and im blind to how I feel

idk if it’s being jaded or coping or what but my idea of success has changed so much as I’ve grown older i can do the things that give me joy but being competitive for the sake of it - acting like there’s a competition at all - feels so useless to me now

@bubbleboi ive been following you the whole time and this arc was crazy very happy for you though :)

He was broke, jobless, and nothing was working. Give him millions of dollars for holding Intel stock, see if he loses his mind.

@encrypted_past the latter 🫩

Who the fuck is actually disabling ASLR in 2026? Or are we faking bugs now for funzies?

@evalladen it’s all epistemology

it's interesting how hacking is a global cat and mouse game with states constantly getting and removing advantages over each other with more or less damage in the process what does quant trading and hacking have in common?

If you insist on fully visualizing every piece of math you learn, eventually visualization becomes the ceiling instead of the ladder.

It’s fascinating to me to see a cultural gap between existing computer hackers and bug bounty hunters and people that simply had no ability to surface vulnerabilities in companies meaningfully before LLMs made it as easy as asking a question. Feeling justified dropping an unfixed vulnerability on a company with little or no security posture on Twitter just signals to anyone that’s an adult that you are probably a dumbass. It’s optimising for attention rather than impact. You can report this to the CERT in the relevant country and move on with your day, posting it on Twitter is entirely self-serving and disingenuous. There’s a real decoupling of several things at play, in order to find issues of substance it actually conferred skill (and most likely intellect and critical reasoning skills) and now as that rising tide has lifted all boats you are going to get more and more people that can surface the issue but don’t understand the customs surrounding how vast swathes of this industry function.

there’s actually a specific reason for this phenomenon and it’s scary... the hypothetical is that languages themselves are independent, evolving entities who govern the beings they hijack. the idea is that we don't even own our brains, we’re just biological rentals for a parasite that needs us to keep talking so it doesn’t die.

@thehousefails @orphcorp this is the truth

@orphcorp No dude we are living in an era when no one cares and no one cares and the problem is no one cares.

perhaps we really are living in a cognitive wild west. Most people seem to have near-zero memetic defenses or cognitive security suited for the online age even worse, the expectation of deception & inability to make out what's true, lead to preemptive epistemic surrender

I feel like it kind of gets glossed over that semantic information can be expressed as vectors. That’s surprising, right?

Today is a monumentous day for quantum computing and cryptography. Two breakthrough papers just landed (links in next tweet). Both papers improve Shor's algorithm, infamous for cracking RSA and elliptic curve cryptography. The two results compound, optimising separate layers of the quantum stack. The results are shocking. I expect a narrative shift and a further R&D boost toward post-quantum cryptography. The first paper is by Google Quantum AI. They tackle the (logical) Shor algorithm, tailoring it to crack Bitcoin and Ethereum signatures. The algorithm runs on ~1K logical qubits for the 256-bit elliptic curve secp256k1. Due to the low circuit depth, a fast superconducting computer would recover private keys in minutes. I'm grateful to have joined as a late paper co-author, in large part for the chance to interact with experts and the alpha gleaned from internal discussions. The second paper is by a stealthy startup called Oratomic, with ex-Google and prominent Caltech faculty. Their starting point is Google's improvements to the logical quantum circuit. They then apply improvements at the physical layer, with tricks specific to neutral atom quantum computers. The result estimates that 26,000 atomic qubits are sufficient to break 256-bit elliptic curve signatures. This would be roughly a 40x improvement in physical qubit count over previous state-of-the-art. On the flip side, a single Shor run would take ~10 days due to the relatively slow speed of neutral atoms. Below are my key takeaways. As a disclaimer, I am not a quantum expert. Time is needed for the results to be properly vetted. Based on my interactions with the team, I have faith the Google Quantum AI results are conservative. The Oratomic paper is much harder for me to assess, especially because of the use of more exotic qLDPC codes. I will take it with a grain of salt until the dust settles. → q-day: My confidence in q-day by 2032 has shot up significantly. IMO there's at least a 10% chance that by 2032 a quantum computer recovers a secp256k1 ECDSA private key from an exposed public key. While a cryptographically-relevant quantum computer (CRQC) before 2030 still feels unlikely, now is undoubtedly the time to start preparing. → censorship: The Google paper uses a zero-knowledge (ZK) proof to demonstrate the algorithm's existence without leaking actual optimisations. From now on, assume state-of-the-art algorithms will be censored. There may be self-censorship for moral or commercial reasons, or because of government pressure. A blackout in academic publications would be a tell-tale sign. → cracking time: A superconducting quantum computer, the type Google is building, could crack keys in minutes. This is because the optimised quantum circuit is just 100M Toffoli gates, which is surprisingly shallow. (Toffoli gates are hard because they require production of so-called "magic states".) Toffoli gates would consume ~10 microseconds on a superconducting platform, totalling ~1,000 sec of Shor runtime. → latency optimisations: Two latency optimisations bring key cracking time to single-digit minutes. The first parallelises computation across quantum devices. The second involves feeding the pubkey to the quantum computer mid-flight, after a generic setup phase. → fast- and slow-clock: At first approximation there are two families of quantum computers. The fast-clock flavour, which includes superconducting and photonic architectures, runs at roughly 100 kHz. The slow-clock flavour, which includes trapped ion and neutral atom architectures, runs roughly 1,000x slower (~100 Hz, or ~1 week to crack a single key). → qubit count: The size-optimised variant of the algorithm runs on 1,200 logical qubits. On a superconducting computer with surface code error correction that's roughly 500K physical qubits, a 400:1 physical-to-logical ratio. The surface code is conservative, assuming only four-way nearest-neighbour grid connectivity. It was demonstrated last year by Google on a real quantum computer. → future gains: Low-hanging fruit is still being picked, with at least one of the Google optimisations resulting from a surprisingly simple observation. Interestingly, AI was not (yet!) tasked to find optimisations. This was also the first time authors such as Craig Gidney attacked elliptic curves (as opposed to RSA). Shor logical qubit count could plausibly go under 1K soonish. → error correction: The physical-to-logical ratio for superconducting computers could go under 100:1. For superconducting computers that would be mean ~100K physical qubits for a CRQC, two orders of magnitude away from state of the art. Neutral atoms quantum computers are amenable to error correcting codes other than the surface code. While much slower to run, they can bring down the physical to logical qubit ratio closer to 10:1. → Bitcoin PoW: Commercially-viable Bitcoin PoW via Grover's algorithm is not happening any time soon. We're talking decades, possibly centuries away. This observation should help focus the discussion on ECDSA and Schnorr. (Side note: as unofficial Bitcoin security researcher, I still believe Bitcoin PoW is cooked due to the dwindling security budget.) → team quality: The folks at Google Quantum AI are the real deal. Craig Gidney (@CraigGidney) is arguably the world's top quantum circuit optimisooor. Just last year he squeezed 10x out of Shor for RSA, bringing the physical qubit count down from 10M to 1M. Special thanks to the Google team for patiently answering all my newb questions with detailed, fact-based answers. I was expecting some hype, but found none.