Perpetual Student | SANS Fellow | Musician | Braggart Hater | Gray Hat Hacking | VR | 🏂 | deadcode | acidapp.ai

Berkeley, CA
Once I finally hit 10K followers I’m going to give away 10 copies of Gray Hat Hacking 6th edition to likes on this tweet. They’ve been hanging out in my office and I want them to go to good homes!
109
275
2,689
Introduction to Reverse Engineering and Debugging nitter.app/i/broadcasts/1lDxLPOno…
8
311
1,122
86,959
Introduction to Linux Heap Exploitation nitter.app/i/broadcasts/1YqxoAndj…
6
219
809
Exploit dev tip in 1998: grep memcpy Exploit dev tip in 2021: grep memcpy
6
132
699
An Introduction to using Artificial Intelligence (AI) for Vulnerability Research nitter.app/i/broadcasts/1mnxegPyz…
8
225
739
58,636
During a webcast last week to announce the new Offensive Operations curriculum at SANS we gave away a free course. I made mention that we would give away a few copies of Gray Hat Hacking 5th ed. as well. Tomorrow, @SANSOffensive will randomly select 5 people who like this post.
11
38
588
I’m going to randomly pick 3 people who retweet this to receive a copy of the book. I’ll tweet out the winners tomorrow. I’ll also be giving away two more copies later this week complements of @RayRedacted! …and maybe a couple more next week just for university students
26
925
533
That happened way faster than expected. I’m en route to the airport to fly to Vegas to teach. I’ll use the time on the plane to pick 10 random names and @ them in my next tweet. I’ll ship when home after the weekend. Thanks!
Once I finally hit 10K followers I’m going to give away 10 copies of Gray Hat Hacking 6th edition to likes on this tweet. They’ve been hanging out in my office and I want them to go to good homes!
64
39
524
Introduction to Linux Heap Internals nitter.app/i/broadcasts/1BdGYymYV…
5
127
489
Debugging the Windows Kernel and Undocumented Structures nitter.app/i/broadcasts/1MnxnpEgn…
6
125
475
61,180
Zero to Hero: The process of reversing and exploiting complex vulnerabilities! nitter.app/i/broadcasts/1rmxPkRrM…
2
114
429
57,788
Selling Exploits for Profit! Memory Corruption Bugs and Binary Exploitation nitter.app/i/broadcasts/1YqJDkvel…
6
92
434
4,350,393
Just got the physical copies of Gray Hat Hacking 6th ed. in the mail! A few people were asking about the ToC. Here it is... I'm going to think of a way to give a couple copies away soon. I'll tweet when I figure that out!
30
51
401
Reverse Engineering Malware with Ghidra nitter.app/i/broadcasts/1YpJkwozE…
2
99
390
28,320
Active Directory Certificate Services: The Latest Attacks - with Tim Medin nitter.app/i/broadcasts/1lPKqBXwZ…
137
391
40,803
Tomorrow, I am presenting to a group of 12 girl scouts about infosec and hacking. For some reason I am more nervous about this than teaching a roomful of MIT PhD’s. 🙈
27
7
339
Windows Exploit Mitigation Bypass - Isolated Heaps nitter.app/i/broadcasts/1lPJqbaEP…
2
87
358
37,468
Modern Windows Command & Control / Implants nitter.app/i/broadcasts/1mrGmkblN…
3
94
337
48,947
Reverse Engineering a tcpip.sys DOS Vulnerability nitter.app/i/broadcasts/1RDGlleEW…
5
76
313
33,494
Fuzzing from First Principles with Alisa Esage nitter.app/i/broadcasts/1kvJpbldX…
5
58
307
50,438
Join me on the Off By One Security stream this Friday with @chompie1337, to watch her walk through the process of reversing and exploiting complex vulnerabilities! This one will answer a lot of great questions commonly asked about exploit development! piped.video/watch?v=7ySes8NC…
11
73
307
110,990
Low-Level x86-64 Architecture, Linking & Loading, Memory Management, etc... nitter.app/i/broadcasts/1rmGPMPVQ…
1
73
298
21,336
Browser Exploitation Introduction: Part 2 - Use After Free Against IE 11, Bypassing MemGC and Isolated Heaps nitter.app/i/broadcasts/1dRKZMQow…
68
280
35,430
Useful IDA Pro scripts/plugins: IDACode - github.com/ioncodes/idacode IPyIDA - github.com/eset/ipyida Karta - github.com/CheckPointSW/Kart… IDA PyCharm - github.com/overfl0/IDAPython… # Thanks @Void_Sec SARK - github.com/tmr232/Sark There are more, but those are some good ones! @ilfak
1
74
277
If you haven't seen it, check out this great 18 hours of free C programming training , broken into 9 different 2 hour workshops, along with all things needed for labs. Created and hosted by @jon__reiter & @SANSOffensive! sans.org/webcasts/intro-c-wi…
3
70
276
59,759
Please join me on the next @offby1security stream with guest Eugene Lim (@spaceraccoonsec ) on 4-Sept at 6PM PT for a session on "0-day Hunting Strategy!" This will be a great session for those interested in vulnerability research! Note the time at 6PM PT piped.video/watch?v=dMt2qyGH…
6
65
281
24,941
I had to delete an earlier tweet, sorry. I just found 10+ vulns so far in the pdf previewer used by Outlook, etc....Crazy part is that it was by doing some basic things from @DidierStevens tools here: blog.didierstevens.com/progr… with an interesting corpus (which was the hard part)...
2
69
271
40,763
Reverse Engineering Exploit Mitigations Series - Do Not Allow Child Processes nitter.app/i/broadcasts/1mrGmkvBv…
64
265
29,874
Reversing a Windows Exploit Mitigation (Exploit Guard) nitter.app/i/broadcasts/1lDxLnRXL…
4
84
257
31,067
I get a lot of DM's, etc... from people saying that they "feel dumb," "..too far behind to get good at reversing," "..should probably change professions," "..are too late to the game." You're wrong! We all start somewhere. Would anyone be interested in a stream on how to start?
35
21
256
37,916
Windows Exploit Mitigation Series thus far: - Do Not Allow Child Processes: piped.video/E99S3vCTBWA - Stack Pivot Protection: piped.video/Wxsq2Goo2tA - Isolated Heaps: piped.video/5-F_IMpJfHc - High level look at CFG and Heap Spraying: piped.video/VPwBAGvgX7M
97
261
19,534
Cobalt Strike from a Blue Team Perspective nitter.app/i/broadcasts/1gqxvQzdp…
1
60
244
32,856
I’m down to teach the retired section from SEC760 on browser Use After Free exploitation during a couple public streams if folks would be interested. Would be against IE11, but the bug class and technique is still very relevant. Thoughts?
23
23
241
Debugging Windows Internals with x64dbg! nitter.app/i/broadcasts/1mnxepWEg…
53
235
12,581
I have a feeling I'm going to regret this stream, but join me tomorrow on the @offby1security stream at 11:30AM PT where I'll discuss my experience and direct knowledge about the world of selling high-value binary exploits. piped.video/watch?v=XiAEacZf…
4
40
225
39,597
Random Tweet! I've been authoring and teaching at the SANS Institute for well over 10 years. I have and have had the fortune of working with some of the brightest minds in the industry. My choice and ability to run the Off By One Security channel to give back to the community is not only encouraged by SANS, but also expected. Another example of giving back that I previously tweeted is @jon__reiter's 10-workshop series on Introduction to C which you can find here: sans.org/webcasts/intro-c-wi… Today, on the Off By One Security stream, we covered a session on introduction to JavaScript and V8 for browser exploitation: piped.video/watch?v=ctKCfXOg… If there's more content you'd like to see on the channel, you can join the ~2K member Discord server here and request them: discord.gg/offbyonesecurity Let me know what you want to see and I'll try my best to make it happen! I get asked often and so I want to mention this: Through the work-study program, instructor development, CyberStart, Vet Success, Women's Academy, the SANS Technology Institute (STI) College, and many other programs, there are A LOT OF opportunities to take advantage of great training. I'm not one to market, and have no plans to change that, but join my Discord and reach out to me with your goals and challenges, and I'll do my best to help. It's impossible to make everyone happy, though I wish it were... If you ever have questions about something you read online, hear from a peer (or stranger), or other, I will do my best to get back to you! I try my best to ensure I give credit to everyone who has helped to further my career. Sadly, not everyone does the same. None of us wouldn't be here today in the industry if it weren't for the amazing work and contributions done by countless people. Often, I've wanted to reply to postings that I feel are dishonest or unfair, but I choose to instead encourage and speak positively about everyone, even those who choose to be negative. Finally, we had over 6,500 virtual attendees join us live at Hackfest! Another amazing way I enjoy helping to give back to the community! Though the thanks goes to the incredible speakers who came out and shared their knowledge! I attended a recent virtual conference that charged to attend. My goal is to continue bringing you amazing content. Let me know how I can improve that goal. Thanks!
12
32
221
15,502
Understanding Exploit Mitigations for Defenders nitter.app/i/broadcasts/1YqKDoQWy…
5
49
217
56,411
Reverse Engineering with Binary Ninja (Binja) nitter.app/i/broadcasts/1yoJMwLVp…
1
46
217
15,666
Gray Hat Hacking 5th ed. is out! Just back from London to get my author copies. I need to figure out a good way to give away a couple copies
33
55
206
Hacking Google Cloud Platform (GCP) with Kat Traxler! nitter.app/i/broadcasts/1ynJOaaBl…
1
47
205
26,790
Web Bug Bounties: Tactics to Hunt for Logic Vulnerabilities nitter.app/i/broadcasts/1BRKjPpWO…
53
209
23,878
Infosec is wild. There are many brilliant people who have imposter syndrome who shouldn’t, and then there are also some people who take credit for things they didn’t do. To make matters worse, the more time that goes by, the more they believe it to be true and the more they convince others. Always give credit! I guess this is my first “sub-tweet…” haha
7
16
198
15,117
Stoked! My first (sadly)browser 0-day of the year was approved for purchase and responsible disclosure. Info leak + RCE + SBX. Brutal. Side-note: Why no matter where I live am I literally on the last USPS stop of the day?
17
11
196
Windows Exploit Mitigation Series - Reversing Export Address Table Filtering (EAF) nitter.app/i/broadcasts/1ynJOymmM…
1
48
203
18,586
I will be streaming a portion of the SANS SEC660 course I'm teaching today in DC on Introduction to Windows Exploit Development. We will use ROP to get around DEP on Windows 11. 1PM PT piped.video/watch?v=cbIEwz1P…
2
40
207
15,826
Process Injection Techniques: Deep Dive into Process Hollowing & Shellcode nitter.app/i/broadcasts/1YqJDgedX…
46
194
17,172
Would anyone be interested in a short(ish) session on intro to IDA Pro tomorrow (Friday at 11AM PT)? Even if you use ghidra, you'll still learn some things. I'll set an arbitrary number of 250 likes. Not because I care about ratio, but to make sure people are interested! haha
9
14
183
20,142
Windows Device Drivers Internals and some Reversing nitter.app/i/broadcasts/1kvKpvWAm…
1
38
193
17,554
So, I did this stream against my better judgment. I had fun and there were some great questions. As expected, I received quite a few DM's from haters. I won't name and shame as I really couldn't care; rather, I wanted to share the following as an optimistic message in regard to vulnerability research: - Do NOT listen to the trolls or haters... They'll always be there... Just wish them the best and move on... - Believe in yourself, even if no one else does... Find your people... They're out there... I believe in you... I came from a poor background and I'm proud of it! Hacking is for everyone! - You WILL get frustrated/humbled, it's part of the process... Embrace that... Learn from it...! - Sometimes it sucks ( quite often! ) and there might be easier paths, but you're learning even when it's not so obvious... - You are part of the evolution of security... Your work matters... All of this is coming from a rather cynical person. Let's go! Hack all (of) the things! I hope to see many of you at DEF CON.
I have a feeling I'm going to regret this stream, but join me tomorrow on the @offby1security stream at 11:30AM PT where I'll discuss my experience and direct knowledge about the world of selling high-value binary exploits. piped.video/watch?v=XiAEacZf…
14
26
185
24,737
Writing CTF challenges just became a whole lot easier!
6
19
187
To all those working in and studying to work in cyber, make sure that you have a hobby that you also prioritize. Skiing/snowboarding, music, sports, etc, and also family, of course!
13
16
180
12,467
Walking Through a Former DEF CON CTF Potent Pwnable 300 Binary nitter.app/i/broadcasts/1BdxYrqkb…
34
178
24,816
Off By One Security streams are back! Join me Thursday, the 7-DEC at 11AM PST with the amazing @DidierStevens, who will give us awesome insight (and likely some new tools) on Cobalt Strike from a Blue Team Perspective! AKA: Improve your red team chops! piped.video/watch?v=ZtenI_9B…
1
46
175
34,987
My talk, “The Rise and Fall of Binary Exploitation” was accepted at DEF CON 32! Don’t worry, of course “Fall” doesn’t mean dead! We’ll take a technical look at some of the most effective mitigations and bug classes. See you there!
5
19
170
11,030
I posted a short 9-minute video on using MCP with IDA for vulnerability analysis. It's open to YouTube members now and will go public on Tuesday. Thanks! piped.video/ZFABxmJTm6Y I'm using @mrexodia's IDA MCP Server which is the best I've seen yet. github.com/mrexodia/ida-pro-…
2
38
173
19,486
Someone on LinkedIn sent a DM asking if I’d be interested in writing a “PERL for Kids” book. How could someone dislike children so much?
8
12
158
On January 20th, @chompie1337 will be on the Off By One Security Stream to share knowledge on the process she uses to reverse and exploit complex vulnerabilities! I'll be giving away a Proxmark3 during the stream! YT: piped.video/watch?v=7ySes8NC… LinkedIn: linkedin.com/feed/update/urn…
3
40
156
IDA Pro and Hex-Rays Decompiler Giveaway! One lucky person will win by being the first to solve a challenge! Join me this Friday at 11AM PT on the Off By One Security stream where I'll dive into Scripting with IDA Pro and static analysis for bug hunting! piped.video/watch?v=pRrmDoo3…
36
154
12,828
Available for presale! I believe it ships in March. I’ll be giving some copies away as well when I get them. All proceeds for my portion are going to @CAL_FIRE ! amazon.com/Gray-Hat-Hacking-…
7
44
157
I'm gauging interest in a possible course offered under my curriculum at SANS. Could you like this tweet if you'd be interested in a 2-day lab heavy course on bug bounties / vuln discovery & disclosure, written by someone with cred from LinkedIn, Etsy, Facebook, ATT, & many more
9
12
157
Would you be interested in a stream this Friday on patch diffing a 2025 Microsoft patch?
21
12
158
8,002
Solving Research Problems Dynamically with Frida and Love nitter.app/i/broadcasts/1LyGBnLzn…
2
34
156
23,323
Return Oriented Shellcode (ROP Shellcode) nitter.app/i/broadcasts/1RDGlalyd…
1
46
154
16,721
Quick update on SANS SEC760 "Adv Exploit Dev." Major update to be released at the end of Oct. e.g.: - Linux Chrome V8 exploitation - Kernel exploit mitigation reversing Win 11 - Win 11 driver exploitation - Binary diffing - Smart fuzzing - etc. Authors: @jgeigerm, @0xabe_io, Me
4
24
153
25,783
Exploiting a Windows Application Using Return Oriented Programming nitter.app/i/broadcasts/1LyxBWqRj…
2
36
158
11,494
Based on requests, I've posted my BSidesCharm slides on MS Patch Diffing for Exploitation to deadlisting.com/files/Sims_P…
2
79
149
I plan to do a series of short videos covering various Windows Internals components. Members helping with our tuition assistance and charity goals will get first access and then public to all in the days after. What is the _CONTEXT structure piped.video/dz8CSaQRfzE
2
24
144
9,627
I’m recording SANS SEC760 “Advanced Exploit Dev” at home over the next week with @jgeigerm for OnDemand. Thinking about streaming/webcasting the module on IDA Pro while I’m recording this Saturday at 1PM Pacific Time if there’s an interest. Worth it?
12
16
147
I plan on doing a new Windows Internals stream, as people often ask for one, but here are a couple of existing videos on the topic: piped.video/watch?v=vz15OqiY… from @mrexodia piped.video/watch?v=I_nJltUo… from @alexsotirov
2
35
144
16,169
The heavily updated version of the Advanced Exploit Dev course "SEC760" with my coauthor @0xabe_io was just recorded and available at sans.org/sec760 Updates include Linux Chrome V8 Exploitation, IDA 9.1, Kernel Debugging Windows Mitigations, 2025 patch diffs, etc...
2
34
150
8,558
I’ve been refining AI security interview questions to better identify practical experience vs. a hobbyist. In several interviews, I’ve seen candidates who present as having AI security expertise but don’t always have the depth to back it up. I wrote these questions and then used AI to help with consistency conciseness. Feel free to use them if helpful, and if you have good questions that have worked for you, please post them. 1) What are the main differences between securing traditional software systems and securing machine learning models? 2) Define the attack surface of a ML model. 3) How would you generate adversarial examples against a computer vision model? What defenses exist, and what are their limitations? 4) Why is gradient obfuscation a weak defense against adversarial attacks? 5) What are some realistic data poisoning threats in enterprise AI pipelines/workflows? 6) How would you go about determining if a model or dataset has been poisoned? 7) How can an attacker perform model inversion or membership inference and what's the potential consequence? 8) What mitigations would you apply if an LLM is used for code generation to avoid insecure or undesired outputs? 9) When red teaming an AI product or implementation what methodologies have you followed? 10) If a company deployed an LLM for customer interactions, what three attack vectors would concern you most, and would it change based on the relevant vertical market? 11) What are the main trade-offs between model accuracy and privacy-preserving training methods like DP-SGD, federated learning, or homomorphic encryption?
5
18
148
17,257
If you haven't had a chance to watch the chat between @davidbombal & myself, talking about getting into exploit development, check it out here: piped.video/watch?v=LWmy3t84… David has a lot of great content! I'm looking forward to catching up with him again to talk about new topics!
2
11
135
22,315
Join me with Alisa Esage (@alisaesage) this Saturday at 8AM Pacific Time on the Off By One Security channel for a live talk on "Fuzzing from First Principles!" Check out the description on the link below for more details. piped.video/watch?v=9U-FK_Qi… @offby1security
4
32
138
8,043
Join me tomorrow on the Off By One Security stream with special guest Pavel Yosifovich @zodiacon for a session on Windows Device Drivers Internals, ...and Some Additional Reversing! 19-April at 11AM PT. Looking forward to this one! piped.video/watch?v=7Trgnw7H…
3
30
139
14,055
Introduction to JavaScript and V8 for Browser Exploitation nitter.app/i/broadcasts/1MnGnDmVD…
1
26
136
10,369
One of my finer slides over the past 10+ years... haha
4
14
137
10,908
To all of those waiting for SANS SEC760 "Adv Exploit Dev" to go live in OnDemand, sorry for the delay. I JUST got done re-recording book two on advanced Linux exploitation. It is finally done! Remote labs are done! So much work. Very excited and thanks for your patience.
4
32
138
Join us tomorrow (15-Mar at 11AM PT) on the Off By One Security stream with guest @mrexodia, creator of x64dbg, as we take a look at debugging Windows internals and such with this amazing debugger! Come with your questions! piped.video/watch?v=AKcADaAa…
2
23
135
13,465
So, I’m thinking about doing a weekly stream where I have guests & we talk all things red, purple, exploit dev, etc.... Content focused. Certainly not a new concept by any means, and I’m not the streaming type, but I’m down if you all think it would be cool and useful. Yay? Nay?
20
6
135
I did an intro to cryptography video with @davidbombal for anyone looking for the foundations of symmetric vs. asymmetric concepts, hashing, digital signatures, stego, etc…
4
31
136
15,658
I did an interview with Mark Laita from Soft White Underbelly on YouTube. I of course couldn't get too technical, but it was fun to talk about general hacking: piped.video/watch?v=G8GEp0aM…
11
23
133
7,730
AIRaaS (Artificial Intelligence Ransomware as a Service)
29
135
Tomorrow's Off By One Security stream will be my attempt to do another browser exploitation session. My very first stream was browser exploitation against IE 7. This one will be IE 11, and a mem-disclosure bug. I'm a bit rusty, but we'll try! Yay? piped.video/watch?v=ZsQLasNg…
4
22
135
19,430
SANS SEC760 IDA Pro Challenge Binary: bit.ly/sec760babyheap Target: nc babyheap.deadlisting.com 5760 To win: DM me a screenshot of target compromise, your source IP, & exploit code. First one to do this wins the IDA license! I will post when a winner is identified. Good luck!
2
76
135
Join me this Friday on the @offby1security Stream with guest @lauriewired! Date: October 11th, 11:00 AM Pacific Time Guest: LaurieWired Topic: Reverse Engineering Android Spyware YouTube: piped.video/watch?v=aLCoyJof… Discord: discord.gg/offbyonesecurity
2
36
130
17,036
Exploiting Off By One Vulnerabilities nitter.app/i/broadcasts/1MnxnpwYq…
32
128
13,888
Tactical Multi-Factor Authentication (MFA) Bypass Attacks nitter.app/i/broadcasts/1RDxlyYgV…
2
41
130
13,026
Join me on tomorrow's Off By One Security stream at 11AM PT, as we cover a bit on getting started with reverse engineering and debugging. This will be a series to help those of you preparing for your self-learning journey or an upcoming course! piped.video/watch?v=pgkAmgwI…
This Friday's Off By One Security stream will be on the topic I've "Quote Retweeted." We're going to start with the introduction to reverse engineering. It will be technical, but introductory, and then we'll ramp up through a series over the coming months. Come with questions!
2
27
128
16,438