P4x
@_hyp3ri0n
Followers
23,435
Following
5,813
Media
417
Statuses
8,764
Owner of Hyperion Gray. Hacker. Former DARPA research tech lead. P4x. North Korea's sexiest man of the yr. AI/ML/Data/Kubernetes/Parallel Computing nerd. 0days.
worldwide
Joined April 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Eminem
• 261438 Tweets
Bielsa
• 123003 Tweets
stevie nicks
• 70506 Tweets
harry styles
• 66557 Tweets
الاهلي
• 63226 Tweets
Brunson
• 52922 Tweets
Célya
• 48075 Tweets
Alec Baldwin
• 37797 Tweets
#SmackDown
• 29488 Tweets
Knicks
• 28497 Tweets
日曜劇場
• 27611 Tweets
FanDuel
• 22935 Tweets
フェルナンデス
• 16769 Tweets
#ウルトラマンアーク
• 14150 Tweets
NAMJOON FATHER OF KPOP
• 12039 Tweets
Ranger
• 11870 Tweets
Susan Collins
• 11716 Tweets
FERNANDES
• 10471 Tweets
ハロルド
• 10221 Tweets
Pinned Tweet
I love the art here. Also wonderful being on the show. These folks are AMAZING journalists, professionals, and producers. Also super friendly and kind people. LOL I can't believe you all included the "Kim Jong Un's PC, Kim Jong Un's Porn Computer". Wonderful, truly. Thanks y'all
When North Korea hacked Alejandro Caceres (
@_hyp3ri0n
), he expected the U.S. government to rush to his defense. When they just shrugged, he took matters into his own hands.
LISTEN:
2
15
29
7
9
55
Hey folks, story time. A guy going by the name James Willy approached me about help with a 0-day. After providing a writeup on root cause analysis I realized the visual studio project he gave me was backdoored.
44
362
1K
<-- Troy I have to be honest with you, HIBP has never sat right with me, and now even less. I'm the owner/creator of an *actual open data breach community* that aims to make selling data breaches worthless.
7
75
742
17
146
558
folks please help me get this word out.
@Crowdstrike
named some ransomware PunkSpider, literally the name of one of the pieces of software I made. Completely unrelated of course, mine is a security tool.
This is NOT cool, appreciate RTs to get them to change this.
23
371
562
lol at a con, am a speaker, i have a “speaker only” badge. I’m not allowed in the con *at all* except to speak and then leave. That’s a new one 😂
63
14
549
6
0
538
20k to anyone that gives me his full identity and address (and it's proven correct ofc). I will of course be approaching proper authorities at the DoD and LEA tomorrow. Thanks all.
12
41
404
@uglypackets
yeah right after i posted this. I'm mad I fell for it now. I will no longer talk shit about threat intelligence.
4
9
351
@the_ens
someone vetted by a friend sent me a visual studio project which i opened (not an executable, the executable in the project was a real 0-day vuln). And it was in a VM for that exact reason. And it's a scam a lot have been going down with rn. So chill.
0
0
204
@alexaaronpena
oh, you don't know me :P. I just like fucking with people. If someone scans the site it'll throw false positives for sql injection, OS command injection, sensitive info leak, password on page, possibly some overflow something, and generally come back horrible. I think it's funny
2
1
194
Folks i’d like to announce that I AM OFFICIALLY DIVORCED. I’d like to thank everyone that made it happen including my ex wife and our lawyers. We gave it 110% and came out ahead, good job everyone.
Now who wants to date or some shit i don’t know how this works
17
16
184
taping up your webcam is nice and all but if someone has control of your camera you're already fucked and a half
11
50
162
Looking for good infosec courses and if i see another goddamn basic buffer overflow course or tutorial i'm gonna lose my shit. Any recommendations for intermediate level? Stuff like heap exploitation, kernel fuzzing, and such?
No SANS please, I don't currently have 1mil USD
17
26
151
that is indeed how it happened :)
10
23
156
as a pen tester my recommendation is GET THE FUCK OFF THE INTERNET AND RUN UNDER A DESK THIS SHIT IS EVERYWHERE
5
11
118
Yep, he would've been 77 and still rocking those snakey improv solos and soothing voice :-/. What a great musician.
If you haven't had a chance to catch
@deadandcompany
shows or recordings highly recommend it. John Mayer slays the vocals and guitar and well Bob Weir is Bob Weir.
2
13
106
0day course is back in action January 31st! not for the faint of heart but tons of fun. Please note this is a *hacking* course not an infosec training so brings the right mindset :-)!! All are welcome!
5
24
107
wait what!? Cain and Abel still exists?
8
13
104
@alexaaronpena
i'm just lightly fucking with people :). Security sites alwars get attempted hacks so I play with the people that try. Last iteration if someone inserted an apostrophe it'd take them to a "there is an error in your sql query...." page. We didn't even use SQL. Good fun!
1
1
103
to make myself feel better here's a 0-day in Razer Synapse (the keyboard/mouse you get at best buy). Razer Synapse Service looks for a DLL in ProgramData that doesn't exist and is writable by low priv process (hid.dll). It runs as system. Hijack and boom.
1
15
87
our 0-day course is back in action:
Not a hard prereq but you should generally be able to sort of understand stuff at or at the very least have the will to learn it.
0
17
76
well i thought i was going after some dumbfuck skid, turns out it was a north korean gov't op. I'm not sure how i feel about that.
8
7
74
lol i love how one of my most popular tweets is about me getting owned.
7
1
67
well someone already did an idea i had :( but also :D
Running shellcode with Fibers (fibers are invisible to the kernel)
2
24
66
I turned a multimillion dollar company (HG) into something that produced enough to pay our people 275k a year. I took about half the salary than a mcdonald’s manager in the same area and gave my people more. I just want to note my fucking money is where my mouth is.
3
2
64
okay! thank you everyone for your support with the
@CrowdStrike
stuff. As a final update I’m done here on twitter with them and will be moving to comms with my IP lawyer. This is a clear violation of common law trademark and more, but I won’t say much more. Just that your belp
7
3
64
@Remroum
Bill Maher is just an asshole. He likes playing the smart guy and making others look dumb (why i hated the movie religulous even as a non-religious person). He clearly doesn't understand the medium and what it represents to so many.
2
3
56
@IanColdwater
i'm also pissed he insulted my analysis of his crash. Funny enough it was a real crash and a real bug in gdi.dll and driver.
3
2
60
lol oops sorry this is another cloudflare IP. Arb command execution though so i'm sure i could find it :).
6
7
60
wtaf 11,000 upvotes???????????? The TOP of AMA literally all day??????? I seriously thought it would hit like max 10 lol.
Does... does that mean you guys love me ❤️?
0
3
61
@ez_ozel
@DARPA
@ambivalentricky
hey I thought the same before I started working with them on counter human trafficking and counter a bunch of awful stuff online. Along with advancing CS massive amounts. I've never met anyone at DARPA that didn't have their head in the right place. And they're OSS pioneers!
4
2
51
@JC_SoCal
FS-ISAC, it’s a small con but bigger than i expected. Surprised about the speaker thing, they made me wait outside the con until my talk to go in.
7
3
58
oh and he commonly goes by the first name exp and last name ploit on platforms.
2
2
55
Anybody else get inappropriately angry when someone double clicks a button that only requires a single click?
3
6
50
Phew finally have something interesting to tweet... check out on how to fuzz GUI/GTK+ application w/ American Fuzzy Lop (AFL), the latest hawtness in fuzzers! Would love another pair of eyes from experienced folks like
@lcamtuf
and others who have used AFL
1
23
50
ok I posted an AMA on reddit, it’s probably going to get like 4 upvotes lol. But it’s there for anyone that wants to ask me anything about the NK Happenings
9
16
53
somebody just blocked me because "are you the person that keeps logging me out of my instagram?". I wish I was making that up. If I had the power to do that I'd log everyone out of their instagram. We are all logged out of insta on this blessed day.
6
3
45
Can i get RTs for Scylla? A project to provide FREE access to full db dumps to sec researchers, academics, gov't, etc. ONLY. No skiddies allowed, vetting is done on everyone, shoot me an email at acaceres
@hyperiongray
.com
0
25
44
finally strong enough to post updates, out of hospital! everything fucking hurts and i get tired lifting my head but i’m alive!
3
1
46
I FINALLY FUCKING GOT IT WORKING. Ahem, excuse me, exploit on VyOS for local privilege escalation is working. RCE is next up!
7
9
38
anyone want to hire me as a CISO, here are my relevant skills:
(1) know about security
(2) hate managing people
(3) like ordering people around
(4) good at looking busy and always stressed
(5) Excellent gaslighting skills
Relevant experience:
(1) killing baby seals
9
3
43
When an appliance tells me that it's off, how do I know it's telling the truth? I mean it's off and can't report on its own state. I suspect my toaster is hiding something.
6
6
39
Good news: This year i did not get rejected from
@defcon
Bad news: I forgot to submit the CFP on time.
3
0
40
I had a funny convo today:
Me: Hey found a 0day in your shit, can you fix within 30 days? Can help, super simple.
X: No it will take 6 months AT LEAST
Me: OK I'm releasing the vuln in 14 days.
X: 30 days is more than enough, can we have 30 please?
1
3
40
@alessabcd
@stark__tara
my beautiful little Clonazepam. She has such a calming presence. Not like her hyperactive brother amphetamine/dextroamphetamine_salts.
0
0
40
i'm sorry but what the fuck OWASP? From your guide:
PunkSpider is web application vulnerability search engine. It is of little use for a penetration tester doing manual work. However it can be useful as demonstration of easiness of finding vulnerabilities by script-kiddies.
5
4
38
It's that time of month where I complain about
@firefox
ptrace protection. In Linux this means bypass of all protections available (tested on clean Ubuntu Linux).
You have weak ptrace perms. Here is a snippet of basic ptrace protection/1
src:
3
6
34
This has to be a well-known trick in infosec right? One on the right is an executable and opens as such when double clicked.
First one to get how this was all done gets a free ABSOLUTELY NOTHING.
7
10
37
[*] Meterpreter session 1 opened (192.168.1.101:4444 -> 192.168.1.201:8777) <-- real-life equivalent to movie where they go "I'm in."
0
10
36
Got an LPE and want to kill Defender?
Command = <: mklink "C:\ProgramData\Microsoft\Windows Defender:wtf" \ :>
then restart it/kill it with driver from something like process hacker. Defender dead.
(greetz to anonymous person on discord for technique)
1
10
34
you know what's fucking ironic as hell? Finally, good logging practices are what killed internet security.
0
5
35
Massive update to is ongoing, we're at 220 GB (over 5 days). Only 2.4 TB to go :).
Also if you're looking for some easy side money check out
4
14
32
Exploit for that git vulnerability finished: . Enjoy responsibly, still a little raw, but workable. Will give it more TLC later.
1
7
31
massive update to . It is now open without auth. If you missed that last db dump download check out . It's been updated to include the "Collection
#1
-5" dump and the EU Antipublic dump. Missed a db download? It's probably on there!
3
10
31
$ sudo apt install python3-pip p7zip p7zip-rar
$ sudo pip3 install dtrx
$ dtrx file_to_extract
You'll never have to remember any goddamn extraction flags ever again. dtrx extracts it automatically (and stands for Do The Right Extraction). Great little tool.
1
6
33
folks my apologies but I'm stumped. I have no idea why is down and I can't seem to figure it out. Normally I would but... no. I'll be reinstalling tomorrow (database is still fine)
5
0
32
@101010Mingdao
@notshenetworks
naw man some people don’t know the nerdy shit we know because we do this professionally. Helping out folks like this, imo, is exactly what we’re trying to do here. It’s not sexy, it’s not the next big sploit, but it’s important.
1
0
32
honestly why do we ever have default user/pass on anything. Just make the user set a password or the install won't continue. Why do only super important networking devices and shit all have this default user/pass bullshit?
3
3
28
i'd like to propose a status code "420 - way too high to serve you this document right now, bitch."
2
2
30
Announcing the official 1.0 release of mass scanner proj. by Hyperion Gray. Version includes 100+ nmap NSE scans, 100+ ports scanned and banner grabbed, and web scans with our new custom fuzzer. All searchable via faceted front-end! Check it out!
4
14
26
hello everybody! got a brand new search portal. Enjoy and please use responsibly. Umm interested parties may be
@notdan
@Viss
@blackroomsec
. RT if you got it folks and let me know if you find any bugs :).
1
9
30
dear
@th3j35t3r
, I wanted to apologize for the ugliness the other day. I was being a cocky asshole and it was a stressful time (which is no excuse but some context). We're on the same side and I hope we can continue to be. Much love.
- Alex
1
1
28
Dropchat is a safe, anonymous no-frills clientless chat application over Tor ephemeral hidden services. v1.1.2-alpha is officially released! It now has JS support (if you want it, works without js too) and improved user experience. check it out here!
2
6
25
Was never one for hardware hacking but I'm proud of this one. RV AC went out so had to improvise with this totally not meant for this unit.
2
3
26
hey it's us! Thanks for the tweet
@TheHackersNews
Proof-of-concept (PoC) for recently revealed SCP file write
#vulnerability
(CVE-2019-6111)
News →
via
@HyperionGray
1
116
178
0
17
28
this space (hacking/infosec) is scary because there’s always someone who is a million times better than you. Unless you’re Charlie Miller or something.
2
3
29
isn't it kinda bullshit that we tell everyone to lock things down defense in depth etc. yet most people use Kali Linux as root only (even for browsing!) to save from the headache of some tools working only as root
4
6
26
. <— shell32 API is fucking swiss cheese. 3 non responsibly disclosed 0 days here and more coming (bottom part where i fuzz it). Even more not coming and gonna get weaponized/sold ;-). I’ll rant tomorrow on why I fucking hate responsible disclosure
1
6
26
OMFG the password is "sunday" jesus fucking christ the box isn't even usable. SUNDAY the password is SUNDAY (no caps).
2
6
28
<-- great post on garnering traffic for free tools and also showcases the best encoding/decoding tool i've seen to date. Use it!
4
10
20
A tool we wrote that I actually use quite a bit: <-- allows you to go through tor then through another proxy, hiding the fact that you're coming from tor. This has saved me hours in doing recaptchas all day. Please use carefully.
3
6
26
“responsible” disclosure is fucking bullshit. There I said it. Keep doing other people’s jobs for them for free and they’ll never do it themselves.
Vulnerable products SHOULD get owned and therefore exit the market. Make them feel it in their wallets or nothing will change.
4
5
26