Malware and EDR stuff @harfanglab 🤓 || PTC || Sister of @h313n_0f_t0r & @lauriewired
Joined November 2018
- Tweets 2,079
- Following 279
- Followers 3,369
- Likes 2,759
333 Photos and videos
Pinned Tweet
4 Apr 2022
Curious about what's happening in the Windows Kernel after a Syscall?
I just wrote this post following the worfkflow from the Syscall instruction to the target kernel routine ⬇️
alice.climent-pommeret.red/p…
Thanks again to @Set_hyx for the proofreading!
4
247
565
The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare-le…. Launched with:
- Malware Analysis Crash Course
- Go Reversing Reference
- Intro to TTD
6
401
1,258
65,273
Alice Climent retweeted
Jan 4
I have created a website, where you can share your sample analysis (via links or posts) and search samples for training based on tags and difficulty.
If you write analysis blogs, you can share them there.
samplepedia.cc/
14
121
400
30,527
Alice Climent retweeted
4 Dec 2025
🚨 A new investigation jointly published by @insidestory_gr @haaretzcom & WAV Research Collective with the technical assistance of @Amnesty has exposed the internal operations of Intellexa, a company notorious for selling Predator spyware.
amnesty.org/en/latest/news/2…
11
40
47
9,091
Alice Climent retweeted
30 Sep 2025
You don't have to write super sophisticated malware with 9000 different evasion techniques
Just name it important_file.pdf.exe and have it prompt for UAC. They'll probably allow it
27
41
816
36,562
12 Feb 2025
🤩🔥🔥🔥🤩
25 Dec 2024
Windows Rootkits and Bootkits Guide is available in an eye-friendly design and colors 🕶️🎆🎄 github.com/ArtemBaranov/Wind…
1
2
918
12 Feb 2025
I just realized something. The advisory says:
"This issue does not add additional capabilities to an attacker with administrative privileges to damage the attacked system."
Well, that's not true. The PoC allows an attacker to remove EDR/AV files (exe, dll, drivers) and
11 Feb 2025
The vulnerability I've found last year in @kaspersky AV is nows patched 🥳
support.kaspersky.com/vulner…
2
14
1,910
12 Feb 2025
without any tools.
The PoC is using the driver indirectly (via specificaly crafted data in registry keys) to remove ANY files or registry keys after a reboot.
So yes, it adds new capabilities for the attackers to damage the system. Because with just the driver load and data in
1
1
2
588
12 Feb 2025
a registry key, they are able to remove any AV/EDR on a Windows machine. BYOVD Style ( but without interacting directly with the driver though 😅).
If I found the time I'll write a blog post about this vuln
3
526
11 Feb 2025
The vulnerability I've found last year in @kaspersky AV is nows patched 🥳
support.kaspersky.com/vulner…
5
11
77
12,700
Alice Climent retweeted
26 Jan 2025
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01…
4
283
809
54,031
Alice Climent retweeted
13 Dec 2024
#HeartCrypt, a new #PaaS, packs malicious code with legitimate binaries. Advertised on Telegram and elsewhere, the low cost ($20/file) combined with support for multiple payload types makes it an attractive tool for bad actors with varying expertise: bit.ly/41yljiM
ALT Pictorial representation of HeartCrypt. A laptop on a desk displaying a vivid graphical interface with cyber security and data analytics themes, illuminated by red ambient lighting.
1
14
41
4,689
10 Dec 2024
✨💅🔥
10 Dec 2024
🏆 Femme Cyber Espoir - FRANCE
👏 Bravo à Joséphine DELAS pour avoir reçu le trophée de Femme Cyber Espoir, décerné par Frédérique LEBRUN ! Votre talent remarquable et votre engagement dans le domaine de la cybersécurité tracent la voie de l’avenir ! 🌟🏆
#ecwd
3
620
Alice Climent retweeted
3 Dec 2024
🚀Contribute to our organization as we provide tools for success, development cohorts and infrastructure for community members! 📚
Link: blacksincyberconf.com/donate
#BlacksInCyber #BlacksInCybersecurity #BIC_CTF #BlackInCyber #LitLikeBIC #GivingTuesday
1
11
21
5,735
@BrHackeuses are finally on Twitter❤️🔥Don't hesitate to follow their account to keep up with the community's activities and news. Let's gooo! ❤️ x.com/BrHackeuses
You can also join us on Discord : discord.gg/Qgpy2qk82Q
1
3
8
795
Alice Climent retweeted
23 Oct 2024
Think of it like ordering a pizza. MOV is like ordering a pizza and receiving the actual pizza itself, whereas LEA is like finding the address your favorite pizza place to order later.
2
3
85
6,957