Ivan Kwiatkowski @JusticeRage Twitter profile

Pinned Tweet

Ivan Kwiatkowski

3 years

I've been working on this for 5 years, and it's finally out! I wrote a dark fantasy book (no computers involved), and it's the hardest thing I have ever done. I'm extremely proud of the final result. (But it's in French, for now.)

27

35

166

Last Seen Profiles

@acitrano

@SoftballLeopard

@KWP_RdamTalent

@GrandRedha

@PunBandhu

@lucky_nnagozie

@Yuuki_Channn

@FRAdioanstalt

@NeuroMaliki

@bodyouwant

@werdnA626

@JohnELTenney

@RealBbPilipinas

@applemintey

@RadioFerret

@SirioMgs

@karlssaturn

@_enebro

@lul_2314

@Cattycanela1604

@tlpq1

@v1kkko

@efgullett

@Adekunle_Skynet

@acstrasbourg

@icowid

@mhume615

@rs_loves_bugs

@benny7gg

@netsafeNZ

@franceshye

@gaeuIw

@andrewblance

@yingbingmu60605

@kasumimori1st

@b_bobby08

Ivan Kwiatkowski

@JusticeRage

1 year

Step 1: open a binary in IDA and press F5 Step 2: paste the decompiled code into OpenAI's chatbot Someone's job just got way easier.

66

888

5K

Ivan Kwiatkowski

@JusticeRage

1 year

I wrote an IDA plugin that queries #ChatGPT and explains decompiled functions. It's still very bleeding edge, but you can find the code here and try it out: (Yes, the video was performed on a very basic case for simplicity's sake.)

22

383

1K

Ivan Kwiatkowski

@JusticeRage

3 years

As a reverse engineer, the most difficult part of my job remains to figure out how to format tables in Microsoft Word when I'm writing reports.

32

97

1K

Ivan Kwiatkowski

@JusticeRage

1 year

Kaspersky released a new blogpost today, documenting an iOS 0day + zero-click exploit used to target cybersecurity researchers. The scope and full victimology are still unknown.

Operation Triangulation: iOS devices targeted with previously unknown malware

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices...

securelist.com

10

240

673

Ivan Kwiatkowski

@JusticeRage

4 years

I'll just leave this here.

18

218

568

Ivan Kwiatkowski

@JusticeRage

7 years

Nobody wants to use GPG. Not even Nigerian scammers who have a victim on the hook ☹️

15

236

491

Ivan Kwiatkowski

@JusticeRage

3 years

We released two videos for free from our online reverse engineering course. They focus on Go malware (Sunshuttle). Almost 2 hours of premium IDA Pro entertainment!

Reversing in action: Golang malware used in the SolarWinds attack....

This video is a continuation of the newly launched bonus track in the Targeted Malware Reverse Engineering training course from Kaspersky GReAT’s Senior Secu...

www.youtube.com

5

182

501

Ivan Kwiatkowski

@JusticeRage

3 years

We created cheat sheets for IDA Pro and x64dbg for our online course recently, and were authorized to share them with everyone! The aim was to list all hotkeys that we use on a daily basis, i.e. only those we feel are worth learning. I hope you find them useful!

5

192

484

Ivan Kwiatkowski

@JusticeRage

1 year

@RemyBuisine J'ai mis en place hier soir au cas où cela se produirait, à afficher avec un téléphone portable !

19

170

433

Ivan Kwiatkowski

@JusticeRage

1 month

Interesting trick used by scammers over DMs. They invite you to click on a link which appears to lead to the calendly website, but if you check the resulting URL, you will end up somewhere else (i.e., hxxps://calindaly[.]com/). How does this work?

11

100

447

Ivan Kwiatkowski

@JusticeRage

6 years

Malware writing #ProTip : do not compile samples on your home machine.

16

196

409

Ivan Kwiatkowski

@JusticeRage

1 month

This fools Twitter's card generation into displaying a false URL. Long story short, you can't trust Twitter's previews, don't click on links sent by strangers and if you can't help yourself, double check where you land.

6

64

392

Ivan Kwiatkowski

@JusticeRage

3 years

The CRAZIEST thing just happened to me! (cc @signalapp )

15

44

379

Ivan Kwiatkowski

@JusticeRage

2 years

I have written a personal statement about the war in Ukraine, recent criticism about Kaspersky and its founder. Those words were written from the heart. I humbly hope they give you pause. I am staying in GReAT, and here is why. (FR version coming soon.)

Here we go again

Hey everyone. I haven’t posted here in a while. The world made no sense the last time I did, and it makes even less sense now. That translates (among other things) to people being crazier on the...

blog.kwiatkowski.fr

55

98

381

Ivan Kwiatkowski

@JusticeRage

2 months

We're releasing our analysis of the I-Soon leak. As the title implies, it's *extremely* comprehensive. My longest 🧵 ever follows.

A comprehensive analysis of I-Soon's commercial offering

Identifier: TRR240301. Key Findings I-Soon’s commercial offering reveals that their main issue is processing collected data, not breaching their targets in the first place. Their products leverage...

harfanglab.io

4

138

354

Ivan Kwiatkowski

@JusticeRage

3 years

Our online reverse-engineering / malware analysis course (intermediate level) is finally launching! @legezo and I have been working on it almost exclusively for 6 months now. 50+h of video, 100h of virtual lab time, 10 real-life APT malware cases.

Targeted malware | reverse engineering - Kaspersky Expert Training | Online Cybersecurity Courses

Skilled reverse engineers aren’t born – they’re made by experience. If you are a cybersecurity specialist with a good understanding of malware analysis methodologies & tools and are looking for more...

xtraining.kaspersky.com

8

111

333

Ivan Kwiatkowski

@JusticeRage

5 months

Problem: deep enough home server racks are super expensive and difficult to source. Solution: introducing the IKEA GhettoRåck™️, made out of: - 2x BESTÅ cabinets - 2x MÖRTVIKEN doors A 10-ish U rack for under 300€, coming to your garages everywhere.

16

25

321

Ivan Kwiatkowski

@JusticeRage

1 year

A lot of the value I bring to any company comes in the form of entertainment, specifically through an endless stream of salty emails. AI just made me obsolete. All hail our new robot overlords.

7

50

311

Ivan Kwiatkowski

@JusticeRage

3 years

"Hi, I see you're into reverse-engineering too!"

10

26

302

Ivan Kwiatkowski

@JusticeRage

5 years

Webcam defense in depth.

9

53

261

Ivan Kwiatkowski

@JusticeRage

3 years

@signalapp Unbelievable indeed.

6

13

258

Ivan Kwiatkowski

@JusticeRage

1 month

A normal request to the website returns HTML content as you would expect (1st screenshot). But if you change your user-agent to TwitterBot (the one used when generating cards), watch what happens (second screenshot). The server sends a second redirect to the legitimate site.

4

18

264

Ivan Kwiatkowski

@JusticeRage

2 years

New blog post about an UEFI firmware bootkit! Research was led by our dearly missed @_marklech_

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor.

securelist.com

1

126

258

Ivan Kwiatkowski

@JusticeRage

3 years

An update to my 0day handling ethics mind-map for cybersecurity researchers. Version 1.0 did not account for the possibility of becoming accessory to murder. What a silly oversight on my part.

5

77

242

Ivan Kwiatkowski

@JusticeRage

10 months

Personal news: I have resigned from my position in @Kaspersky 's GReAT team. I'm very grateful for my time there and everything the team accomplished. I don't have any reason to believe anything I wrote about the company was untrue at the time I wrote it. I will now take a…

26

12

228

Ivan Kwiatkowski

@JusticeRage

6 years

Hey Twitter. Did anyone ever find out why TrueCrypt shut down operations back in 2014? We never got answers, but I need closure.

11

56

204

Ivan Kwiatkowski

@JusticeRage

6 years

Curl is being introduced as a standard windows command line tool! Malware authors all over the world must be extatic; stage 1s are going to get smaller.

4

132

197

Ivan Kwiatkowski

@JusticeRage

7 years

New blog post: a full Process Hollowing / Manalyze tutorial.

0

131

191

Ivan Kwiatkowski

@JusticeRage

4 months

RCE in Redis < 7.2.4 (CVE-2023-41056) I haven't seen a lot of noise about this one. Redis is everywhere (NextCloud, Mastodon, GitLab...) – if you're using it, patch now, but I also expect to see a lot of second-degree exploitation with this one.

Certain sequence of payloads may lead to remote code execution

### Impact In some cases, Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execu...

github.com

2

73

194

Ivan Kwiatkowski

@JusticeRage

5 years

New release: a Python script to catch careless intruders on your machines by "booby-trapping" binaries.

1

68

177

Ivan Kwiatkowski

@JusticeRage

4 years

Our research on the new(?) mercenary APT DeathStalker is finally out! Please take a look if you're interested in Evilnum or Janicab! (cc @securechicken )

Lifting the veil on DeathStalker, a mercenary triumvirate

DeathStalker is a group of mercenaries offering hacking-for-hire services, or acting as some sort of information broker in financial circles.

securelist.com

2

104

172

Ivan Kwiatkowski

@JusticeRage

7 years

New script: a multi-threaded site mapper in Python. #crawling #pentest

1

91

163

Ivan Kwiatkowski

@JusticeRage

6 months

I have the pleasure to announce I'm joining @HarfangLab as Lead Cyber Threat Researcher starting tomorrow! I'll be working on APTs from everywhere, reversing malware, writing FOSS tools and blog posts!

20

5

164

Ivan Kwiatkowski

@JusticeRage

3 years

Not to bash on a single individual, which accomplishes nothing - but this is exactly why there is a need for more discussion about ethics in infosec. Take a minute to think about how your actions have impacted "human and women rights" and "free speech" in 2021.

15

28

162

Ivan Kwiatkowski

@JusticeRage

4 years

We're very happy that this research is released: In it, @felixaime , @securechicken and I discuss the connection between the VHD ransomware and the Lazarus group. This work was made possible with huge help from Kaspersky's GERT (IR) team.

Lazarus on the hunt for big game

By investigating a number of targeted ransomware attacks and through discussions with some of our trusted industry partners, we feel that we now have a good grasp on how the ransomware ecosystem is...

securelist.com

1

81

152

Ivan Kwiatkowski

@JusticeRage

28 days

On March 25, the FBI released an indictment of APT31 hackers. We read it carefully to find new intel, and managed to connect a few dots (including about the RAWDOOR malware family). Full article and IOCs:

Analysis of the APT31 indictment

Identifier: TRR240401 On March 25, 2024, the U.S. Department of Justice (DoJ) released an indictment of seven hackers associated with APT31, a “hacking group in support of China’s Ministry of State...

harfanglab.io

2

75

155

Ivan Kwiatkowski

@JusticeRage

7 years

This #MrRobot episode is the gift that keeps on giving! leads to and also:

1

52

142

Ivan Kwiatkowski

@JusticeRage

1 year

Hahaha, gotcha #ChatGPT ! They've been patching loads of jailbreaks as they are found, but the possibilities are endless.

6

29

146

Ivan Kwiatkowski

@JusticeRage

11 months

Okay Twitter 😶 Sorry non-French speakers, I can't translate this tweet considering how heinous it is. Imagine a hatred bingo combining the N-word, call for violence and nazism.

16

60

144

Ivan Kwiatkowski

@JusticeRage

3 years

A few days ago, I contributed an IDA Pro script which extracts type information from Go binaries to @juanandres_gs ' AlphaGolang repository. We just released an article that gives background on how this works: Code:

GitHub - SentineLabs/AlphaGolang: IDApython Scripts for Analyzing Golang Binaries

IDApython Scripts for Analyzing Golang Binaries. Contribute to SentineLabs/AlphaGolang development by creating an account on GitHub.

github.com

0

60

141

Ivan Kwiatkowski

@JusticeRage

4 years

I've added a script to Manalyze which plots the compilation timestamps of a PE collection: Credit goes to @x0rz for the pretty charts.

2

38

134

Ivan Kwiatkowski

@JusticeRage

2 months

We're silently moving from a "everyone is vulnerable" world to a "everyone is backdoored" world.

5

14

131

Ivan Kwiatkowski

@JusticeRage

2 years

I feel like there's a need to clarify what is going on here, it's an interesting anti-sandbox trick. The SeShutdownPrivilege string is constructed on the stack dynamically, in particular the program uses the first letter of its filename as an index in the string.

Lexsek

@Lexsek_

2 years

If you analyze HermeticWiper ( 61b25d11392172e587d8da3045812a66c3385451) and you are a beginner to malware RE, be careful to your sample name. Sometimes, it breaks or modifies the behavior of the malware. #HermeticWiper #malware

2

34

134

1

39

125

Ivan Kwiatkowski

@JusticeRage

6 years

Me discovering the Threat Intelligence world.

2

32

121

Ivan Kwiatkowski

@JusticeRage

4 months

I wrote my first blog post with @harfanglab : a primer on reverse engineering .NET AOT applications. This will be interesting to people who never created FLAIR signatures in IDA.

An introduction to reverse engineering .NET AOT applications

About a month ago, we started seeing reports on activities from DuckTail , a cybercrime outfit reportedly based in Vietnam. Detonating one of the samples, we observed that a new account was being...

harfanglab.io

1

61

120

Ivan Kwiatkowski

@JusticeRage

6 years

Ping to all hash crackers: @trustedsec has just released a great set of scripts at . - Wordlist deduplication - Analysis of already cracked hashes - Launches all the run-of-the-mill attacks from a single command And a lot of other goodies.

0

51

118

Ivan Kwiatkowski

@JusticeRage

7 years

Interesting points on where to host a cybercrime discussion by Fadli Sidek #HITBGSEC17

4

46

113

Ivan Kwiatkowski

@JusticeRage

4 months

Hidden gem in @DonnchaC 's #37C3 talk on Predator spyware: state actors could generate @letsencrypt certificates for any website by using their MitM capabilities at ISP level to complete verification challenges (both HTTP and DNS I expect). CT may be the only way to detect this.

2

39

115

Ivan Kwiatkowski

@JusticeRage

6 years

Spotted: a French website impersonates @KeePass at , bundles it with adware () and worst of all (apologies to non-French speaking readers):

12

136

112

Ivan Kwiatkowski

@JusticeRage

4 months

New research from our team (h/t @securechicken ): Compromised routers leveraged as malicious infrastructure to target government organizations in Europe and Caucasus (possible APT28 activity)

Compromised routers are still leveraged as malicious infrastructure to target government organiza...

La campagne malveillante décrite exploite des messages de hameçonnage ciblés pour inciter des destinataires à visiter une page Web et ouvrir un raccourci Windows malveillant. Ce dernier permet alors...

harfanglab.io

2

59

112

Ivan Kwiatkowski

@JusticeRage

3 years

In the interest of supporting the discussion on the ethics of releasing PoCs for critical vulnerabilities, I created the following mind map. It is merely meant as a listing of the available options and associated consequences. No judgement intended.

5

37

110

Ivan Kwiatkowski

@JusticeRage

7 years

Well hello Iranian internet,, nice to meet you too.

4

67

102

Ivan Kwiatkowski

@JusticeRage

6 years

What have we done?

9

44

108

Ivan Kwiatkowski

@JusticeRage

5 years

I have stumbled onto something interesting while working on PE resource timestamps. It seems that a build chain, somewhere, is using local (non-UTC+0) timestamps for resources, which can help determine where the binary is compiled. Is this something known?

2

43

106

Ivan Kwiatkowski

@JusticeRage

4 months

New blog post: "So you want to work in cybersecurity". Every time I post research here, I get DMs asking how to get into cybersecurity. Instead of repeating myself ad nauseam, I wrote down all my thoughts on the subject here: Personal opinion obviously.

So you want to work in cybersecurity

Whenever I post research on X/Twitter, and also at other random times, I get DMs from people who are interested in starting a career in the field. It’s not like I’m Internet’s guidance counselor or...

blog.kwiatkowski.fr

5

39

108

Ivan Kwiatkowski

@JusticeRage

2 years

A few minutes ago at BotConf, I shared a script to import and export Twitter blocklists. I use it to block advertisers on the platform! Find my code and current list here:

GitHub - JusticeRage/twitter-blocklist: A crowdsourced list of undesirable Twitter accounts

A crowdsourced list of undesirable Twitter accounts - JusticeRage/twitter-blocklist

github.com

5

26

105

Ivan Kwiatkowski

@JusticeRage

3 months

The #ISoon leak confirms beyond the shadow of a doubt USG's attribution of APT41 activities to Chengdu 404! ISoon is quite amused by it too!

0

26

105

Ivan Kwiatkowski

@JusticeRage

3 months

We're working on a huge report. It's coming #isoon .

3

5

102

Ivan Kwiatkowski

@JusticeRage

3 years

For the record, this is a clear misrepresentation of my teammates' research. 1) We did *not* attribute these samples to any organization. 2) Lambert is *not* an internal name for the CIA. If you're going to attribute attacks, do it in your own name.

0

45

100

Ivan Kwiatkowski

@JusticeRage

5 years

New release: a python script that uses SMART data to detect evil maid attacks.

0

66

91

Ivan Kwiatkowski

@JusticeRage

7 years

#SSTIC Deauthenticating the railgun to prevent @x0rz from being shot on stage.

7

29

93

Ivan Kwiatkowski

@JusticeRage

2 years

Our reverse-engineering course has been out for a few months now, and the feedback is amazing :) If you haven't checked it out, there's IDA scripting, mock C2 development, hardcore deobfuscation and even Go. Feel free to DM me with any question!

Targeted malware | reverse engineering - Kaspersky Expert Training | Online Cybersecurity Courses

Skilled reverse engineers aren’t born – they’re made by experience. If you are a cybersecurity specialist with a good understanding of malware analysis methodologies & tools and are looking for more...

xtraining.kaspersky.com

Farenain

@Farenain

2 years

So after finishing another video from @kaspersky malware training, I've implemented the commands from Lazarus sample in the C2 emulator, it was pretty interesting learning about this topic, thanks to @JusticeRage for the extra exercise.

2

8

48

3

23

96

Ivan Kwiatkowski

@JusticeRage

3 years

I hear a lot of people are looking for Pegasus samples. Dear @ANSSI_FR , please buy the product, get all 0days patched, leak the tools and infra. Burn them to the ground and I swear I will never ever complain again about how my tax money is spent.

3

14

95

Ivan Kwiatkowski

@JusticeRage

2 years

To be fair, anti-cheat usually only has a single process to protect, which its developers fully own. EDR and endpoint solutions have to defend whole systems that they have zero control over, which is a much more difficult task. We welcome constructive feedback from game hackers!

GuidedHacking

@GuidedHacking

2 years

bypassing anticheat is harder than bypassing EDR infosec is cucked by cheat engine users your entire industry is a joke

0

59

386

2

11

95

Ivan Kwiatkowski

@JusticeRage

5 years

Our team has been investigating #LockerGoga and we can assess with medium confidence that it is linked to GrimSpider. We believe a Cobalt Strike / meterpreter combination is used during the post-exploitation phase. C2s use the default SSL certificate on port 443 ;)

5

57

92

Ivan Kwiatkowski

@JusticeRage

6 years

This has to be the dumbest "forgotten password" form that was ever written. There aren't enough facepalm gifs in the whole Internet to convey how I feel.

6

28

93

Ivan Kwiatkowski

@JusticeRage

7 years

I just realized that XORing a string with 32 (0x20) toggles capitalization. I feel both amazed and stupid.

9

35

90

Ivan Kwiatkowski

@JusticeRage

7 years

Following @ropnop 's article on TTYs, I've written an encrypted Python reverse shell!

GitHub - JusticeRage/freedomfighting: A collection of scripts which may come in handy during your...

A collection of scripts which may come in handy during your freedom fighting activities. - JusticeRage/freedomfighting

github.com

1

55

87

Ivan Kwiatkowski

@JusticeRage

4 months

#100DaysofYARA I created a web service that allows you to verify on which yara versions your rule compiles. In the past, shipping rules to customers, I wondered if there were limitations but couldn't find out easily. Now I can.

2

35

88

Ivan Kwiatkowski

@JusticeRage

5 years

It just seems easier to get a WPA handshake and bruteforce the password, now that you know it's 10 digits.

2

21

85

Ivan Kwiatkowski

@JusticeRage

4 months

List of Ivanti / PulseSecure C2s we discovered (h/t @securechicken ): 146.0.228[.]66:1080/assets/js/xml.php 146.0.228[.]66:1080/css/chat.jsp 146.0.228[.]66:8111/css/chat.jsp 152.32.128[.]64 154.223.17[.]218 159.65.130[.]146:80 159.65.130[.]146:80/index 35.201.216[.]249:80/index…

1

17

82

Ivan Kwiatkowski

@JusticeRage

6 years

I just stumbled on to this very interesting Linux post-exploitation talk by @_ta0 : It's full of hidden gems, I'll be watching it again so I can take notes.

SteelCon 2018 Track 2 Livestream

This is the live stream to SteelCon track 2.Schedule: https://www.steelcon.info/the-event/talk-schedule/

www.youtube.com

0

44

80

Ivan Kwiatkowski

@JusticeRage

1 year

Alright. Is it maybe time to talk about using *local* password managers instead of cloud-based ones? Yes, they're better than no password manager, but come on. Don't trust anyone with such sensitive data as your passwords.

Lastpass: Hackers stole customer vault data in cloud storage breach

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident.

www.bleepingcomputer.com

7

31

82

Ivan Kwiatkowski

@JusticeRage

7 years

I added a script which automatically shelljacks (log term) into users who SSH into a box to my repo! cc @emptymonkey

2

35

78

Ivan Kwiatkowski

@JusticeRage

4 years

This has got to be the best caption I've ever seen in an malware analysis post.

2

21

75

Ivan Kwiatkowski

@JusticeRage

1 year

Dear @HexRaysSA , considering that you won't allow me to renew my licence, I'd appreciate it if you either: a) Granted me an OSS dev license, considering the value I bring to your customers for free b) Refrained from using my work for PR purposes Cheers

Hex-Rays SA

@HexRaysSA

1 year

#Gepetto keeps the first position for the second month in a row! Good job @JusticeRage 👏 Got a plugin that could be on the top of the chart? Publish it, and let’s see 🌐 #IDAPlugin #PluginRoundup #IDAPro #IDAPython

1

3

18

5

11

76

Ivan Kwiatkowski

@JusticeRage

2 years

Very unhappy and disappointed by this move from @HexRaysSA . During trainings, how can I justify the investment for newcomers if now they can't use the software after a year?

7

15

74

Ivan Kwiatkowski

@JusticeRage

3 years

@x0rz *Looks at bio* "Human & Women's Rights - Free Speech Activist" selling 0days to Zerodium Yup, that seems about right.

3

8

73

Ivan Kwiatkowski

@JusticeRage

3 months

New research: our team at @harfanglab just published an investigation into possible Arid Viper (but definitely Hamas-related) activity against 🇮🇱 targets, based on a tip from @NicoleFishi19 . We analyzed the malware (including 2 wipers) & IW aspect:

2

31

74

Ivan Kwiatkowski

@JusticeRage

1 year

New feature added moments ago: @OpenAI 's #ChatGPT now automatically renames variables in the pseudocode view. (Video slightly edited to cut loading times.) Keep in mind that this is only the work of a single week-end! This thing is only getting started.

2

9

72

Ivan Kwiatkowski

@JusticeRage

3 years

I showed this tip to a friend today, and thought maybe it could be useful to other people. Problem: how to write Yara rules that match a given ASM snippet? Answer in three steps. 1) Open a random program with x64dbg. Break anywhere, entry point is fine.

7

29

71

Ivan Kwiatkowski

@JusticeRage

4 years

Here's an interesting paper on APT campaign modeling: I like that it focuses on the attacker's lifecycle inside the victim's network.

0

28

67

Ivan Kwiatkowski

@JusticeRage

7 years

I had a Raspberry sitting in a drawer. Just installed Pi-Hole and it looks great!

4

33

65

Ivan Kwiatkowski

@JusticeRage

3 years

This tweet was deleted in silent shame, but I feel that it should be recorded somewhere for future generations.

3

34

66

Ivan Kwiatkowski

@JusticeRage

2 years

Pro reverse-engineering tip: don't spend too much time looking at code located in kernel32.dll as this can lead to significant lost time and ridicule on Twitter.

4

5

66

Ivan Kwiatkowski

@JusticeRage

3 years

When debugging DLLs, I often need to go back and forth between @x64dbg and IDA. So far, here is the quickest way I have found to convert addresses. Is there a better one?

7

25

67

Ivan Kwiatkowski

@JusticeRage

2 years

I'm very happy to share a project I've been working on for a long time now. A 🔥 scathing 🔥 three-part series on cryptocurrencies & NFTs. Part I: blockchains and crypto Part II: NFTs Part III: the politics of cryptocurrencies Part I was just released:

3

27

65

Ivan Kwiatkowski

@JusticeRage

8 months

In brain-damaged bug bounty hunter news today, this report that the website of my *open-source program* leaks source code.

6

8

65

Ivan Kwiatkowski

@JusticeRage

5 years

Next week, I'll be speaking @virusbtn about ethics in infosec. Please come, I promise I'll try to make it entertaining.

2

20

64

Ivan Kwiatkowski

@JusticeRage

5 years

The video of my @virusbtn talk on ethics in infosec is now online! Of all the talks I've given, it's the one I find the most important. Thanks again to the organizers for accepting it!

We need to talk - opening a discussion about ethics in infosec

This presentation by Ivan Kwiatkowski was presented at VB2019 in London, UK.Infosec is not like other jobs. We handle personal data, sensitive information, v...

www.youtube.com

2

23

66

Ivan Kwiatkowski

@JusticeRage

3 months

Manalyze is 10 years old today! 🎂 Over time, it has processed over 100 GB of files (that I know of) with no meaningful security issues. I still use it to this day, I know others do too. There's still much I want to do, hopefully in the next 10 years!

GitHub - JusticeRage/Manalyze: A static analyzer for PE executables.

A static analyzer for PE executables. Contribute to JusticeRage/Manalyze development by creating an account on GitHub.

github.com

0

19

63

Ivan Kwiatkowski

@JusticeRage

3 years

Very happy to share the results of a new investigation with @_marklech_ and @securechicken ! In this case, we talk more about the things we don't know than the things we do, which is a huge part of threat intelligence. I hope you enjoy the read!

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

securelist.com

1

38

63

Ivan Kwiatkowski

@JusticeRage

2 months

You might have heard about a "massive" ongoing attack on FR government websites. Here's some context. 1) Anonymous Sudan claimed the attack. It's a hacktivist group which has consistently aligned with 🇷🇺 interests – to the point of being suspected of being a front for RU psyops

1

24

61

Ivan Kwiatkowski

@JusticeRage

6 years

Well well well. Seems like actors are trying to split the #NetNeutrality hashtag to prevent it from trending. Background on this technique:

3

47

56

Ivan Kwiatkowski

@JusticeRage

7 years

I just added new Yara rules to Manalyze based on an idea by @cyb3rops . Idea: detect xor'd function names.

2

24

58

Ivan Kwiatkowski

@JusticeRage

2 years

Oh wow, @Qualys disclosed an LPE affecting polkit, preinstalled on every major Linux distribution. Patch your systems!

0

31

57

Ivan Kwiatkowski

@JusticeRage

3 years

There's currently a summer sale on our online reverse-engineering training! The price dropped by over 25% for this month: please check it out if you were considering it before! DMs are open if you have any questions about the course.

Targeted malware | reverse engineering - Kaspersky Expert Training | Online Cybersecurity Courses

Skilled reverse engineers aren’t born – they’re made by experience. If you are a cybersecurity specialist with a good understanding of malware analysis methodologies & tools and are looking for more...

xtraining.kaspersky.com

1

21

56

Ivan Kwiatkowski

@JusticeRage

1 year

Big update to #Gepetto today, with support for GPT-4! This will only work if you have access to the corresponding API (via a waiting list AFAIK). Lots of refactoring in preparation for more features, so it might be a little bleeding edge!

1

16

55

Ivan Kwiatkowski

@JusticeRage

1 year

Takeaways of the war in Ukraine for the cybersecurity community: I contributed to this article along with @craiu and @securechicken . As with any analysis piece, there's some deal of personal opinion in there, so I'm very interested in other assessments.

Reassessing cyberwarfare. Lessons learned in 2022

In this report, we propose to go over the various activities that were observed in cyberspace in relation to the conflict in Ukraine, understand their meaning in the context of the current conflict,...

securelist.com

0

21

49