Will Harris @parityzero
Chrome Security gnome. I work on the sandbox and local data protection on Windows. @parityzero.99 on signal. Opinions here are my own! will.phase.net Joined June 2011-
Tweets2K
-
Followers4K
-
Following800
-
Likes3K
@0xcharlie The sooner we have the bug the sooner we are able to fix it for users. Breaking exploits with offset changes doesn't cause the bug to magically disappear or make users any safer.
2
1
7
321
0
View Details
@0xcharlie We already tried to avoid releasing Chrome updates in the days leading up to pwn2own just in case a benign offset change meant we didn't get a juicy bug. Prefer to get the bug than not. Harder to avoid now though with weekly updates...
@simplylurking2 Hmm, many techniques here might not work any more...? e.g. Secure Preferences now enabled on Enterprise and use App-Bound Encryption for hashes. Post what you find from your testing :)
@simplylurking2 Setting Chrome policy needs admin though doesn't it...? HKCU policy keys are ACLed?
@5aelo seems like strong CFI should be possible - I suppose I am talking both forward and backward edge, and maybe CET or some hardware support? I think this seems more achievable than 'solving the JIT problem' but I dunno
@5aelo Why does building strong CFI also mean you can probably solve the JIT problem?
Will Harris retweeted
pwn2own has always been a great datapoint for how hard it is to find vulns, what exploit mitigations are working, new exploitation techniques, and now how AI works on offensive security.
this year's pwn2own isn't just interesting because there will be lots of entries with AI+human. it is also interesting because a) anthropic burned a ton of tokens on firefox, basically running claude in a loop until it found something for a month, probably exhausting whatever
Will Harris retweeted
This young man Manchester Madgwick seems to know everything. What a mind. Bravo 👏🏻 #UniversityChallenge
Will Harris retweeted
Great advice from @AnthropicAI on prep for accelerated AI vulnerability discovery, including what to do if you don’t have a dedicated security team, if you’re reporting bugs you found, or are an open source maintainer. /ht @_decius_ for sending the link claude.com/blog/preparing…
@WindowsCentral Make it so right clicking on a file in explorer on a modern 64-core theadripper 3995WX doesn't take 3 seconds to open the context menu.
Will Harris retweeted
The window between vulnerability disclosure and real-world exploitation keeps shrinking. The Zero Day Clock visualizes how fast attackers are operationalizing new CVEs. What used to take months now often happens in days, or hours. The future needs to be Secure by Design. zerodayclock.com #AppSec #CyberSecurity
Will Harris retweeted
Someone finally made a proper video on the xz backdoor. It’s missing a lot of the story, that I hope gets told someday, but still worth a watch.
The Internet Was Weeks Away From Disaster and No One Knew
@afneil On international flights with no first class cabin they sometimes don't even bother calling group 1 (BA Gold) and go straight to 2 (business class).
@xaitax I find it amusing that Copilot is using App-Bound Encryption - how about adding this support directly into the OS instead? Does this mean I work in AI Security now? :)
Will Harris retweeted
Interesting. Microsoft Edge now finally switched on App-bound encryption for their passwords. At least for me now on Version 144.0.3719.35. Last test on Version 142.0.3595.53 this wasn't the case.
@jrozner @dinodaizovi yes, DBSC means the attacker must maintain persistence on the device so increases the cost/risk of any attacks.
@jrozner @dinodaizovi ... you need something like application isolation or strong application secret binding (macOS has keychain, Windows has app-bound encryption). 2/2
@jrozner @dinodaizovi yes, exactly - so the cookie can be stolen but it can't be used off the device because of the need to present the short lived bearer token which is hardware bound. I don't think the goal of DBSC is to block an attacker with a persistent presence on the device. for that ... 1/2
Adriana Porter Felt @__apf__
67K Followers 960 Following I like writing silly Tweets, but that doesn't pay so I build things at @googledeepmind. Principal Engineer. ex-@googlechrome. volunteer @2ndharvest. 🇺🇸🇨🇷
SwiftOnSecurity @SwiftOnSecurity
411K Followers 9K Following computer security person. former helpdesk.
Halvar Flake @halvarflake
45K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
🎻 ➡️ BlueSky @ericlaw
14K Followers 3K Following I moved to https://t.co/GaDsKjTnnm Twitter died. X is the Nazi bar. Hope fights in the dark.
mdowd @mdowd
33K Followers 754 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
lcamtuf @lcamtuf
40K Followers 499 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Shane Huntley @ShaneHuntley
17K Followers 1K Following Security / tech guy. Google Threat Intelligence Group but tweets are my own.
Maddie Stone @maddiestone
62K Followers 795 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
Heather Adkins - Ꜻ ... @argvee
15K Followers 1K Following VP Security @Google, Co-Author "Building Secure and Reliable Systems" @r00t0wns, Medieval Historian
Alex Stamos @alexstamos
90K Followers 2K Following Doing AI security stuff at https://t.co/dAzjWy3P9q and teaching at Stanford (https://t.co/qi1lzlkg3K).
Royal Hansen @royalhansen
9K Followers 1K Following Vice President, Engineering, Google - Privacy, Safety, Security: Posts on InfoSec, Privacy, Data, AI, Counter Abuse and random stuff from life in CA; Tweets=own
Daniel Cuthbert @dcuthbert
33K Followers 2K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & Co_chair UK Gov Cyber Security Advisory Board
chrisrohlf @chrisrohlf
12K Followers 927 Following Waging algorithmic warfare since 2003. Engineer, Researcher. MTS @ Anthropic, Non-Resident Research Fellow @CSETGeorgetown CyberAI
Greg Linares (Laughin... @Laughing_Mantis
38K Followers 2K Following 20+ yrs in Infosec. Malware Influencer. I turn Malware into Art and Music. Art @MalwareArt. 4x Pwnie Nominee. 𝕍𝕏. GameDev. Autistic.
Brendan Dolan-Gavitt @moyix
33K Followers 6K Following Building offsec agents: https://t.co/G9EtnC2Gl3 PGP https://t.co/3WXr0RfRkv
Samuel Groß @5aelo
25K Followers 524 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
Ivan Fratric 💙💛 @ifsecure
19K Followers 210 Following Tech lead and security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
Richard Johnson @richinseattle
19K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH
Venkat @techvenkat
1K Followers 574 Following Award-winning writer | 15+ yrs crafting stories | Featured in TechCrunch, The Verge & more | Founded & sold @techdows.com | Hire me DMs open for collaborations
Salaheddine Bouayyady @Seddineb262
0 Followers 55 Following
00xtrkh @00xtrkh
8 Followers 56 Following Cybersecurity enthusiast | CTF player | Sharing tips, tools & tutorials | For education only ⚡🛡️
fettuccinae @fettuccinae_
1 Followers 176 Following
floating @speck415
28 Followers 2K Following
Kevin Tavukciyan | @d... @0xDouze
138 Followers 317 Following Love reverse engineering. But I like automating binary analysis even more. Not as many keys to press.
YellOw @YellO_wave
59 Followers 455 Following
Jacob Wizman @jac0bw1
3 Followers 190 Following
Jopraveen @jopraveen18
892 Followers 733 Following { 23 y/o | VR @zoho | CTFs with @Infobahn_ctf | https://t.co/OFX17OHmJX }
汐猫みお🐾💻 ... @shiomiolog
859 Followers 3K Following she/her / YouTuber(個人勢) / Researcher? (Security, AI, Info Law) / 放送大・学部全科生&修士選科生←サイバー大←N高 / https://t.co/KbFSjp1ZZ9 / Opinions are my own / In: @mayu2664 / 顔出しNG❌
Anderson Nascimento @andersonc0d3
4K Followers 6K Following Director & Security Researcher @alleleintel
Dario Delle Donne @x3DDario
213 Followers 357 Following
Sam Sepiol @sams3pi0l_
5 Followers 511 Following
Jonathan Luff @jjluff
2K Followers 2K Following Recovering Diplomat. Chief of Staff @ Recorded Future. Senior Advisor @ Portland. Investor in Security, AI, Defence.
Hailey Mondragon @haileymondrag18
11 Followers 504 Following 🦋 Hailey energy ⋆ ✦ ⋆ 19 ⋆ Leo charm ⋆ daydream mode 🌷
hikalium @hikalium
14K Followers 1K Following Fully-stuck Operating System Software Engineer at Google ( ChromeOS ) / 早大情報理工←学芸大附高 / WasabiOS / https://t.co/2C4XlSy922 / Opinions are my own
쇼헤이쿤🐉≅ H... @qb_PWN
1 Followers 320 Following
AAKASH KUMAR SINGH @Aakashhh6
11 Followers 242 Following
RJ45 @SeanBB443289
49 Followers 691 Following
janb SonuG @JSonug95579
0 Followers 102 Following
بنت الوطن @AlajawidBi17205
66 Followers 490 Following اتكلم بلسان الضعفاء والواقع وما تشوفه عيني وتسمعه اذني
. @13_4rch
91 Followers 1K Following
z3r0Fl0w @Fl0w3rr0r
2 Followers 2K Following
Vojtěch Krejsa @krejsavojtech21
32 Followers 129 Following Threat Researcher @GenThreatLabs | Threat Intel
Xion @0x10n
5K Followers 131 Following CMU CSD PhD student | '24/'25 Top#0 Chrome Researcher | P2O Vancouver '24, TyphoonPWN '24/'25, DEFCON CTF 31-33, ... | PPP, KAIST GoN '18, @zer0pts
Patrick Donahue @prdonahue
2K Followers 2K Following SVP, Head of Product @Chainguard_dev. Building /the/ trusted source for open source. Prev: CPTO @AuroraSolar; VP Product @Cloudflare for Security & Networking,
gitOutnow @CoffeeJinx3r
0 Followers 77 Following
ciphwall @ciphwall
0 Followers 186 Following
Allele Security Intel... @alleleintel
1K Followers 2K Following Allele Security Intelligence is an independent company specializing in Information Security research.
Anna Stewart @Anna_StewartmR
2 Followers 137 Following Hi there 🤗! You’ve found my small account, which I hardly use. I’d love to connect with u on my principal @ana_unplugged
Uwu @Uwu79033065Uwu
228 Followers 7K Following
CyberNerd @rainmekka
680 Followers 4K Following #ShitPoster | #EweduGang |Amala is a gift from the gods | Team 🇳🇬 | #ThankASoldier ✊🏿🫡
KarenWoolf @4cqc2NH5L92UA
26 Followers 724 Following
sangnt @gnas0x0018
102 Followers 81 Following
jimmycon @jimmycon485688
10 Followers 534 Following
Adriana Porter Felt @__apf__
67K Followers 960 Following I like writing silly Tweets, but that doesn't pay so I build things at @googledeepmind. Principal Engineer. ex-@googlechrome. volunteer @2ndharvest. 🇺🇸🇨🇷
chompie @chompie1337
89K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
SwiftOnSecurity @SwiftOnSecurity
411K Followers 9K Following computer security person. former helpdesk.
Halvar Flake @halvarflake
45K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
mdowd @mdowd
33K Followers 754 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
lcamtuf @lcamtuf
40K Followers 499 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Yarden Shafir @yarden_shafir
26K Followers 318 Following A circus artist with a visual studio license
Shane Huntley @ShaneHuntley
17K Followers 1K Following Security / tech guy. Google Threat Intelligence Group but tweets are my own.
Dino A. Dai Zovi @dinodaizovi
39K Followers 1 Following Dino is human and can make mistakes. Please double-check responses.
Maddie Stone @maddiestone
62K Followers 795 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
April King 🌀 @CubicleApril
19K Followers 338 Following Staff Security Engineer @ Dropbox, previously Mozilla, Twitter. mastodon @ [email protected]. Union Park District Council board member.
thaddeus e. grugq @thegrugq
128K Followers 420 Following Hacker :: PhD researcher @warstudies @KingsCollegeLon :: [email protected] :: PGP https://t.co/dYipV8y3bo
Heather Adkins - Ꜻ ... @argvee
15K Followers 1K Following VP Security @Google, Co-Author "Building Secure and Reliable Systems" @r00t0wns, Medieval Historian
Thomas H. Ptacek @tqbf
35K Followers 618 Following Don't look at me sideways. Don't even look me straight on. bsky:@sockpuppet.org
MalwareTech @MalwareTechBlog
272K Followers 1 Following Not here anymore. Profiles: https://t.co/sFoOuGmYK2
TrendAI Zero Day Init... @thezdi
89K Followers 18 Following TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Alex Stamos @alexstamos
90K Followers 2K Following Doing AI security stuff at https://t.co/dAzjWy3P9q and teaching at Stanford (https://t.co/qi1lzlkg3K).
Royal Hansen @royalhansen
9K Followers 1K Following Vice President, Engineering, Google - Privacy, Safety, Security: Posts on InfoSec, Privacy, Data, AI, Counter Abuse and random stuff from life in CA; Tweets=own
Haifei Li @HaifeiLi
9K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
Daniel Cuthbert @dcuthbert
33K Followers 2K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & Co_chair UK Gov Cyber Security Advisory Board
Rhys @RhysDowning_
458 Followers 1K Following Threat Researcher & Hunter | Dissecting malware, one sample at a time! | My views are strictly my own.
Will Schroeder @harmj0y
49K Followers 974 Following Researcher @SpecterOps. Coding towards chaotic good while living on the decision boundary.
Vojtěch Krejsa @krejsavojtech21
32 Followers 129 Following Threat Researcher @GenThreatLabs | Threat Intel
Watches of Espionage @watchesofespion
54K Followers 164 Following Former CIA Officer, amateur horologist. -will do this until it stops being fun, then disappear. -W.O.E. #watchesofespionage
mrigakshi goel @mrigakshigoel
252 Followers 643 Following Security Enthusiast worked at Finning, Optiv, Bugcrowd and Accenture active speaker at Shecurity, OWASP meetups and BSides Based in Vancouver
Michael Weber @BouncyHat
1K Followers 87 Following Security Consultant. Not affiliated with Red Hat. I just like the hat. @[email protected]
Daniel Stepanic @DanielStepanic
1K Followers 642 Following Malwarez at @elasticseclabs | Macrodata Refinement
Elastic Security Labs @elasticseclabs
6K Followers 726 Following Elastic Security Labs is democratizing security by sharing knowledge and capabilities necessary to prepare for threats. Spiritually serving humanity since 2019.
David McCabe @dmccabe
8K Followers 3K Following [email protected] // [email protected] // DM for Signal
Smart DNS Proxy @SmartDNSProxy
10K Followers 30 Following Smart DNS Proxy Unblocks US & Global Video & Music streaming services. Smart DNS Proxy is faster than VPN Service.
Claudio Contin @claudiocontin
285 Followers 1K Following Co-Founder and Principal Consultant @ https://t.co/0iCTjR0eZw & https://t.co/wmKNX0k1qU
RussianPanda 🐼 �... @RussianPanda9xx
19K Followers 594 Following badass @HuntressLabs | Researcher @ https://t.co/vqtwIGbXlW | Malware Addict | Volunteer @TheDFIRReport | YouTube: https://t.co/N8bPp4P37z
Who said what? @g0njxa
6K Followers 100 Following ChatGPT says I'm a cyber researcher :) | donate 💸 to g0njxa.eth 💖 | Bad student, enthusiast, defo not an expert DMs are open, feel free to reach! 😼☂️🟣
Kimberly Samra @Kimberly_Samra
525 Followers 430 Following Google Security Comms. Previously IBM Security and Black Hat. Bay Area native. Pop culture enthusiast. Lamb at heart.
Daniel Micay @DanielMicay
12K Followers 350 Following Security researcher/engineer working on mobile privacy/security. Founder of @GrapheneOS.
Nico Waisman @nicowaisman
13K Followers 975 Following CISO at @XBOW. Former CISO @Lyft. Binary entomologist
Tom Gallagher @secbughunter
3K Followers 200 Following Vice President of Engineering, Microsoft Security Response Center (MSRC)
Stefan Esser @i0n1c
108K Followers 462 Following CEO of @Antid0tecom (former CEO of @SektionEins) (contact: [email protected])
Austin Larsen @AustinLarsen_
2K Followers 1K Following Principal Analyst - Google Threat Intelligence Group Rapid response and investigations into significant cyber events.
Joseph Cox @josephfcox
91K Followers 3K Following Hacking/crime/privacy journalist. Author of DARK WIRE. Co-founder of @404mediaco. Signal: joseph.404 Email: [email protected]
Nathan Blondel @slowerzs
803 Followers 124 Following
Robert McMillan @bobmcmillan
13K Followers 2K Following Reporter with the Wall Street Journal. BIO: https://t.co/olLOnHuYs2 Host of Hack Me if You Can https://t.co/vEoVoRbwTv
Andrew Williams @SmugYeti
358 Followers 744 Following Software engineer at Google. Formerly at Cisco Talos. Tweets are my own.
Patrick Gray @riskybusiness
29K Followers 2K Following Host of the Risky Business® podcast. Guests by invitation only. Bsky: https://t.co/dPGdZBiBD7
Manfred Paul @_manfp
5K Followers 311 Following Security but not as in "national security". Playing CTFs with @redrocket_ctf (and @Sauercl0ud). Pwn2Own Vancouver 2020..=2024\{2023}. @[email protected]
Edouard Bochin @le_douds
357 Followers 79 Following
Xion @0x10n
5K Followers 131 Following CMU CSD PhD student | '24/'25 Top#0 Chrome Researcher | P2O Vancouver '24, TyphoonPWN '24/'25, DEFCON CTF 31-33, ... | PPP, KAIST GoN '18, @zer0pts
Leigh Ann Caldwell @LACaldwellDC
59K Followers 2K Following Chief Washington Correspondent @pucknews. Mostly on the Hill. Frmly Washington Post, NBC News. [email protected]
Francesca Procopio @Francesca_Pro5
110 Followers 266 Following PhD candidate (she/her) @SGDPCentreKCL @TedsProject 🇬🇧🇮🇹
Gareth Evans @kryc_uk
576 Followers 168 Following Security Researcher. Microsoft Edge Security Lead. Words & Opinions are my own.
Anna Bower @AnnaBower
100K Followers 5K Following Senior Editor @lawfare. Email: [email protected] Signal username: annabower.24
Andrew McCalip @andrewmccalip
79K Followers 1K Following https://t.co/XTkNjjVHci Building spacecraft @vardaspace. Circumnavigating world @ https://t.co/hLM2DEGTxZ. Former: Co-Founder Cosine Additive, acquired by GE
Rohit Mothe @rohitwas
791 Followers 157 Following Security Re..(dare i say it?) , struggling janitor. tweets,replies,retweets,likes,DMs entirely my own doing, undoing
Brad Fitzpatrick 🌻 @bradfitz
49K Followers 1K Following I do computers. Married to @radkat. 3 kids. Xoogler. @golang team '10~'20. Made LiveJournal, memcached. Now @Tailscale. Mostly in bluer skies these days.
James Murray @jwm_imperial
180 Followers 212 Following Reader at Imperial College, London. Views my own.
Jeff Jackson @JeffJacksonNC
181K Followers 3K Following Dad, Soldier, Attorney General for North CarolinaTrends for United States
You might like
Jann Horn - jann@info...
@tehjh
16K Followers
Julien Vanegue
@jvanegue
6K Followers
Cedric Halbronn
@saidelike
4K Followers
chrisrohlf
@chrisrohlf
12K Followers
Jeremy Fetiveau
@__x86
4K Followers
Nasko Oskov
@nasko
3K Followers
Felix Wilhelm
@_fel1x
11K Followers
Tarjei Mandt
@kernelpool
17K Followers
Markus Vervier
@marver
3K Followers
Kostya Kortchinsky
@crypt0ad
8K Followers
zenhumany
@zenhumany
1K Followers
TinySec
@TinySecEx
3K Followers
Moritz Jodeit
@moritzj
3K Followers
Robert Swiecki
@robertswiecki
4K Followers
Collin Mulliner
@collinrm
8K Followers