Alon Leviev @_0xDeku Twitter Profile | Xstalk

Alon Leviev

@_0xDeku

Security Researcher at @microsoft (MORSE) | Hacker, Speaker, BJJ Black Belt, Former BJJ World and Euro Champion

66Posts 1KFollowers 126Following

Similar User

@DaviidGR7

@Des00464472

@DonPasci

@crudd_re

@siddharthuchil

@_BinWalker_

@pushecx

@_do_your_job

@adrianna_wrona

@hashford_

Alon Leviev

28 Oct

Today is my first day on Microsoft’s Offensive Research & Security Engineering (MORSE) team! Excited for this new journey!

Alon Leviev

17 Oct

My DEF CON 32 talk “Windows Downdate: Downgrade Attacks Using Windows Updates” is live on YouTube! youtu.be/HHmxuxQ7bE8?si…

Alon Leviev

11 Oct

Great blog post about mitigating Windows downgrade attacks!

Andrea Allievi

11 Oct

andrea-allievi.com/blog/downgrade… Here you go... Italian trip gift :-) @_0xDeku, @yarden_shafir and the others...

Alon Leviev Reposted

Alon Leviev

27 Sep

My new blog on the improved security and privacy architecture for Windows Recall - Secure Enclaves, Encryption, Secure Biometrics - let's get nerdy. blogs.windows.com/windowsexperie…

Tweet Image

Update on Recall security and privacy architecture

Source: https://t.co/NSNMssl43P

Alon Leviev

22 Sep

VBS’s “Mandatory” flag is now documented thanks to @aall86 🙏🏻 This flag can be used to mitigate the bypass of VBS’s UEFI locks which I described here - github.com/SafeBreach-Lab…

Andrea Allievi

22 Sep

learn.microsoft.com/en-us/windows/… @_0xDeku Mandatory mode documented... a blog post on the anti-rollback is coming soon (still writing it)...

Alon Leviev Reposted

Alon Leviev

3 Sep

Big changes to one of the most targeted attack surface in Windows - techcommunity.microsoft.com/t5/security-co…

Alon Leviev Reposted

Alon Leviev

3 Sep

We've updated our blog on abusing file deletes to escalate privileges. We've also released PoC to demonstrate this. The exploit offers a high degree of reliability and eliminates all race conditions. It has been tested on the latest Windows 11 Enterprise. zerodayinitiative.com/blog/2022/3/16…

Alon Leviev Reposted

Alon Leviev

1 Sep

If you're into researching Google's Quick Share, don't forget to check out QuickShell! It implements the RCE chain we found and tools allowing to sniff, receive and send the protocol's packets, fuzz the protocol, exploit vulnerabilities we found and more! github.com/SafeBreach-Lab…

Tweet Image

GitHub - SafeBreach-Labs/QuickShell: A library and a set of tools for exploiting and communicating...

Source: https://t.co/b2MdU3BORi

Alon Leviev Reposted

Alon Leviev

12 Aug

For those of you interested in getting started with UEFI vuln research and exploitation, check out the Damn Vulnerable UEFI project on GitHub github.com/hacking-suppor… By @mpcintheheart and myself. Contributions are welcome!

Tweet Image

GitHub - hacking-support/DVUEFI: Damn Vulnerable UEFI

Source: https://t.co/SREZLM663x

Alon Leviev Reposted

Alon Leviev

19 Aug

v-v.space/2024/08/19/CVE… Check my blog about Windows secure channel RCE analysis, though MSRC thought it's a DOS. By the way, I'm not the finder. Share for studying

Alon Leviev

16 Aug

Had the best time presenting Windows Downdate at @BlackHatEvents USA and @defcon 32, thank you all for joining. Windows Downdate is now live! Blog - safebreach.com/blog/downgrade… GitHub repo - github.com/SafeBreach-Lab… #BHUSA #DEFCON32

Tweet Image 1

Tweet Image 2

Alon Leviev Reposted

Alon Leviev

10 Aug

Just had our @defcon talk and we are thrilled to publish QuickShell - tools for researching Google's Quick Share including a sniffer, a fuzzer, tools that exploit the 10 vulnerabilities @_BinWalker_ and I found, and the RCE attack we chained them into github.com/SafeBreach-Lab…

Tweet Image

GitHub - SafeBreach-Labs/QuickShell: A library and a set of tools for exploiting and communicating...

Source: https://t.co/b2MdU3BORi

Alon Leviev

10 Aug

Proud to have been nominated for the most epic achievement @PwnieAwards, congrats to the winner @AndresFreundTec for finding the XZ backdoor, truly an epic achievement! If you want to hear more about my research, join my talk tomorrow at @defcon 10 am LVCC-L1-HW1-11-03 (Track 3)

Tweet Image 1

Alon Leviev

7 Aug

Reminder: tomorrow at @BlackHatEvents 10:20 AM in Oceanside A - I will be sharing my journey of researching downgrade attacks on Windows and their severe implications on Windows’s platform security. Join my talk “Windows Downdate: Downgrade Attacks Using Windows Updates” #BHUSA

Alon Leviev Reposted

Alon Leviev

30 Jul

I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: securityintelligence.com/x-force/little…

Alon Leviev Reposted

Alon Leviev

25 Jul

🚨New! "PKFail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem." #PKfail is a supply-chain issue affecting x86/ARM devices around the globe. Blog: binarly.io/blog/pkfail-un… Full report: …222483.fs1.hubspotusercontent-na1.net/hubfs/22222483… A free scanning tool: pk.fail

Alon Leviev

24 Jul

Super excited that my research on Windows downgrade attacks has been nominated for the most epic achievement pwnie award!

Pwnie Awards

23 Jul

🚨We are very pleased to announce the nominees for the 2024 Pwnie Awards! Be sure to tag your friends and catch us at Def Con! 🚨 🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇 docs.google.com/document/d/13J…

Aurora Shuter

@AuroraShut61371

lasterr0r

@lasterr0r

Dana Shoenberger

@da_shoenberg

Dakota Leavins

@LeavinsDak34284

NonBytes

@NonBytes

Zoi Dumag

@ZDumag89206

Adversary Emulation | #OSEP | #CRTL | #eCPTXv2 | #CRTE | #CRTO | #CRTP | #eCPPTv2 | #eWPT

Fahad

@Pwn3dx

Desiree Almeyda

@DesireeAlm19905

James Henderson

@he31707900

Wynell Gerberich

@GerberWyne

Everything can be pwned

yning12

@yn1ng12

Emelia Sundman

@SundmEmel

Hollis Kriek

@HollisKrie38728

Van Claire

@VanClaire26948

Sherise Kisto

@SheriseK73722

Malware & Phishing Threat Hunter | Cybersecurity Enthusiast | Passionate about exposing digital threats and protecting online spaces | #Infosec #ThreatHunting

S1dhy

@s1dhy

Jazlyn Yafuso

@JYafuso64822

Tiffani Geraghty

@GeraghtyTi8774

Coreen Vancamp

@VancaCore

Alfredia Rist

@AlfrediaR37253

Muoi Pettay

@MuoiP40257

Web pentester,Bug hunter,Ctf player

WhoAmi !

@Who_Ami77

Theola Mahajan

@MahajThe

Constantly trying to pursue understand of thyself and other.

Arthur Kaminsky

@ArthurKaminsky

Marisa Lattin

@LattinMari

Mali Neyaci

@neyaci78568

Yuonne Neaves

@NeavesYuon14703

Evie-mae Kethcart

@ma_kethc

Evangelina Furry

@fur_evangeli

Ella-rose Hysquierdo

@EllaHysqui24876

Selene Abt

@selen_abt

Rozalia Haros

@rozal_har

Dawne Bourke

@BourkeDawn62569

Kira Murgia

@k_murg

Krysten Deroche

@krys_dero

Nell Bunnell

@NellBunne

Maddie Puotinen

@MaddPuotin

Security Researcher and Technical Director of Offensive Security at @6degreesgroup | Red Team | Penetration Testing | Reversing | DFIR | Views are my own.

Andy Swift

@SwiftSecur1

Emmeline Hammerstad

@EmmelinHammerst

anna

@asde6984

Christi Huckabone

@HuckaboChris

Security Researcher @AlstomIndia | eCPPT |eJPT | CCNA | Youtuber

Perumal Jegan

@realperumalj

Mila-rose Allocco

@AllocRo

Latoya Fennell

@fenne_lat

Melanie Holk

@MelanieHol45774

Lanie Shauer

@lanie34366

Melynda Peedin

@melyn_peed

Ava-rose Boren

@AvaroseBor34783

Flo Mclernon

@f_mcler

Gracie Rapp

@GracieRapp36358

Cyber. M&A. Investments. Trends. Product. Nonsense.

English RTs @Cyburgerzz

Cyburger

@Cyburgerim

Constantly trying to pursue understand of thyself and other.

Arthur Kaminsky

@ArthurKaminsky

Founder @signal_labs : https://t.co/8grJlb5jwZ
🇦🇺 Vulnerability researcher (MORSE) @Microsoft
Discord: Kharosx0

Christopher

@Kharosx0

Pwn2Own 20{22,23,24,24.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊

SinSinology

@SinSinology

Security researcher. Vegan for life.

Ophir Harpaz 🎗️

@OphirHarpaz

Security research and exploit mitigations @Microsoft. Kenshoto founder and CTF burnout. Tweets are, regrettably, my own.

Justin Campbell

@metr0

ceo @digitalbarriers / words @forbes / views mine

Zak D

@UKZak

Just an opinionated security researcher. Opinions are my own
H2HC (Hackers 2 Hackers Conference)

Rodrigo Branco

@bsdaemon

(Mostly) Windows hacker & vulnerability researcher. Google Project Zero. @DragonSectorCTF

j00ru//vx

@j00ru

CEO of ACROS Security; Co-founder of 0patch (https://t.co/XQ9EYMooOv)
Mastodon: @mkolsek@infosec.exchange

Mitja Kolsek

@mkolsek

Leader, Father, Learner, and Responder in the Microsoft Security Response Center

Jeremy Tinder

@tinderj_

Security Research.
Opinions and private research are my own Lover of all things JSR $F7D7
💪🇮🇱
עם ישראל חי

David Kaplan

@depletionmode

Dor

@Dor00tkit

VP, Sales and Marketing, ASSET InterTech

Alan Sguigna

@AlanSguigna

Forbes 30 Under 30. Research. Opinions are my own.

Peleg Hadar

@peleghd

Security Researcher at SentinelOne
|| https://t.co/TD2cZi4g3X
|| Opinions are on my own.

Soy un mono de fuego, soy imbécil y agresivo

WaaWaa

@frodosobon

L̶o̶o̶k̶i̶n̶g̶ ̶f̶o̶r̶ ̶m̶y̶ ̶n̶e̶x̶t̶ ̶c̶h̶a̶l̶l̶e̶n̶g̶e̶.̶

Danny Leshem ⚡

@DannyLeshem

Tech Editor @ TheMarker

Sagi Cohen

@SagiCohen

🔴 Red Team operator, ex-MWR/F-Secure pentester, ex-AV engine developer @ESET, green tea addict. 🫖 @mgeeky@infosec.exchange

mgeeky | Mariusz Banach

@mariuszbit

Head of Security Engineering+Architecture (SEAR) at Apple. I don’t speak for my employer.

Ivan Krstić

@radian

Chief Gardener at Veramine. Previously at Microsoft. author of Practical Reverse Engineering.

Bruce Dang

@brucedang

Independent Hacker & Researcher, Creator of @zerodaytraining • Advanced RE, software exploitation & mathematical modeling • https://t.co/9ozY9M1BMX

Alisa Esage Шевченко

@alisaesage

I'm researching security of Intel's platforms. I'm not working for Intel

Mark Ermolov

@_markel___

Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.

Alex Plaskett

@alexjplaskett

Binary Security Researcher, Chief Scientist at https://t.co/XhN07utPLu and Trainer. @mr_phrazer@infosec.exchange

Tim Blazytko

@mr_phrazer

That HITB guy (@hackinthebox @HITBSecConf) and now also that OOTB guy (@OOTBconf) & DJ / Music Producer (@dhankasounds)

l33tdawg

@l33tdawg

Director @vxresearch | @blackhatevents Asia & USA / @hitbsecconf Review Board | BoB Mentor | Love animals, retro game & browser bug hunting

Mr. Anthony 安東尼

@darkfloyd1014

Don’t pull the thang out, unless you plan to bang

Guy Maliar

@gmaliar_

I cover the vendor and technology landscape for @ISMG_News including M&A, startups and key trends, with a focus on what’s relevant for CISOs. mnovinson@ismg.io

Michael Novinson

@MichaelNovinson

Team Lead of PSIRT and Threat Research, TXOne Networks. Speaker at Black Hat USA, CODE BLUE, DEFCON, HITB, HITCON, S4, SECTOR. Author of Windows APT Warfare

adr

@aaaddress1

Low hanging fruit maven. Cluster Head. Tweets are my own. https://t.co/D9QnzNa7Bh

Mickey

@HackingThings

Principal WinDbg’er @ Elastic Security. Thoughts are my own. Writing: https://t.co/EMJxj12lut More: https://t.co/pxG2OnO1OC @GabrielLandau@infosec.exchange

Gabriel Landau

@GabrielLandau

IT Security Enthusiast; Penetration Tester; Security Researcher

Moritz Abrell

@moritz_abrell

Senior Security Researcher at @d3vc0r3
MSRC 2024 MVR Top 100

Angelboy

@scwuaptx

Co-Founder @myhackerhouse cyber security assurance & hacker training ~ ISBN9781119561453 ~ a book on professional hacking. Offensive Lua project.

hackerfantastic.x

@hackerfantastic

Passionate about learning and exploring new frontiers in cybersecurity.
Opinions are my own.
#RedTeam #InfoSec

Yehuda Smirnov

@yudasm_

I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here:
@wdormann@infosec.exchange
https://t.co/hXggdAVkSQ

Will Dormann is on Mastodon

@wdormann

Oreen Livni

@OreenLivni

Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK).
And yes, opinions are my own ;)

Dr. Nestori Syynimaa

@DrAzureAD

Covering hacking, disinformation at the Washington Post. Person account. Signal joemenn.01. https://t.co/Nw79kDHP2f, first.last at https://t.co/NAqcNbS2m8

Joseph Menn

@josephmenn

Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)

hasherezade

@hasherezade

virtualization and webbrowser security researcher

wei

@XiaoWei___

Orange Tsai 🍊

@orange_8361

Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH

Richard Johnson

@richinseattle

Public Relations and Marketing Specialist

Kat Reid

@katreid_

Security reporter @WIRED. she/her/my man. Well of course, everything looks bad if you remember it. Signal +1 (347) 722-1347 @lhn@mastodon.online

Lily Hay Newman

@lilyhnewman

Researcher / Co-Founder @TrapaSecurity & @pwnabletw/ MSRC Top 100 2019/2020 / Focus on hunting bugs that are as useless as me / @l4ys@infosec.exchange

Lays

@_L4ys

Adversarial Cartographer. Risk Hunter. DEFCON Staff & CFP Board. MS in DF. Fmr Fire/EMS. Red and Blue. Builder. Morally Flexible. https://t.co/zakkIXeyHu @ bluesky

Tim McGuffin

@NotMedic

ohad bar-eli

@ohadbareli

CTO Office @Dazz_io. Co-Founder @pb_ctf. Member @pastenctf.
Ex-MSFT & CHKP. Cybersecurity, AI, startups, and all things tech.

Jonathan Jacobi

@j0nathanj

United States Trends

1. Serrano 134 B posts
2. #TysonPaul 74 B posts
3. #NetflixFight 38,7 B posts
4. #netflixcrash 4.102 posts
5. Ramos 63,4 B posts
6. #buffering 6.428 posts
7. ROBBED 59,9 B posts
8. Rosie Perez 8.002 posts
9. My Netflix 47,5 B posts
10. Jerry Jones 6.765 posts
11. Cedric 13,3 B posts
12. #boxing 35,2 B posts
13. Christmas Day N/A
14. WTF Netflix 11,2 B posts
15. Love is Blind 4.275 posts
16. The Netflix 221 B posts
17. $NFLX 4.440 posts
18. Streameast 2.384 posts
19. Robbery 17,7 B posts
20. Peter 152 B posts

Who to follow

Something went wrong.

Something went wrong.