Twitter | Search | |
meh
Pwning in HITCON; Security Researcher of DEVCORE
233
Tweets
88
Following
2,551
Followers
Tweets
meh retweeted
publiclyDisclosed Aug 10
Twitter disclosed a bug submitted by orange: - Bounty: $20,160
Reply Retweet Like
meh Aug 9
and I have published the full details of pre-auth RCE on Fortigate SSL VPN! The next one for Pulse Secure SSL VPN is on the way. Stay tuned! Also, thanks everyone for coming!
Reply Retweet Like
meh retweeted
Orange Tsai  🍊 Aug 9
Just drop the RCEs, slides( will fix soon) and blog of and me's and talk - Infiltrating Corporate Intranet Like NSA: Pre-auth RCE on Leading SSL VPNs! Please check that and let us know if you have any questions!
Reply Retweet Like
meh retweeted
pwnable.tw Aug 8
See you in DEFCON
Reply Retweet Like
meh retweeted
Orange Tsai  🍊 Aug 7
Oh my god! Best server side bug of 2019, with our CTF and DEVCORE pwning queen
Reply Retweet Like
meh retweeted
Orange Tsai  🍊 Jul 17
Appetizer for our and talk ! and I will cover more hard-core exploitations, crazy bugs chains and SSL VPN 0days in our incoming presentation! Please look forward to it :P
Reply Retweet Like
meh retweeted
Orange Tsai  🍊 Jul 8
and I will present at this year! See you there :P
Reply Retweet Like
meh retweeted
Angelboy Jul 6
Here is my challenge in WCTF 2019. 
 Hope everyone can learn more windows heap from this challenge. About windows 10 NT heap I only write Chinese version slide, I will release an English version soon.
Reply Retweet Like
meh retweeted
DEVCORE Jun 21
Is it possible to install IDA Pro without owning installation password? Sure, why not?
Reply Retweet Like
meh retweeted
Orange Tsai  🍊 Jun 11
Achievement unlocked! Got RCE and the highest bounty on Twitter bug bounty program XD
Reply Retweet Like
meh retweeted
Orange Tsai  🍊 May 8
It's my honor to present at again! and I will show our research and disclose pre-auth RCEs on at least 3 leading SSL VPN vendors!
Reply Retweet Like
meh retweeted
Hossein Lotfi May 5
Nice writeup+(0x41414141) PoC for Mozilla Firefox HTML5 Stream Parsing Use-after-free Vulnerability (CVE-2018-18500) by Yaniv Frank from :
Reply Retweet Like
meh retweeted
Andy Nguyen Apr 26
chromacity: Escaping the VM with newlines. My write-up of the challenge by .
Reply Retweet Like
meh retweeted
dukeBarman Apr 24
Our research team published the Guide to the world of AFL fuzzers
Reply Retweet Like
meh retweeted
quarkslab Apr 17
[BLOG] Reverse-engineering Broadcom wireless chipsets by The long and good trip of an intern, then the long and sad disclosure timeline of 5 vulnerabilities. Thx to we dont know what is vulnerable...
Reply Retweet Like
meh retweeted
Charles Fol Apr 8
EXPLOIT for CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation
Reply Retweet Like
meh retweeted
Matthew Brennan Mar 24
Wow! China Airport face recognition systems to help you check your flight status and find the way to your gate. Note I did not input anything, it accurately identified my full flight information from my face!
Reply Retweet Like
meh retweeted
Orange Tsai  🍊 Mar 22
A few months passed. Finally got another pre-auth RCE on a larger SSL VPN target! From pre-auth file reading -> crack the user hash -> to poke the buffer overflow on the admin interface! It's time to organize the content and send to the call for paper now!
Reply Retweet Like
meh retweeted
iblue Mar 18
So, that's CVE-2019-5418. Accept: ../../../../../../../../../etc/passwd{{ (And we might see more fun involving the PathResolver in the future :))
Reply Retweet Like
meh retweeted
Orange Tsai  🍊 Mar 13
A Wormable XSS on HackMD! (Sorry, it's only in Chinese)
Reply Retweet Like