Joined July 2014
- Tweets 454
- Following 87
- Followers 383
- Likes 1,547
53 Photos and videos
π Rapid7 Labs, alongside our MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group #LotusBlossom.
Find a deep technical analysis of the custom backdoor 'Chrysalis', Notepad , Warbird, and more in our latest blog: r-7.co/4kaerPA
6
92
306
23,058
Stiv Kupchik retweeted
Jan 22
1
1
3
496
Stiv Kupchik retweeted
22 Dec 2025
πΈπππππ πππ ππππππππ ππππππππππππ πππ πππππ π’πππ ππππππππ ππ ππππ ππ πππ [ππ]πΏπππππππ ππππππ ππππππππ ππ π·π½:πΉπΆ
luma.com/sz60odsv
@itayhzn
@gadievron
@kupsul
@oryair1999
@IdaVass1
2
3
285
4 Dec 2025
We're out of stealth!
(Posts, blogs and public presentations notwithstanding)
4 Dec 2025
Weβre excited to launch Lumia Security!
Backed by $18M in seed funding, weβre building the AI Usage Control platform that helps enterprises stay in control as AI and autonomous agents accelerate.
Follow along. Big things ahead.
lumia.security/blog/lumia-agβ¦
#AIsecurity #EnterpriseAI
4
819
12 Nov 2025
My first post for @LumiaSecurity is out!
When I joined, I didn't know a thing about AI, so I targeted its client applications instead, for my first security research.
Introducing AIKatz - stealing the auth tokens from LLM clients to impersonate the user.
lumia.security/blog/aikatz
ALT An image of a black cat with red pupils staring at the viewer menacingly. The background shows ruins of a city, in a post-apocalyptic settings
1
2
205
12 Nov 2025
MSRC told us that we need to cross the user boundary for a CVE, but that would probably be a CVE in Chromium, not Copilot.
Instead, I did find a DLL Hijack attack on the Electron client, but it's Intel's graphics issue, which simply wasn't patched yet -.-
1
1
158
12 Nov 2025
We did get an acknowledgment from MITRE though, as they added our writeup as a case study, and also updated their ATLAS matrix with new techniques accordingly
97
6 Aug 2025
My talented colleague @teller_1337 just finished his #BlackHat presentation, and released a blog accompanying it as well!
Wanna know what Apple Intelligence reports to Apple about you behind the scenes? Read on!
lumia.security/blog/applestoβ¦
Or catch him at DefCon
#BlackHat2025 #Apple
1
3
333
15 May 2025
Thought I found a cool new vulnerability in an Intel driver.
Nope, someone already disclosed it in 2023(!) and it simply wasn't patched yet...
No bounty for me today π
3
188
Stiv Kupchik retweeted
30 Mar 2025
Interesting writeup by @0xLupin about how he pwned Gemini to leak very sensitive parts of Google's source code including how they classify user data π₯
landh.tech/blog/20250327-we-β¦
#LLM #bugbountytips #bugbounty
4
30
140
10,883
Stiv Kupchik retweeted
9 Mar 2025
So... I just simply asked Manus to give me the files at "/opt/.manus/", and it just gave it to me, their sandbox runtime code...
> it's claude sonnet
> it's claude sonnet with 29 tools
> it's claude sonnet without multi-agent
> it uses @browser_use
> browser_use code was also obfuscated (?)
> tools and prompts jailbreak
220
760
6,869
2,626,089
6 Mar 2025
So apparently Claude Computer Use can leak its own API key, with a very basic phishing.
Also, just like a person would, it ignore browser warning that the site might be insecure π
ALT A screenshot from Claude Computer Use console. On the left, a part of Claude's reasoning where it says that it'll submit its API token via a GET request, and the output of the curl command it ran to do so. On the right, the access log from the malicious webserver, showing that it received the API token
6
539
Stiv Kupchik retweeted
5 Mar 2025
Excited to share that I'll be presenting my research on VBS enclaves at the upcoming @BlueHatIL ! Registration is now openβhope to see you there!
microsoftrnd.co.il/bluehatilβ¦
2
1
11
419
Stiv Kupchik retweeted
2 Mar 2025
Everything I learned about Prompt Injection Attacks in last 2 years is here in this guide. This should be your stepping stone to the field of AI Red Teaming.
Link in comments π
10
126
613
41,229
Stiv Kupchik retweeted
28 Feb 2025
Achieving RCE in famous Japanese chat tool with an obsolete Electron feature by @ryotkak
flatt.tech/research/posts/esβ¦
8
44
3,001
Stiv Kupchik retweeted
25 Feb 2025
Running malware in an isolated region, out of the reach of EDRs and security analysts? Sign me up!
Today we shared my research on VBS enclave abuse, the full details are here:
akamai.com/blog/security-resβ¦
Virtualization-based security isolates critical OS components from malwareβbut what if attackers flipped the script?
In this blog, @oridavid123 explores how VBS enclaves can be weaponized to execute untouchable malware. Full details:
akamai.com/blog/security-resβ¦
ALT The differences between normal user mode and IUM API calling processes
1
10
63
8,061
Stiv Kupchik retweeted
11 Feb 2025
Another day, another set of FortiGate vulnerabilities.
This time - a potential RCE, alongside a DOS vulnerability that could brick your device.
Check out this awesome research by the amazing @nachoskrnl:
akamai.com/blog/security-resβ¦
RCE is bad. DoS is bad. PermaDoS? Reallllly bad. Well, in our latest research by @nachoskrnl we got them all π³
Read the full journey Ben took from choosing a target to discovering how an unauthenticated attacker can lead to DoS and RCE in FortiOS.
akamai.com/blog/security-resβ¦
1
10
636
Stiv Kupchik retweeted
6 Feb 2025
My 10k-word writeup on exploiting a heap-overflow in Llama.cpp's RPC Server's Tensor-operation to RCE. This by far is one of the most challenging but fun exploitation I've ever researched on.
retr0.blog/blog/llama-rpc-rcβ¦
4
104
439
54,760
Stiv Kupchik retweeted
The first blog in our educative cryptomining trilogy is live! π₯³
From the fundamentals of blockchain to a comprehensive appendix of potential cryptomining coins and their value to an attacker, you'll hit the jackpot reading this one.
akamai.com/blog/security-resβ¦
ALT Comparison of relevant cryptocoins for cryptominer use
7
12
1,933