Whoah... $250000
(CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%)
issues.chromium.org/issues/4125787…issues.chromium.org/issues/4125787…
Whoah... $250000
(CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%)
issues.chromium.org/issues/4125787…issues.chromium.org/issues/4125787… https://t.co/g2FWl24wkc
When life gives you tangerines🍊
Intern Lin Ze Wei's task: Port a 2-bug exploit to Pixel 6 Pro
Problem: One bug "doesn't work"
Solution: Make it work with 1 bug
Sometimes the best research comes from working with what you think you have
starlabs.sg/blog/2025/06-s…
I wrote an explained writeup for a windows kernel ctf challenge that came in Sekai Ctf 2024 . The author of the challenge is @bienpnn .
This is a nice challenge for those who want to try windows kernel. I also learnt something new.
Thanks @bienpnn .
nu1lptr0.github.io/2024/10/10/win…
This patch day, Microsoft introduced new garbage collection mechanism in win32k. In addition to the previously introduced type isolation mechanism, there is now garbage collection, making it more difficult to control the heap feng shui.
My VR journey so far is like 4 bugs, 1 doesn't work on the latest version due to unknown fix my MS, 1 bug found by XYZ person at Pwn2Own, 1 bug reported by someone else a bit before me and a new bug that seems to be un-exploitable :(
Sucks to the core but gotta keep going !
My first coin !
A year ago even in my dreams I could have never imagined getting myself one. Had only seen others getting such things.
A huge thing for me and something I'm never gonna forget in my life.
Thanks to Google for making this happen.
Security Research ❤️
2K Followers 3K FollowingPrincipal Engineer at #SamsungResearchAmerica. Member of #TeamAtlanta. DEF CON CTF Winner. My tweets do not reflect the view of Samsung/SRA. A sponsor of 🐻
6K Followers 3K Followingxss0r
Deploying an alert box in a web app is like having a tiny pop-up comedian shout 'Surprise!' whenever you least expect it!
#xss0r #ibrahimXSS #Blindxss0r
18 Followers 133 FollowingDefi is the future ⏰
Daily solidity challenges 🪨
Building new protocols (any one can join to help us with building better future) 💡
637 Followers 12 FollowingThe first conference dedicated to exploring the offensive use of AI. Request an invite at our site. #OffensiveAICon
Oct 5-8, 2025 | Oceanside, San Diego
766 Followers 705 FollowingAdvance-sec platform: is one of the top leaders in research and acquisition of vulnerabilities and 0day exploits.
Email: [email protected]
Wire: @advance_sec
3K Followers 1K FollowingWrite some shit code. CTF with @r3kapig. Do shit security research. Currently at University of California, San Diego. DEFCON 31/32/33 finalist | LOOKING FOR JOB
4K Followers 10 Following@Openwall oss-security mailing list thread summaries, currently maintained by @solardiz. Originally setup and maintained as an automated feed by @eugeneteo.
36K Followers 26 FollowingOfficial Twitter account for the WebKit Open Source Project — the web browser engine that powers Safari and other apps on macOS, iOS, Windows, and Linux.
4K Followers 199 FollowingLong time listener, infrequent tweeter. Head of Project Zero @Google. Views are my own.
Still reading: "Brown Bear, Brown Bear, What Do You See?"