As promised, we are releasing the source code & writeup for the #OffByOneConf badge 1 month after the event, allowing interested participants the opportunity to explore it. Thanks largely to Manzel, other team members & interns who help to make it happen. https://t.co/t6HUrOa5Ay

Check out my write-up on a seemingly harmless and limited send() in GitHub (CVE-2024-0200) and how it could be used to obtain environment variables from a production container and to achieve remote code execution in GitHub Enterprise Server: https://t.co/jmjTTOxEGY

Route to Safety: Navigating Router Pitfalls is the swansong from @daniellimws https://t.co/QOqAkOhHMz We hope everyone enjoyed his informative post and wish him all the best in his future endeavours.

We are organising a conference on 26th - 27th June 2024 Attention Speakers: Our 2024 Call for Papers is now open! #OffByOne2024? Learn all about it: https://t.co/hsUZ23yYVw

Off-by-One 2024 Conference CFP is now opened! Be part of a historical event and shape the future of offensive security in this region. Submission and speaker benefits https://t.co/96khe0PVR2 If you like to talk to us, drop us a line at info@offbyone.sg

Great to see that some of the bugs that we reported to ICS vendors had been fixed. Thanks to @Peterpan980927 & @CurseRed for CVE-2023-6358 https://t.co/UXcdapQgrR And @testanull for CVE-2023-39474 https://t.co/WHEQ4gjQjL More to come soon.

Several Chamilo RCE detailed analysis from our team member, @Creastery Patches available since September 2023. https://t.co/LQOOByHwUo https://t.co/EDYbywRxT7 https://t.co/AhOzVsQ5VP https://t.co/kKKlBGH78Q https://t.co/9k6lvCbtuZ https://t.co/tvoyhKqVkF

Our team members have spotted another fake account imposing as our team member. This is the fake account: https://t.co/djZSgc7SeE This one belongs to our team member. https://t.co/6UeyOfZuCe

9 Bug reports, 8 CVEs, 7+ months to get these advisories public. Our team member, @CurseRed & (former) intern, @junr0n found multiple vulnerabilities in Bitrix24 (after spending 1month on it) Please read the technical details in the security advisories:

Our team member, @Chocologicall , found 2 vulnerabilities in Dolibarr ERP CRM Please read the security details in the technical advisories here: https://t.co/hVfegknVgm https://t.co/Du541us6vg CVE-2023-4197 & CVE-2023-4198

Awesome work by our team members @testanull @hi_im_d4rkn3ss @linhlhq @tuanit96 & @st424204 for their successful entries https://t.co/TjzpIApRZR https://t.co/er1h4sTAv1 Not forgetting the rest of our team members who attempted to find bugs for P2O amid a hectic schedule

Our team member, @Creastery , & our former intern, @oceankex, prepared this some time ago. "Analysis of NodeBB Account Takeover Vulnerability (CVE-2022-46164)" https://t.co/XEEzSmFANT While writing this, they found another bug https://t.co/bUK1KEJNqh We hope you enjoy it

Do check out this new advisory made public by our team member, @Chocologicall It's CVE-2023-2315, Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 https://t.co/YbtVdVzi53

Awesome research !! 🤘❤️ This remind me a research that I've done 6 years ago on the Trend Micro product family. I specially focused on these PHP bugs👇 https://t.co/21mPqPRcNS

I've finally published the advisories regarding the Trend Micro bugs that I shared at #HITCON! Do check them out at @starlabs_sg's advisory page: https://t.co/kKLXy8oQKa 🏌️‍♂️CVE-2023-32530 is an interesting case of SQLi to RCE:

We have just uploaded the slides by @Chocologicall https://t.co/igHiI9rVOA and by @CurseRed https://t.co/6GK4Opcrha Thanks a lot to @HacksInTaiwan for organising a fantastic conference and our team members are truly honored to participate in it.

Looking forward for the next 2 days! #HITCON

Excited to share my findings with all :)

These bugs are found by our former team member, @PTDuy but it took us a long time/process. We pluck up our courage and ask @minliangtan via FB. Mr Tan replied us instantly & directed us to Razer's security team. We are forever greatly to Mr Tan https://t.co/YX8VUnXuGL

🤩