Suto @__suto
Cybersecurity | Qrious Secure (@qriousec) & VnSecurity (@vnsec) Joined August 2009-
Tweets340
-
Followers1K
-
Following909
-
Likes4K
Hope you don’t bother with my dirty exploit code.
Very impressive! nearly all major products: virtualizations, all browsers, tesla gonna be wrecked at this year Pwn2own, such a wonderful party!
Very impressive! nearly all major products: virtualizations, all browsers, tesla gonna be wrecked at this year Pwn2own, such a wonderful party!
The first bug from our works in angle has been derestricted.
The first bug from our works in angle has been derestricted.
I've got a memory-safe OpenSSH sshd that just accepted a connection from a memory-safe OpenSSH ssh client. Fil-C is the real deal, y'all. Fuck yeah!
Sandboxing v8 seems very complicated judging by numbers of recent tickets: issuetracker.google.com/issues?q=custo…
Imh, Phrack and Project Zero Blog are the only things a patient engineer needs if they want to be good at hacking!
Imh, Phrack and Project Zero Blog are the only things a patient engineer needs if they want to be good at hacking!
Looks like I accidentally killer s.o 0day (: . Probably not the best idea to drop the write-up just days after the patch, especially since most folks haven't updated yet.
Looks like I accidentally killer s.o 0day (: . Probably not the best idea to drop the write-up just days after the patch, especially since most folks haven't updated yet.
I successfully exploited #V8ctf using CVE-2024-0517, writeup and exploit will be published later. chromereleases.googleblog.com/2024/01/stable…
Additionally, last year our teammate @bienpnn also pwned Linux kernel on kernelCTF with a 0-day, that has been fixed and assigned CVE-2023-4244. So far, we have successfully pwned 2/3 liveCTF hosted by Google. We are going to aim for kvmCTF in the future.
long time no ctf …
Just published "In-depth analysis of the #Emotet packer". A walktrough Emotet packer internals. Using @IntezerLabs and @matalaz KOKA hash algorithm for code comparison. An unpacker is provided using TE (@ReversingLabs) and @yararules. github.com/d00rt/emotet_r…
The journey of exploting a Sharepoint vulnerability vnprogramming.com/index.php/2017…
ChakraCore OOB RW 0.5Day ( Fix Upstream but not latest DLL) Repro:pastebin.com/yzfHErwp Fixed:github.com/Microsoft/Chak…
I wonder why Null pointer deref worth reward? hackerone.com/reports/152232
why this bug doesn't have a domain name? github.com/abdsec/CVE-201…
Foxit Reader 7.3.0 UAF PoC ( Patched in latest version) #DailyBug #Foxit vnsecurity.net/research/2016/…
Ptrace Security GmbH @ptracesecurity
53K Followers 883 Following Empowering IT Security Professionals through Hands-On Online Courses.Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdBien Pham 🇻🇳 @bienpnn
4K Followers 398 Following P (Million Live!) / LoveLiver / Shihainin hackerman at @qriousec & @ProjectSEKAIctf traveling around the world (mostly to 🇯🇵) Tiếng Việt / English / 日本語 范阮玉邊ϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected]Pham Khanh @rskvp93
1K Followers 286 Following Security Engineer at @calif_io. Winner of Pwn2own Vancouver 2021, Torento 2022, Vancouver 2023. MSRC top 100 2019,2020,2021.Richard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHNguyen The Duc @ducnt_
2K Followers 393 Following Just another web warrior ⚔️ Security Researcher ۞ Principal Security Engineer @vngsecresponse ۞ Pwn2Own 2023 ۞ @vnsec squad ۞ 💰https://t.co/wuyz6IfAbA ۞ nano 💻huyna @huyna89
747 Followers 928 FollowingAxel Souchet @0vercl0k
13K Followers 509 Following ¯\_(ツ)_/¯, blogging on https://t.co/36oOc8Mgha and posting codes on https://t.co/P83Oen94Rc.fG! @osxreverser
13K Followers 819 Following Know a thing or two about Reverse Engineering and Economics. Love 911s with three pedals and natural aspirated engines.Joxean Koret (@joxean.. @matalaz
8K Followers 4K Following سمووحخ ̷̴̐ خ ̷̴̐ خ ̷̴̐ خ امارتيخ ̷̴̐ خ 巴斯克恐怖 జ్ఞffective.Power لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗జ بٍٍٍٍََُُُِّّّْرٍٍٍٍََُُِِّّّْآٍٍٍَُّ🦠بٍٍٍٍََُُُِّّّْرٍٍٍٍََُُِchrisrohlf @chrisrohlf
11K Followers 783 Following 🇺🇸 Waging algorithmic warfare since 2003. Software and Security Engineer. Non-Resident Research Fellow @CSETGeorgetown CyberAIHackSys Team @HackSysTeam
10K Followers 555 Following Vulnerability Research, Kernel Exploitation, Reverse Engineering, Exploit Development, Program Analysis, Malware Research, Web, Machine LearningLamScun @LamScun
2K Followers 785 Following Researcher of mobile and web security issues. It's safer in the forest than on the internet.Nicolas Grégoire @Agarri_FR
26K Followers 608 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricksMo0n Sha𝄞ow @null001__
46 Followers 2K FollowingMicaella Langit @langit_micaella
11 Followers 123 Following皇甫泽勋 @huangfuzexun1
2 Followers 91 Followingsferrini @Simone_Ferrini
4K Followers 1K Following *OS Security Researcher. Interested in RE, fuzzing, hardware and low-level binary stuff. Occasional CTF player.Nghi Vi @NghiVi1
21 Followers 104 FollowingCyberRiser @_0100101010011
8 Followers 219 FollowingOwen @owench3rn
0 Followers 50 Followingwisdom michael @wisemike2u
3 Followers 15 Following0xb000bd @0xb000bd
7 Followers 38 Followingemi0x01 @emi0x01
16 Followers 105 Followingnutcracker @nutcracker917
0 Followers 1K FollowingDavid_Jou @DavidJou734
75 Followers 496 Following Penetration Testing | Bounty Hunter|Threat Analysis | Happy WasteRajat Gupta @z3ta_rjt
165 Followers 925 Following Security Research @GaTechCyber | Prev: Security Engg. Intern @QualcommHalvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.George Karchemsky @gkarchemsky
50 Followers 658 FollowingMixHappy @mixhappy_now
5 Followers 167 FollowingNayssaj @_Nayssaj
20 Followers 251 FollowingJ0hn# @J0hnisonline
41 Followers 433 FollowingAdrien Bournat @AdrienBournat
30 Followers 820 FollowingNULL @ok111
8 Followers 681 Followingknock: ) @cdd56656
24 Followers 159 FollowingP4nda @P4nda20371774
2K Followers 405 Following Security researcher at @XuanwuLab | PWN | Learning Browser security Cola enthusiast Tweets are my ownbob @bisomontero
68 Followers 663 Followingmarce @imarcex_
254 Followers 624 Following 20 y/o | OSCP CRTO | maining whitebox web & learning new thingsi @The15thProphet
17 Followers 767 Followinggzobqq @chrome0day
0 Followers 178 FollowingDung Duong @dungdd3832
37 Followers 619 FollowingNobody @Nobody55531248
24 Followers 534 FollowingThomas King - @thomas.. @ThomasKing2014
2K Followers 418 Following Android/Browser Vulnerability Research, Reverse Engineering. Mastodon: @[email protected]@[email protected] @r3tr074
759 Followers 498 Following Security research | https://t.co/0JQ2SjUVJZ founder | CTF pwn/rev @eltctfbr + @r3kapig | yes, I'm the browser guybikot @bik0t
29 Followers 407 Followingzack08110 @zack08110
81 Followers 737 Followinghiepck @hiepNT1331
14 Followers 344 FollowingZero Day Initiative @thezdi
77K Followers 17 Following Trend Micro’s Zero Day Initiative (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdNicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3Bien Pham 🇻🇳 @bienpnn
4K Followers 398 Following P (Million Live!) / LoveLiver / Shihainin hackerman at @qriousec & @ProjectSEKAIctf traveling around the world (mostly to 🇯🇵) Tiếng Việt / English / 日本語 范阮玉邊ϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected]Pham Khanh @rskvp93
1K Followers 286 Following Security Engineer at @calif_io. Winner of Pwn2own Vancouver 2021, Torento 2022, Vancouver 2023. MSRC top 100 2019,2020,2021.Haifei Li @HaifeiLi
7K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.mdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)Richard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHNguyen The Duc @ducnt_
2K Followers 393 Following Just another web warrior ⚔️ Security Researcher ۞ Principal Security Engineer @vngsecresponse ۞ Pwn2Own 2023 ۞ @vnsec squad ۞ 💰https://t.co/wuyz6IfAbA ۞ nano 💻Samuel Groß @5aelo
24K Followers 499 Following V8 Security technical lead. Previously Project Zero. Personal account. Also @[email protected] and https://t.co/aVitnPjBieIvan Fratric 💙💛 @ifsecure
17K Followers 192 Following Security researcher at Google Project Zero. Tweets are my own. Backup @[email protected]huyna @huyna89
747 Followers 928 FollowingIvan Kwiatkowski @JusticeRage
9K Followers 73 Following Lead cyber threat researcher @HarfangLab. Maintainer of Manalyze, Gepetto, and writer. Trolling on a purely personal capacity.Axel Souchet @0vercl0k
13K Followers 509 Following ¯\_(ツ)_/¯, blogging on https://t.co/36oOc8Mgha and posting codes on https://t.co/P83Oen94Rc.David Weston (DWIZZZL.. @dwizzzleMSFT
25K Followers 1K Following Vice President, OS Security and Enterprise @Microsoft || @CISAgov Technical Advisory CommitteeAleksei Kulaev @flat_z
10K Followers 948 Following Console hacker, former Kaspersky Team Lead of Exploits & Network Threat Detection, security researcher. For tips (thx!): https://t.co/VxJMiawFpPSandboxEscaper @big_polar_bear1
2K Followers 281 Following Fan of quadratic residues Former microsoft employee selling windows 0days.Manfred Paul @_manfp
5K Followers 279 Following Maths and cyber and stuff. Playing CTFs with @redrocket_ctf (and @Sauercl0ud). Pwn2Own Vancouver 2020..=2022, 2024. @[email protected]Calif @calif_io
858 Followers 11 Following Calif is a security firm from California, with a mission to defend the world's critical digital infrastructure. We are hiring https://t.co/Kb2bn8lSsP.Mr. Anthony 安東尼 @darkfloyd1014
2K Followers 4K Following VXCON chair @vxresearch | Blackhat Asia & USA /HITB Reviewer | DEFCON speaker/fan | Love animals and bug huntingDARKNAVY @DarkNavyOrg
570 Followers 34 Following Cybersecurity enthusiasts from DARKNAVY. Achieve, Analyze, Attack *Oops.@[email protected] @r3tr074
759 Followers 498 Following Security research | https://t.co/0JQ2SjUVJZ founder | CTF pwn/rev @eltctfbr + @r3kapig | yes, I'm the browser guyCothan @c0th4n
616 Followers 717 Following PhD student in Post-Quantum Cryptgraphy @ CERG GMU | Love Dark Humor | Crypto Player | Code Reverser | Founder of Efiens. https://t.co/YukkBcmQYe, https://t.co/8Z8hh9r5GUĐào Trọng Nghĩa @nghiadt1098
1K Followers 1K Following Pwn2own Vancouver 2021/2022. Pwner at @dfsec_com. Tweets are my own. https://t.co/4Y2w4FalICwildcat @tacbliw
347 Followers 906 Following Security Researcher at @vcslab | CTF player (pwn) of @u0KplusplusDinesh Shetty @Din3zh
2K Followers 1K Following Mobile/IoT/Web security; Trainer & Speaker @BlackHat/DefCon/POC/OWASP/Hackfest...; Day job as Director of Security Engineering; #OSCE #OSCP #OSWE #CCISO...Duc Phan @flyingpassword
672 Followers 786 Following 🇻🇳. RIT grad. Malware Analysis. Vulnerability Research (browsers) 😄😄😄 @\ret2life on the infosec,exchange thing. bruh. like @[email protected] bruhitszn @itszn13
8K Followers 635 Following https://t.co/hjWsukmo1k | Amy | Security researcher | https://t.co/W1SE7NnamG5p4d37 @5p4d37
15 Followers 231 Following1377 High-yield Nukes @buptdsb
883 Followers 998 Following Frontend / Chromium / V8 / Devtools(TTD) / Networking(TCP/QUIC) / ?ttt @tchght
243 Followers 182 Followingcrazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not groupThach Nguyen Hoang �.. @hi_im_d4rkn3ss
2K Followers 293 Following Security Researcher @starlabs_sg. Pwn2Own Mobile 2020, 2021, 2022, 2023. Pwn2Own Vancouver 2022, 2023.Qrious Secure @qriousec
532 Followers 3 Followingcodecolorist@infosec... @CodeColorist
5K Followers 989 Following[email protected].. @0xdea
12K Followers 19 Following When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.AI Cartel @AI_Cartel
4K Followers 4K Following Previously a hacker, but left my job to create a SaaS called AI Cartel. An AI that finds, interviews on the phone and hires humans to do tasks.Nguyen Trung Duc @ducnt114
31 Followers 99 FollowingJustin isME🔺 @justinxxM
183 Followers 447 Following Web3 All-in and Bullish on @Avax! President @Avaland_network 🔺Ian Beer @i41nbeer
49K Followers 144 FollowingJaanus Kääp @JaanusKaap
447 Followers 114 Following Doing security stuff in Clarified Security but tweets are my ownQuan Doan @qdoan95
474 Followers 110 Followingnedwill @NedWilliamson
16K Followers 499 Following Project Zero Researcher Discovered SockPuppet, Soundhax https://t.co/16vegpfPXc✍️🇻🇳 My quick note how to decrypt strings and configuration of #Qakbot #Qbot version 5.0 kienmanowar.wordpress.com/2024/04/24/qui…
This is what UAF looks like with FUGC. This is guaranteed. It'll always trap. No tagging. No probabilities. No shenanigans. No way around it. Your program just gets fugced.
(CVE-2024-3516)[328859176][$10000][ANGLE][Translator]Heap buffer overflow in ANGLE. chromium-review.googlesource.com/c/angle/angle/… @qriousec @__suto
I made my @secwest slides repo public and put a PDF in "releases" github.com/jduck/csw-slid… Feel free to reach out!
More details about the vulnerability I brought to last p2o (which is not success) Many lessons were learnt from this failure Hope it will help someone who’s working as a system admin or a researcher testbnull.medium.com/sharepoint-not…?
I had bad luck with my Pwn2Own attempts this year. Hope I can do better next time. Nonetheless, thank to ZDI for organizing such a great event and congratulations to all other teams who demonstrated their strength.
The security industry is not entirely a failure: red teaming is getting harder and harder. 20 years ago SQL Injection was enough to infiltrate anything. Now we need zero-day vulnerabilities. 60% of our 2023 red teaming engagements required finding and exploiting zero-day bugs.
Microsoft Exchange 2010 Arbitrary User Impersonation blog.calif.io/p/microsoft-ex…
I am pleasure to announce that Janet Tsang and I will be joining the crew for the Black Hat USA 2024 Practical Drone Hacking training, led by the esteemed @vr2wpa and Boris I'm excited to bring my research to the table and contribute to what promises to be an intensive and…
Most people think my Stagefright work was all positive. Underneath the surface, I lost a lot of good friends and caused a lot of resentment. I found that dealing with the press was draining and ultimately I withdrew from the industry for years after. Hindsight is enlightening.
🚨NEW - iSoon & the Chinese cyber mercenary ecosystem 🚨 Going back to my roots with some good old fashioned China cyber analysis @Margin_Research. How is iSoon related to cyber mercenaries, and the Chinese offensive ecosystem? 🧵/ 5 findings: margin.re/2024/02/same-s…
SO HAPPY to announce that the first PhD work of Lianglu Pan @Pa55er6y ("EDEFuzz: A Web API Fuzzer for Excessive Data Exposures") together w/ @shaananc , @tobycmurray , and me @cis_unimelb has been selected for a Distinguished Paper award @ICSEconf. See you in Lisbon this April!!
Intriguing discovery: The iOS kernel vulnerability used in Kaspersky's Operation Triangulation and kfd's smith exploit share the same CVE: CVE-2023-32434. However, it turns out, they're entirely different vulnerabilities. A case of multiple fixes under one CVE? Details to follow:
This is not like log4j, that vector was a 0click and had many ways to RCE logically.
There’re 3 levels w/ understanding the #MonikerLink bug. L1: It’s a 1-click NTLM info-leak only. L2: It could be an attack vector opening the door for e.g. RCE while bypassing PV. L3: Oh! It’s a #log4j -like bug class which could be in many software, and even w/o the click!
Hey, if you're making video game cheats, you might want to consider using your skills for something more worthwhile. There's a lot of problems that need solving. It's better than creating more problems for humanity. Just saying...
I suddenly remember @_tint0's excellent research blog.tint0.com/2021/09/pingin… when reading new ICS SSRF assetnote.io/resources/rese…. It turns out that the underlying issue is also come from Santuario.
Omgggg my first Chrome CVE, a heap overflow in blink memory. Yet trying exploit with a novel cross-cache technique.. news soon :D
(CVE-2024-1283)[1521893 aka 41494860]Heap buffer overflow in Skia(crash when a BMP image contains an unnecessary EOF code). crbug.com/1521893 issues.chromium.org/issues/41494860 chromium-review.googlesource.com/c/chromium/src… @r3tr074