Dave Aitel @daveaitel Twitter profile

Last Seen Profiles

@strange_sher

@thehvacjack

@GetBoxed_

@haru74042718501

@5gatsu_may

@valck770

@KuruparanM

@4AAAAart

@sayuri024991664

@lennard_sga

@bluecrewpod

@Norgesdem

@ron__pl

@ferchinchin

@stw_pdg

@AtWarWithMiSelf

@FortDorchesterH

@LeoPuer34248995

@shadyphilmc

@UnitedOfGIDLE

@evidence_binary

@PazeTweets

@MaruhariBook

@OnlyIshtar

@ottovilleschool

@veillette_pat

@niya04252736533

@priority_n

@bradford_ryland

@AubreyClem50487

@bancolostrapos

@sarathealyonka

@KarenHempel71

@cohaylo

@Alechan_Planet

@NandodeOca

Dave Aitel

@daveaitel

1 month

Nobody wants to say it was probably a Chinese state-sponsored effort for some reason? They were in timezones 8.

hackerfantastic.x

@hackerfantastic

1 month

The author of the 'xz' backdoor commit history and activity shows that they kept office hours mostly. Mon-Fri, every other Saturday, I would imagine some of these would correlate with public holidays as this was clearly not a hobbyist.

26

312

3K

28

116

2K

Dave Aitel

@daveaitel

5 years

I love this shirt !!! ;)

28

176

734

Dave Aitel

@daveaitel

2 years

I need Microsoft to know that nobody ever wanted the NEWS as part of their OS Start menu. In fact, the opposite.

18

43

584

Dave Aitel

@daveaitel

3 years

My 14yo watched a few minutes of my keynote and then opined: "you know fucking nothing about hacking" and then went back to his discord.

18

21

439

Dave Aitel

@daveaitel

3 years

Not worthy

13

48

403

Dave Aitel

@daveaitel

8 years

The FBI has decided the War on Drugs is too winnable and has decided to start a War on Math as a second front.

12

352

386

Dave Aitel

@daveaitel

2 years

It's fairly hard to believe that we didn't know how faulty this technique was. We used it anyway, because it generated the results we wanted.

9

72

304

Dave Aitel

@daveaitel

3 years

My last day at Immunity:

64

28

296

Dave Aitel

@daveaitel

4 years

Just because a vulnerability has not been announced does not mean hackers didn't read your git commit or reverse your patch and have a good giggle.

7

49

257

Dave Aitel

@daveaitel

6 years

lol.jpg

6

88

257

Dave Aitel

@daveaitel

7 years

Most secure computing plans start with "Download PUTTY from some random website on the internet".

7

66

248

Dave Aitel

@daveaitel

4 years

People like to say "data is the new oil" without realizing that means we will be fighting wars over it . . .

22

77

249

Dave Aitel

@daveaitel

2 years

Cyber threat intelligence firms need to start releasing their reports as text files instead of PDFs or web pages because it's very hard to trust that you're not going to get a client-side exploit when you click on them... .

14

31

240

Dave Aitel

@daveaitel

3 months

A lot of people don't realize that the Chinese company that advertised so much during the super bowl also make the corporate choice to burn some 0day to kick the competition off some phones, and Google caught them.

Dave Aitel

@daveaitel

3 months

@mattjay ?

2

17

64

7

84

248

Dave Aitel

@daveaitel

5 years

2

105

232

Dave Aitel

@daveaitel

3 years

Is adding a backdoor to php redundant ?

6

32

239

Dave Aitel

@daveaitel

11 months

My kid WILL attend a fuzzing seminar at his new internship, but he WON'T listen to my talks about fuzzing because "that's for boomers"

17

7

233

Dave Aitel

@daveaitel

3 years

The root cause of all of the insecurity you are seeing in large enterprise products is that nobody is allowed to test them and publish the results. Hence quality is usually very low.

14

51

191

Dave Aitel

@daveaitel

4 years

Did they get this picture from his laptop camera?

12

41

187

Dave Aitel

@daveaitel

3 years

Can we please, for the love of zeus, just have mitre handle a registry of apt cryptonyms so we don't have to say "cozy bear aka apt 29 aka apt41.4 aka helium"?????????????????

29

32

193

Dave Aitel

@daveaitel

3 years

@JonathanPKatz @GreatDismal

Fans can't get over the fact that Dolly Parton produced 'Buffy the Vampire Slayer'

Parton also handed a female producer a check when she found out she wasn't being paid the same as her male co-workers.

www.today.com

2

15

183

Dave Aitel

@daveaitel

4 years

Chrome team didn't put this cpu threshold as user configurable because we would all set it to zero percent.

Ryan Naraine

@ryanaraine

4 years

1

3

33

5

51

184

Dave Aitel

@daveaitel

3 years

I know this is obvious but the reason ppl are lining up to get horse worm medicine is because we spent 2T USD on war in Afghanistan but my kid's high school can't afford a Bunsen burner.

4

41

175

Dave Aitel

@daveaitel

3 years

The whole "We're not going to pay you because of something secret we know you didn't" has always been an abusive clause in the whole bug bounty market and I think it's funny people are just realizing it.

7

17

169

Dave Aitel

@daveaitel

5 years

We lose a lot of people from our community to addiction, so this is my reminder than if you buy the non-alcohol INFILTRATE ticket you get a bracelet and people will avoid pressuring you to drink if they see it. Also works at BH/DC/etc.!

8

39

165

Dave Aitel

@daveaitel

3 years

The real power of any APT is doing all the boring shit. Testing, writing implants for dumb embedded stuff, installing big stupid enterprise software, documenting all the use cases of your tools, etc.

6

42

163

Dave Aitel

@daveaitel

4 years

It's a brand new world for steganography and C2!!!! :)

Nolan O'Brien

@NolanOBrien

4 years

Starting today, Twitter will preserve JPEGs as they are encoded for upload on Twitter for Web. (Caveat, cannot have EXIF orientation) For example: the attached photo is actually a guetzli encoded JPEG at 97% quality with no chroma subsampling.

107

2K

5K

4

58

162

Dave Aitel

@daveaitel

2 years

FWIW the hardest part of finding 0day in Enterprise equipment has always been setting that equipment up and configuring it. Hence, most penetration testing companies have a ton of 0day. If this surprises you or alarms you, then ... 1/45

7

23

162

Dave Aitel

@daveaitel

3 years

For future authors who are confused: I am not "tanned", I am Peruvian. Here I am editing the first Immunity web page at the original Pilosoft data center in Manhattan in the middle of NYC winter.

16

17

162

Dave Aitel

@daveaitel

5 years

Comic that @BradSmi should read when he assumes all live media should be licensed by a country... ;)

3

77

158

Dave Aitel

@daveaitel

2 years

People forget that they are also a Turing machine built on a series of tiny gates never meant to do what they are doing. You are also a beautiful exploit.

5

35

154

Dave Aitel

@daveaitel

3 years

I think a news article that labels "Jetbrains" a "pathway for Russian hackers" needs to be backed up by something more than just anonymous "officials and executives" who received a brief on an "investigation". I think the company deserves facts and evidence.

7

39

160

Dave Aitel

@daveaitel

4 years

I 100% disagree with this guy. What you should really be testing is whether or not the blue team can find something they don't know about

@[email protected]

@DaveMWilburn

4 years

Unpopular opinion: Red teams should use common TTPs used by real world adversaries, and when blue teams win because they have solid, detections for those TTPs, that is a *good* thing. That is what is *supposed* to happen.

18

43

298

24

35

155

Dave Aitel

@daveaitel

3 years

@bibbleco @find_evil I mean, it's literally very very old?

1

0

144

Dave Aitel

@daveaitel

4 years

So I wanted to announce something I've been working on for a little while:

Home

Making big change on a small scale

www.aitelfoundation.org

15

38

149

Dave Aitel

@daveaitel

1 month

@taviso Torvalds and others spell it this way sometimes :)

6

5

140

Dave Aitel

@daveaitel

20 days

Learn whatever you feel compelled to learn. Nobody tells the wildebeest to eat the green grass and nobody can tell a hacker what ancient tomes of lore to read. A good hacker is a dancer of thought, you are not slogging through a curriculum like an accountant.

7etsuo

@7etsuo

23 days

George Hotz says that everyone should learn C and Assembly.

312

792

5K

6

23

140

Dave Aitel

@daveaitel

2 years

Every so often when the 15-year-old is playing Microsoft flight simulator I go by and I press a random button on his joystick to simulate what flying a real f35 with their real lowest bidder software stack is like...then I raise his taxes to pay for it.

3

21

137

Dave Aitel

@daveaitel

3 years

I put together this handy BINGO CARD for people playing along when reading any new cyber policy paper or attending a talk where bad ideas are likely to be proposed as solutions to all our problems. :)

11

35

135

Dave Aitel

@daveaitel

3 months

Man have I heard that a few times in my career :)

Daniel Moghimi

@flowyroll

3 months

My prediction is that exploiting memory corruption vulnerabilities in C/C++ code will become a thing of the past in 10 years with hardware support for memory safety, control flow integrity, and sandboxing.

7

0

30

10

16

133

Dave Aitel

@daveaitel

3 years

The reason this completely untrue statement keeps appearing is that people want to believe it is true. It would support their theory that using offensive techniques immediately rebounds.

10

36

126

Dave Aitel

@daveaitel

4 years

1

36

124

Dave Aitel

@daveaitel

2 years

Quote tweeting is one of the worst design changes Twitter made I think. It's like we have "reply" and "pompous reply" as your options.

8

10

123

Dave Aitel

@daveaitel

2 years

People on defense get so excited about parsing and storing Syslog data, but none of my exploits ever left logs. This has confused me for two decades.

18

17

123

Dave Aitel

@daveaitel

4 years

Nobody should ever be using PHP, part 1:

10

34

120

Dave Aitel

@daveaitel

5 years

4

33

118

Dave Aitel

@daveaitel

3 years

insanely baller, hats off, claps, etc.

Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective

Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be...

signal.org

2

30

118

Dave Aitel

@daveaitel

7 years

The only difference between this worm and every other worm is we know this one happened because it has ransomware.

2

74

115

Dave Aitel

@daveaitel

1 year

Maybe if the whole first page of Google search was not useless advertising and sponsored posts, it would not be seen as such a huge step up to have ChatGPT just summarize the web for you.

8

17

120

Dave Aitel

@daveaitel

5 years

Released: Having Fun with COM - James Forshaw - INFILTRATE 2019 (). Watch this after your coffee this morning. I find his talks inspirational.

Having Fun with COM - James Forshaw - INFILTRATE 2019

INFILTRATE 2020 will be held October 11-16, Miami Beach, Florida, infiltratecon.com

vimeo.com

1

41

118

Dave Aitel

@daveaitel

6 years

I am torn between really liking this paper and also wanting nobody else to ever read it.

0

35

118

Dave Aitel

@daveaitel

6 years

A simple solution to legal issues around 4th Amendment searching. :)

0

12

94

Dave Aitel

@daveaitel

4 years

Amazing exploit work:

0

60

113

Dave Aitel

@daveaitel

3 years

My 15yo is attempting to use nmap on his phone to scan some router while we are out as I heckle him on his use of flags. "Do you want me to ask fyoder and find out how to use this tool?"

8

4

112

Dave Aitel

@daveaitel

7 years

Former Deputy Director NSA just said on the Steptoe podcast: There are things I cannot say about Kaspersky AV, but we should not be using it

4

86

105

Dave Aitel

@daveaitel

3 years

People who actually build cyber weapons for a living think the focus on exploits as cyber weapons is pretty funny btw.

5

13

107

Dave Aitel

@daveaitel

5 years

It's important to remember that the cyber norms posed by big corporations protect big corporations and not "civilization" as they so humorously propose.

1

26

102

Dave Aitel

@daveaitel

6 years

Firewalls: Cisco was writing theirs in C, with no stack protection of any kind. Palo Alto wrote their management interface in PHP. LOVE THIS :)

6

36

104

Dave Aitel

@daveaitel

3 years

One of the things we did with INFILTRATE that has not been widely adapted yet in conferences is giving people a list of prior reading they can go through if they want to be totally up2date on a particular talk...

5

10

105

Dave Aitel

@daveaitel

10 years

LSASS eip control via ms14-066 + preauth RDP achieved in lab. Will be in CANVAS Early Updates tomorrow!!! http://t.co/tz9qZuBglr

5

218

101

Dave Aitel

@daveaitel

3 years

Just a LOL for Halvar and co.

2

21

100

Dave Aitel

@daveaitel

3 years

It just boggles my mind that Kasaya called this attack incredibly sophisticated when its technologies were invented in the early 2000s and so were the attacks that were used against them.

8

15

96

Dave Aitel

@daveaitel

2 years

Hopefully everyone was already aware that WAFs don't really work and it's not taking this JNDI bug to demonstrate that?

8

19

98

Dave Aitel

@daveaitel

1 year

Hats off to the forward thinking hackers posting tons of broken code in lots of different places for LLMs to parse and remember as suggestions years from now.

4

19

98

Dave Aitel

@daveaitel

3 years

signaling: You sit in a circle with your friends and whisper a top secret sci powerpoint summary into the ear of the person to your right, and they whisper it to the next person in line and then the last person writes it down and it gets printed in the nyt.

3

21

95

Dave Aitel

@daveaitel

8 years

Hey Microsoft... I wasn't worried about this ... But NOW I am.

2

78

90

Dave Aitel

@daveaitel

2 months

People think insurance costs in Florida are high because of fraud or mismanagement or maybe not enough laws or regulation, but the reason is really because the ocean is hot and insurance companies hire scientists.

Brian McNoldy

@BMcNoldy

2 months

The ocean says it's June 3 in the tropical Atlantic. ⏰ Anomalies this large aren't supposed to happen, and certainly not for 10 consecutive months with no end in sight.

64

529

1K

6

32

95

Dave Aitel

@daveaitel

8 months

I do not understand this obsession with not having a program print out naughty things. The more your program is thinking about what not to tell you, the more unreliable and ineffective it is.

Paul Röttger

@paul_rottger

8 months

After spending just 20 minutes with the @MistralAI model, I am shocked by how unsafe it is. It is very rare these days to see a new model so readily reply to even the most malicious instructions. I am super excited about open-source LLMs, but this can't be it! Examples below 🧵

217

107

768

9

19

93

Dave Aitel

@daveaitel

4 years

Firmware Reverse Engineering with Ghidra - Day 2 with Thomas Roth via @YouTube

Firmware Reverse Engineering with Ghidra - Day 2 with Thomas Roth

Highlights shown in this video were taken from the second day of the course Firmware Reverse Engineering with Ghidra by Thomas Roth (stacksmashing/Ghidra Nin...

www.youtube.com

0

36

93

Dave Aitel

@daveaitel

2 years

Me: did you tell your friends at school about fuzzing ? 16yo: no one knows what "fuzzing" is because it's an old technique for geezers

4

8

90

Dave Aitel

@daveaitel

5 years

Let's go back to when antivax meant you hated DEC's newfangled virtual addressing and orthogonal instruction set

5

24

89

Dave Aitel

@daveaitel

3 years

Highly recommend people take a quick look at this tool...

9

14

87

Dave Aitel

@daveaitel

8 years

@HillaryClinton It's...not true!

3

8

55

Dave Aitel

@daveaitel

6 years

So they have two usb keys worth of data ! Or in other words, ten grams of data!

CNN

@CNN

6 years

Special counsel Robert Mueller's office collected more than a trillion bytes of data, largely in Russian, related to indicted Russian individuals and companies' use of social media, prosecutor says

96

117

339

11

22

84

Dave Aitel

@daveaitel

6 years

People don't even notice hypervisor escapes anymore

dalmoz

@dalmoz_

6 years

10 new VM escape vulnerabilities discovered in VirtualBox via @techrepublic

2

189

263

4

33

88

Dave Aitel

@daveaitel

23 days

Llama3 70b is a GREAT model. Better than GPT 3.5 by a lot. Better than Claude Haiku. Better than Mixtral 8x22. Better than any open source model, and better than almost all the closed source models. This opens so many doors for natural language processing at scale.

6

9

86

Dave Aitel

@daveaitel

5 years

Wait what?

6

41

85

Dave Aitel

@daveaitel

9 years

hacking is hard: http://t.co/nSc7bSsN0b

1

107

86

Dave Aitel

@daveaitel

3 years

@jeremiahg also they were EXTREMELY hard to hack because they were early adopters of Bring Your Own Computer (aka, had no centralized management).

2

7

86

Dave Aitel

@daveaitel

3 years

9 out of 10 annoying fathers are dragging their 15yos through Pentester lab pro this summer :)

5

8

84

Dave Aitel

@daveaitel

6 years

Yes, keen team demoed a full iOS jailbreak chain , which you should fit into your threat model somehow?

6

23

81

Dave Aitel

@daveaitel

3 years

My 15yo is like "I don't get this. Going to a theater to watch a movie is like going on an airplane to watch a basketball game. Why would you want to do that". This....is a dead industry.

13

20

82

Dave Aitel

@daveaitel

4 years

One obvious myopia in the current cyber policy community is that while people are very excited about strike-back on ransomware groups who hit medical facilities you don't see anyone shoveling money into the hospital IT departments to upgrade the Windows 2000 domain controllers...

4

23

82

Dave Aitel

@daveaitel

5 years

In hacker Hell they go through all the code you audited and point out all the bugs you missed.

4

11

81

Dave Aitel

@daveaitel

2 years

Lol @NSAGov

2

3

75

Dave Aitel

@daveaitel

4 years

We'll be back :)

3

4

78

Dave Aitel

@daveaitel

5 years

Aww yeah....

9

28

72

Dave Aitel

@daveaitel

6 years

This was the first game I ever cracked. INT13 based protection on the PC version. :)

@mikko

6 years

In 1984, Jordan Mechner ( @jmechner ) wrote the classic single-player game Karateka. In 2018, Charles Mangin ( @option8 ) analysed the game and patched it so it became a two-player game. The patch is only 42 bytes long. Pretty impressive. #a2

18

315

864

1

14

71

Dave Aitel

@daveaitel

5 years

I have a rather large blogpost coming out soon (not on a cyber policy book!), but for those 90's hackers out there, who remembers this one? :)

10

15

77

Dave Aitel

@daveaitel

3 months

Cyber policy ppl: it's worth looking at the history of how exploits are actually written by crews , which this article does very well in the prelude and you don't need a lot of technical depth

1

30

76

Dave Aitel

@daveaitel

23 days

So people have been talking about maintained vs not maintained packages, and I really like this quick Reagent query as an example. There's three hundred and fifty packages in the top 5000 pip packages with no updates since 2020? Perfect for JiaTaning!

2

27

77

Dave Aitel

@daveaitel

1 month

There's no end to the signatures for people like Jia Tan in the cryptocurrency community.

Juliano Rizzo

@julianor

1 month

😰 XZ backdoor exposes a disturbing truth: the 21M #Bitcoin sacred limit is only as strong as the Linux code on which the miner's nodes run. 🎭The foundation of crypto, blockchain consensus, is built on mutable human-made code. It's time to put crypto 💰 where the crypto mouth is

5

4

24

3

9

76

Dave Aitel

@daveaitel

5 years

It's not an exploit, it's "freedom code".

0

19

74

Dave Aitel

@daveaitel

6 years

If you try to use a SodaStream to make champagne out of sav Blanc you will ... Cover the whole kitchen and yourself in wine.

12

5

76

Dave Aitel

@daveaitel

3 years

To be fair, you probably shouldn't participate in a bug bounty program where the rule is that if they already secretly knew about it, but didn't patch it, you don't get paid. :)

4

73

Dave Aitel

@daveaitel

4 years

@taviso If vendors had their way, advisories would have less info in them than a fortune cookie.

2

16

74

Dave Aitel

@daveaitel

3 years

Honestly everyone technical in the industry has noticed the exact opposite. The reporting in this space is terrible, as a general rule, with some exceptions. Remember when Jetbrains was at fault for SolarWinds? Remember when China "sent a message" by hacking Indian power?

Heath Wickline

@hwickline

3 years

If you follow #cyber issues closely, you've likely noted the increasing substance and sophistication of news coverage of them—you only have to look at stories like ones by @kashhill @SangerNYT @nicoleperlroth @NPRDina @a_greenberg @bobmcmillan @donie here:

5

9

17

11

12

72

Dave Aitel

@daveaitel

3 years

One way offense ppl see the defensive infosec industry is a bunch of companies selling what they KNOW TO BE complete snake oil, and then complaining bitterly that they are outmatched and begging for regulation or govt investment to save them.

6

13

73

Dave Aitel

@daveaitel

3 years

Why is it harder to wake up the teenager than write a chrome rce?!?

11

1

72

Dave Aitel

@daveaitel

3 years

I kind of want to teach a class where you take a seemingly worthless bug and then just go through all the different ways it could be used and the scenarios where it could be made very useful. I don't even know what to call that though. CONOPs 101?

11

3

74