Elliot Alderson

@fs0c131y

French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho, BJP IT Cell and others. Not completely schizophrenic. Not related to USANetwork.

fs0c131y.com
Joined June 2015
3,427 Photos and videos Photos and videos

You may also like

·

Tweets

You blocked

Are you sure you want to view these Tweets? Viewing Tweets won't unblock

  1. Pinned Tweet
    Nov 19

    My account is now fully setup. If you want to follow me => From today, I will publish my tweets on both platform. If you want to contact me for sensitive stuff use: - Keybase - Email fs0c131y[@]protonmail[.]com - Wire

    6 replies 28 retweets 122 likes
    Show this thread
    Show this thread
  2. 46 minutes ago

    This thread contains great insights on North Korea and is the best thread I saw on the Virgil case

    Hey guys, I see a lot of misconceptions about North Korea underlying a lot of the tweets on it, and I think it's important to understand what makes this country different before you form an opinion on the Virgil situation.
    Show this thread
    1 reply 10 retweets 15 likes
  3. 2 hours ago

    The famous secure XOR encryption

    4 replies 17 retweets 72 likes
  4. Retweeted
    Nov 30

    I'll just leave this here.

    8 replies 123 retweets 322 likes
  5. Retweeted
    11 hours ago

    WW2 resistance in Poland was very well organized (awesome name too: ZWZ.) They had a black propaganda organization that was kept completely secret from the rest of the resistance and the Allies. Their security system of cutouts was so effective they were never penetrated.

    8 replies 50 retweets 207 likes
    Show this thread
    Show this thread
  6. Retweeted
    Nov 30

    A problem infosec has - outside of the rampant misogyny - is that people believe that their opinions are facts. Infosec often doesn't have clear answers. We are terrible at science and parrot untruths. To push a valued member of the community out over an *opinion* is bullshit

    Sucks Azeria ended up deleting her Twitter because a bunch of egotistical jackasses can't accept there is more than one perspective, so instead resulted to personal attacks against her.
    20 replies 83 retweets 514 likes
  7. 4 hours ago

    Le ministère de l’industrie et des Technologies chinoise a imposé une nouvelle réglementation exigeant que les personnes se fassent scanner leur visage lors de leur enregistrement à un service de téléphonie mobile.

    4 replies 17 retweets 19 likes
  8. Retweeted
    Dec 1

    After the leak, I was wondering how to find such forums in general. In my new article, I describe how to start investigations on right-wing extremists from scratch. Starting in and pivoting to many other platforms and channels.

    3 replies 52 retweets 100 likes
  9. Retweeted
    17 hours ago

    FUN FACT (that I was told while I worked there so it may be entirely false): When the National Climatic Data Center was founded to store weather data, they did a study to find the safest city in the US, and the result was Asheville, NC.

    9 replies 40 retweets 206 likes
    Show this thread
    Show this thread
  10. Retweeted
    Nov 29

    TL;DR: do what you want with your bugs, but don't think you're only "saving the bad guys time". You wouldn't believe how stupid and incompetent the average cybercrime actor is (majority can't even code and only use free tools).

    10 replies 36 retweets 227 likes
    Show this thread
    Show this thread
  11. Retweeted
    Nov 30

    Not really piled into the discussion about vulns & PoCs because it's kinda toxic, but anyway here's my take: 1. That discussions in infosec are toxic *is* symptomatic of infosec toxicity in general, so let's look at that. 2. Attacking people asking it is gatekeeping and shitty.

    6 replies 23 retweets 166 likes
    Show this thread
    Show this thread
  12. Nov 30

    4/ It doesn’t mean anything out of context but he has an interest for DPRK, more than an average person

    1 retweet 20 likes
    Show this thread
    Show this thread
  13. Nov 30

    3/ The *lulz*

    1 reply 3 retweets 18 likes
    Show this thread
    Show this thread
  14. Nov 30

    2/ This tweet has aged poorly

    2 replies 2 retweets 18 likes
    Show this thread
    Show this thread
  15. Nov 30

    1/ , a member of the Etherum foundation, has been arrested after giving a talk in a conference in North Korea. He volunteered to attend this conference.

    3 replies 13 retweets 47 likes
    Show this thread
    Show this thread
  16. Nov 30

    Saturday afternoon 😀

    2 replies 3 retweets 68 likes
  17. Retweeted
    Nov 29

    Chongqing after dark

    Photography by Liam Wong of Chongqing, China at night. Two men can be seen on the entrance of a large cruise ship - taken at midnight.
    Photography by Liam Wong of Chongqing, China at night. Two men can be seen on the entrance of a large cruise ship - taken at midnight.
    Photography by Liam Wong of Chongqing, China at night. A wide photograph of a bridge surrounded by bokeh. It Is blue in color.
    15 replies 610 retweets 2,692 likes
  18. Nov 30

    I found this ticket related to my issue but unfortunately the fix is only available in the internal version of BinDiff at . Any plans to release BinDiff 6 soon?

    2 replies 6 likes
    Show this thread
    Show this thread
  19. Nov 30

    In BinDiff, I have this error everytime I’m opening a flow graph. Is it a known issue? How can I debug that? I have IDA pro 7.2 and the latest BinDiff version cc

    3 replies 1 retweet 21 likes
    Show this thread
    Show this thread
  20. Nov 30

    Protip: Giving a conference in DPRK is rarely a good idea. Protip 2: If the FBI told you not to go, you should probably listen to them Protip 3: if you go, don’t say you want to buy another citizenship publicly

    1 reply 9 retweets 40 likes
    Show this thread
    Show this thread
  21. Nov 30

    ., a member of the etherum foundation, has been arrested. He “provided highly technical information to North Korea, knowing that this information could be used to help North Korea launder money and evade sanctions“

    4 replies 30 retweets 81 likes
    Show this thread
    Show this thread
  22. Nov 30

    A hydra is difficult to kill. Hacking Team is back under the name Memento Labs. Business 1 - Ethics 0

    New: I met Paolo Lezzi, the man who bought Hacking Team, about how he plans to build a new surveillance industry powerhouse. Here's some of the company's marketing material, a look into the spyware tools…
    Show this thread
    7 replies 72 retweets 140 likes
  23. Nov 30

    Bald is the new sexy 😘

    3 replies 2 retweets 60 likes
  24. Nov 29

    I guess the conclusion of this question: If you are not happy, do it yourself 😏

    3 replies 3 retweets 34 likes
    Show this thread
    Show this thread
  25. Nov 29

    Hacking a phone with an unanswered phone call is a fantasy for a majority of people. Being able to show it would be super cool and would help to raise security awareness.

    2 replies 7 retweets 54 likes
    Show this thread
    Show this thread
  26. Nov 29

    Don’t get me wrong, I’m convinced that somewhere an exploit dev working for a private company did create an exploit. But why keeping it private? Do you realize how cool a demo of this bug would be? Not only for infosec pros but also for the rest of the world

    4 replies 3 retweets 34 likes
    Show this thread
    Show this thread
  27. Nov 29

    Hi pro, Why nobody publish publicly an exploit for the NSO WhatsApp vulnerability (CVE-2019-3568)?

    5 replies 32 retweets 103 likes
    Show this thread
    Show this thread
  28. Retweeted
    Nov 28

    Happy to announce, I'll be giving the full disclosure talk on & fought hard against & detailing pressure against & myself. Story updates include & next week in London representing

    This is an important story which affects every passenger & aircrew member civilian and military world wide who steps foot on any aircraft & satellite & government which use for thier authentication mechanism for flight control software. Please RT for coverage …
    11 replies 41 retweets 94 likes
  29. Retweeted
    Nov 28

    I heard that somewhere on Twitter a discussion about publishing exploit PoCs arose. Good thing information security is so repetitive, and I can field most discussions by referring to previously written long-form blog posts:

    3 replies 53 retweets 206 likes
    Show this thread
    Show this thread
  30. Retweeted
    Nov 28

    That! I generally don't pitch in on the "responsible PoC disclosure" debate, as I don't actively contribute to the area and rather let or argue (and enjoy learning the arguments). But here is my defender's point of view: 1/

    Developing mitigation requires not just the bug details but also exploit tricks. In many cases the latter is the hard part.
    1 reply 14 retweets 40 likes
    Show this thread
    Show this thread
  31. Nov 29

    Filming in progress

    3 retweets 39 likes
  32. Nov 29

    I took the control of Twitter account, my current client. Follow us!

    KyoLAB is back on Twitter. , our hacker in chief, is taking the control of the account. Follow us for more news!
    2 replies 6 retweets 54 likes
  33. Retweeted
    Nov 27

    The evolution of the truck is here. Guaranteed shatterproof 😬

    1,415 replies 28,094 retweets 106,147 likes
  34. Nov 29

    It’s funny to see that people, when they see a situation like this, directly think it’s a political thing

    2 replies 1 retweet 41 likes
    Show this thread
    Show this thread
  35. Nov 29

    This morning a professional photographer takes photos of me for an upcoming article: A pedestrian stops suddenly, look at us and said « Ah! It’s for the local elections! ». The photographer answered « Yes, but it doesn’t know it yet »

    3 replies 6 retweets 105 likes
    Show this thread
    Show this thread
  36. Nov 29

    ok

    5 replies 4 retweets 68 likes
  37. Retweeted
    Nov 26

    So many details in this WSJ investigation i.e: Hewlett Packard owns 49% of a Chinese surveillance/network firm selling to law enforcement. One client is a Chinese city known for “broad surveillance of residents,” & home to “multiple internment camps.”

    5 replies 127 retweets 119 likes
    Show this thread
    Show this thread
  38. Retweeted
    Nov 28

    Bug bounties and vuln disclosure are trending again. I've found it useful to think of external bug reports as a form of whistleblowing. Someone noticed something wrong with your product/infrastructure and is bringing it to your attention in the hope that you'll address it. 1/n

    1 reply 6 retweets 26 likes
    Show this thread
    Show this thread
  39. Retweeted
    Nov 27

    We downloaded recent content from 151 US city subreddits (Reddit forums), three from each state plus Washington DC, and ran sentiment analysis on the content. This map shows each city colored by the percentage of posts/comments with negative sentiment scores. cc:

    4 replies 46 retweets 104 likes
    Show this thread
    Show this thread
  40. Nov 28

    Is there already a “Mobile Security” newsletter? If not I should create it, do something similar to the excellent ’s newsletter. What do you think? Is there a public for that?

    36 replies 15 retweets 250 likes
  41. Nov 27

    So much choice, thank you all, you are awesome 😍

    3 replies 1 retweet 31 likes
    Show this thread
    Show this thread