Cindʎ Xiao 🍉
@cxiao.net
professional strings(1) operator
rust reverse engineering training -> @decoderloop.com
she/her or they/them
🏳️🌈😎
personal account! views are mine.
https://cxiao.net
https://infosec.exchange/@cxiao
rust reverse engineering training -> @decoderloop.com
she/her or they/them
🏳️🌈😎
personal account! views are mine.
https://cxiao.net
https://infosec.exchange/@cxiao
Pinned
Cindʎ Xiao 🍉
@cxiao.net
· 26d
Decoder Loop | Reverse Engineering Training
Decoder Loop | Reverse Engineering Training
decoderloop.com
🦀 I am starting a training firm, @decoderloop.com, focused on providing Rust Reverse Engineering training! decoderloop.com
We hope to come to a conference near you next year. Stay notified on training dates: Follow us at @decoderloop.com, or join our mailing list: decoderloop.com/contact/#tra...
We hope to come to a conference near you next year. Stay notified on training dates: Follow us at @decoderloop.com, or join our mailing list: decoderloop.com/contact/#tra...
Reposted by Cindʎ Xiao 🍉
My new blog post 🥳
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting
It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥
www.huntandhackett.com/blog/improvi...
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting
It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥
www.huntandhackett.com/blog/improvi...
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting
This blog post explains the basics of Ancillary Function Driver API and how it can help explore networking activity on Windows systems.
www.huntandhackett.com
May 15, 2025 at 9:38 AM
My new blog post 🥳
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting
It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥
www.huntandhackett.com/blog/improvi...
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting
It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥
www.huntandhackett.com/blog/improvi...
Reposted by Cindʎ Xiao 🍉
I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🐛
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
November 10, 2025 at 9:04 PM
I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🐛
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Reposted by Cindʎ Xiao 🍉
New Policy Analysis: Europe's cybersecurity heavily relies on the United States.
My key points:
1. Europe's dependencies on the US in the field of cybersecurity extend well beyond software updates, SaaS, and cloud services and would persist even if a EuroStack were developed. /1
My key points:
1. Europe's dependencies on the US in the field of cybersecurity extend well beyond software updates, SaaS, and cloud services and would persist even if a EuroStack were developed. /1
November 6, 2025 at 8:19 AM
New Policy Analysis: Europe's cybersecurity heavily relies on the United States.
My key points:
1. Europe's dependencies on the US in the field of cybersecurity extend well beyond software updates, SaaS, and cloud services and would persist even if a EuroStack were developed. /1
My key points:
1. Europe's dependencies on the US in the field of cybersecurity extend well beyond software updates, SaaS, and cloud services and would persist even if a EuroStack were developed. /1
Reposted by Cindʎ Xiao 🍉
The global cybersecurity ecosystem is highly dependent on the US. Germany & Europe should take targeted measures to reduce this dependency and protect cybersecurity in Europe, writes @alexandrapaulus.bsky.social @swp-intsecurity.bsky.social: www.swp-berlin.org/publikation/...
November 7, 2025 at 10:14 AM
The global cybersecurity ecosystem is highly dependent on the US. Germany & Europe should take targeted measures to reduce this dependency and protect cybersecurity in Europe, writes @alexandrapaulus.bsky.social @swp-intsecurity.bsky.social: www.swp-berlin.org/publikation/...
Reposted by Cindʎ Xiao 🍉
Thank you for your interest in Decoder Loop & #rustlang reverse engineering training so far!
This Friday, November 7th, join us at Ringzer0 COUNTERMEASURE, in Ottawa, Canada, where @cxiao.net will present the workshop "Reversing a (not-so-) Simple Rust Loader": ringzer0.training/countermeasu...
This Friday, November 7th, join us at Ringzer0 COUNTERMEASURE, in Ottawa, Canada, where @cxiao.net will present the workshop "Reversing a (not-so-) Simple Rust Loader": ringzer0.training/countermeasu...
WORKSHOP: Reversing a (not-so-) Simple Rust Loader // Cindy Xiao
Rust can be challenging for even experienced reverse engineers. We will reverse a simple Rust malware loader found in the wild with obfuscated strings and a decoy payload, making it a good example for...
ringzer0.training
November 3, 2025 at 3:30 PM
Thank you for your interest in Decoder Loop & #rustlang reverse engineering training so far!
This Friday, November 7th, join us at Ringzer0 COUNTERMEASURE, in Ottawa, Canada, where @cxiao.net will present the workshop "Reversing a (not-so-) Simple Rust Loader": ringzer0.training/countermeasu...
This Friday, November 7th, join us at Ringzer0 COUNTERMEASURE, in Ottawa, Canada, where @cxiao.net will present the workshop "Reversing a (not-so-) Simple Rust Loader": ringzer0.training/countermeasu...
if u want a high quality curated source of news relevant to defenders, LOOK AT THIS SITE
October 25, 2025 at 5:11 AM
if u want a high quality curated source of news relevant to defenders, LOOK AT THIS SITE
Reposted by Cindʎ Xiao 🍉
Reposted by Cindʎ Xiao 🍉
The amazing @cxiao.net is offering training at decoderloop.com for
#Rust #Malware #ReverseEngineering 😱
Her insight is absolutely priceless, she's taught me all I know about this. If you are organizing an event: This is the state-of-the-art training you are looking for.
#Rust #Malware #ReverseEngineering 😱
Her insight is absolutely priceless, she's taught me all I know about this. If you are organizing an event: This is the state-of-the-art training you are looking for.
Decoder Loop | Reverse Engineering Training
Decoder Loop | Reverse Engineering Training
decoderloop.com
October 17, 2025 at 6:32 AM
The amazing @cxiao.net is offering training at decoderloop.com for
#Rust #Malware #ReverseEngineering 😱
Her insight is absolutely priceless, she's taught me all I know about this. If you are organizing an event: This is the state-of-the-art training you are looking for.
#Rust #Malware #ReverseEngineering 😱
Her insight is absolutely priceless, she's taught me all I know about this. If you are organizing an event: This is the state-of-the-art training you are looking for.
🦀 I am starting a training firm, @decoderloop.com, focused on providing Rust Reverse Engineering training! decoderloop.com
We hope to come to a conference near you next year. Stay notified on training dates: Follow us at @decoderloop.com, or join our mailing list: decoderloop.com/contact/#tra...
We hope to come to a conference near you next year. Stay notified on training dates: Follow us at @decoderloop.com, or join our mailing list: decoderloop.com/contact/#tra...
Decoder Loop | Reverse Engineering Training
Decoder Loop | Reverse Engineering Training
decoderloop.com
October 17, 2025 at 2:09 PM
🦀 I am starting a training firm, @decoderloop.com, focused on providing Rust Reverse Engineering training! decoderloop.com
We hope to come to a conference near you next year. Stay notified on training dates: Follow us at @decoderloop.com, or join our mailing list: decoderloop.com/contact/#tra...
We hope to come to a conference near you next year. Stay notified on training dates: Follow us at @decoderloop.com, or join our mailing list: decoderloop.com/contact/#tra...
Reposted by Cindʎ Xiao 🍉
Close your eyes and ✨imagine:
From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.
Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.
From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.
Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
October 5, 2025 at 12:14 AM
Close your eyes and ✨imagine:
From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.
Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.
From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.
Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.
🦀 New Rust reversing article! Let's look at a simple loader for an infostealer, distributed via a "can you try my game" scam on Discord. But it's Rust, so is it really simple? This malware has some twists!
cxiao.net/posts/2025-0...
#malware #rustlang #infosec #ReverseEngineering #MalwareAnalysis
cxiao.net/posts/2025-0...
#malware #rustlang #infosec #ReverseEngineering #MalwareAnalysis
Reversing a (not-so-) Simple Rust Loader
Reversing a Rust infostealer loader from a Discord fake game scam.
cxiao.net
August 17, 2025 at 3:43 PM
🦀 New Rust reversing article! Let's look at a simple loader for an infostealer, distributed via a "can you try my game" scam on Discord. But it's Rust, so is it really simple? This malware has some twists!
cxiao.net/posts/2025-0...
#malware #rustlang #infosec #ReverseEngineering #MalwareAnalysis
cxiao.net/posts/2025-0...
#malware #rustlang #infosec #ReverseEngineering #MalwareAnalysis
Reposted by Cindʎ Xiao 🍉
Microsoft has released security updates that protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770 & CVE-2025-53771. We’re actively working on updates for SharePoint 2016. Get updated guidance & detection details: msft.it/6010sDzSE
July 21, 2025 at 2:16 AM
Microsoft has released security updates that protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770 & CVE-2025-53771. We’re actively working on updates for SharePoint 2016. Get updated guidance & detection details: msft.it/6010sDzSE
Reposted by Cindʎ Xiao 🍉
We have updated this blog with more guidance and shipped the out of band patch for SharePoint Subscription edition. The team is working around the clock to ship patches for supported SharePoint editions - SP2019/SP2016. Please follow along on the blog for updates on those patches/other guidance.
msrc.microsoft.com/blog/2025/07...
Microsoft is aware of active attacks targeting on-premises SharePoint Server customers. The attacks are exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770.
SharePoint Online in Microsoft 365 is not impacted
Microsoft is aware of active attacks targeting on-premises SharePoint Server customers. The attacks are exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770.
SharePoint Online in Microsoft 365 is not impacted
Customer guidance for SharePoint vulnerability CVE-2025-53770 | MSRC Blog
| Microsoft Security Response Center
Customer guidance for SharePoint vulnerability CVE-2025-53770
msrc.microsoft.com
July 20, 2025 at 10:51 PM
We have updated this blog with more guidance and shipped the out of band patch for SharePoint Subscription edition. The team is working around the clock to ship patches for supported SharePoint editions - SP2019/SP2016. Please follow along on the blog for updates on those patches/other guidance.
July 20, 2025 at 10:16 PM
Good post on the #CVE-2025-53770 RCE in Sharepoint, under active exploitation
research.eye.security/sharepoint-u...
research.eye.security/sharepoint-u...
SharePoint Under Siege: ToolShell Mass Exploitation (CVE-2025-53770)
Eye Security uncovers active exploitation of CVE-2025-53770 on vulnerable SharePoints, affecting on-prem deployments globally. Get technical IOCs, threat analysis, cryptographic key exfiltration detai...
research.eye.security
July 20, 2025 at 10:12 PM
Good post on the #CVE-2025-53770 RCE in Sharepoint, under active exploitation
research.eye.security/sharepoint-u...
research.eye.security/sharepoint-u...
Reposted by Cindʎ Xiao 🍉
We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg (on X) to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange.bsky.social
July 14, 2025 at 1:00 PM
We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg (on X) to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange.bsky.social
Reposted by Cindʎ Xiao 🍉
With the Insurrection Act looming, now is the time to learn how it might unfold and the strategic ways to respond — including the power of ridicule, writes @daniel-hunter.bsky.social.
What to do if the Insurrection Act is invoked?
With the Insurrection Act looming, now is the time to learn how it might unfold and the strategic ways to respond.
wagingnonviolence.org
April 4, 2025 at 5:38 PM
With the Insurrection Act looming, now is the time to learn how it might unfold and the strategic ways to respond — including the power of ridicule, writes @daniel-hunter.bsky.social.
Reposted by Cindʎ Xiao 🍉
SCOOP: The State Department's new reorganization plan includes the opening of an "Office for Remigration," a term popularized by far right extremists and neo-Nazis in Europe. The office will coordinate directly with DHS "to advance the President’s immigration agenda."
My report:
My report:
State Department set to launch ‘Office of Remigration’
The concept of remigration has explicitly neo-Nazi roots and has been popularized in Europe.
www.thehandbasket.co
May 29, 2025 at 9:03 PM
SCOOP: The State Department's new reorganization plan includes the opening of an "Office for Remigration," a term popularized by far right extremists and neo-Nazis in Europe. The office will coordinate directly with DHS "to advance the President’s immigration agenda."
My report:
My report:
Reposted by Cindʎ Xiao 🍉
Thank you @botconf.infosec.exchange.ap.brid.gy for the warm welcome and for giving Suw and I the opportunity to share our research on WIZARD SPIDER’s crypters! We had a great time connecting with everyone, hearing amazing ideas, and catching up with both new and familiar faces. Until next time!
May 24, 2025 at 7:35 AM
Thank you @botconf.infosec.exchange.ap.brid.gy for the warm welcome and for giving Suw and I the opportunity to share our research on WIZARD SPIDER’s crypters! We had a great time connecting with everyone, hearing amazing ideas, and catching up with both new and familiar faces. Until next time!
Reposted by Cindʎ Xiao 🍉
Don’t miss Cindy Xiao’s talk on Reconstructing Rust Types from RE//verse 2025 if you’re dealing with Rust in your day to day. It’s one worth adding to your watchlist: youtu.be/SGLX7g2a-gw?...
May 23, 2025 at 10:19 PM
Don’t miss Cindy Xiao’s talk on Reconstructing Rust Types from RE//verse 2025 if you’re dealing with Rust in your day to day. It’s one worth adding to your watchlist: youtu.be/SGLX7g2a-gw?...
🦀 Hi Rust reversing fans - the recording of my talk at @re-verse.io: Reconstructing Rust Types: A Practical Guide for Reverse Engineers, is available for you to watch!
www.youtube.com/watch?v=SGLX...
#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec
www.youtube.com/watch?v=SGLX...
#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec
RE//verse 2025: Reconstructing Rust Types: A Practical Guide for Reverse Engineers (Cindy Xiao)
YouTube video by RE-verse Conference
www.youtube.com
May 23, 2025 at 5:07 PM
🦀 Hi Rust reversing fans - the recording of my talk at @re-verse.io: Reconstructing Rust Types: A Practical Guide for Reverse Engineers, is available for you to watch!
www.youtube.com/watch?v=SGLX...
#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec
www.youtube.com/watch?v=SGLX...
#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec
Reposted by Cindʎ Xiao 🍉
I have been working on this non-stop for a few days. It's LUA playground with syntax highlighting and a full alpine linux vm running in WASM in your browser, hosted on github.
noctonic.github.io/lua-playgrou...
noctonic.github.io/lua-playgrou...
May 23, 2025 at 12:49 AM
I have been working on this non-stop for a few days. It's LUA playground with syntax highlighting and a full alpine linux vm running in WASM in your browser, hosted on github.
noctonic.github.io/lua-playgrou...
noctonic.github.io/lua-playgrou...
Reposted by Cindʎ Xiao 🍉
/1
I don’t know how many folks will show up Sunday, but we’re gonna have a blast.
We’ll kick things off with a short presentation covering the basics of intrusion analysis and the investigative mindset. Then it’s straight into DFIR Labs where you’ll walk through a real intrusion step by step.
I don’t know how many folks will show up Sunday, but we’re gonna have a blast.
We’ll kick things off with a short presentation covering the basics of intrusion analysis and the investigative mindset. Then it’s straight into DFIR Labs where you’ll walk through a real intrusion step by step.
May 23, 2025 at 1:28 AM
/1
I don’t know how many folks will show up Sunday, but we’re gonna have a blast.
We’ll kick things off with a short presentation covering the basics of intrusion analysis and the investigative mindset. Then it’s straight into DFIR Labs where you’ll walk through a real intrusion step by step.
I don’t know how many folks will show up Sunday, but we’re gonna have a blast.
We’ll kick things off with a short presentation covering the basics of intrusion analysis and the investigative mindset. Then it’s straight into DFIR Labs where you’ll walk through a real intrusion step by step.
Reposted by Cindʎ Xiao 🍉
For those who missed it, our good friend @cxiao.net did a 3hr workshop on reverse engineering Rust at NorthSec 2025 and the workshop recording can be found here: www.youtube.com/live/XE9g2Tg...
NorthSec 2025 - Workshop Salle de la Commune - Jour 1
YouTube video by NorthSec
www.youtube.com
May 21, 2025 at 12:05 PM
For those who missed it, our good friend @cxiao.net did a 3hr workshop on reverse engineering Rust at NorthSec 2025 and the workshop recording can be found here: www.youtube.com/live/XE9g2Tg...