Công Thành Nguyễn
@ExLuck99
Followers
435
Following
137
Media
6
Statuses
31
Pwner, gacha player and meme maker.
Hanoi, Vietnam
Joined November 2021
Confirmed! ChatGPT helped Team ANHTUD as they used 3 bugs - 1 collision, 1 unique SSRF and 1 cleartext storage of sensitive information - to exploit Home Automation Green. They finished with just 45 seconds remaining. Their work earns them $16,750 and 3.75 Master of Pwn points.
2
6
88
Blog for ToolShell Disclaimer: The content of this blog is provided for educational and informational purposes only. https://t.co/gT0aoKXkig
#SharePoint #ToolShell
10
84
246
Sadly, I can't get to Berlin in time for P2O. So, just stay at home with an <(´= ⩊ =`)> elf in my Triton console. Good luck to all contestants out there.
2
0
15
🧵 Mega thread on RF, SDR, ham radio, and signal hacking: I've been writing educational posts and threads on these topics. To help finding them easier, I will put all the links here. And I will link the new threads to the bottom of this meta thread every time I write one. 0/n
13
92
616
Confirmed! We were definitely thrilled to see @ExLuck99 and @greengrass19000 of ANHTUD use a command injection bug to exploit the Alpine IVI and leave us a special message. Their round 2 win earns them $10,000 and 2 Master of Pwn points. #P2OAuto
0
1
13
Thanks you and good luck.
The #Pwn2Own schedule is out. Compass folks will show off their exploit Thursday, January 23th, 10:00 Swiss time (CET). Also wishing @_moradek_, @moe_hw, @konatabrk, @vcslab, @EQSTLab, @kiddo_pwn, @ExLuck99, @nyanctl, @SinSinology, @SummoningTeam success in pwning the Alpine IVI.
0
0
2
Collision – ANHTUD was able to execute a 2-bug chain against the TP-Link Omada Gigabit Router and the Canon imageCLASS MF753Cdw for the SOHO Smashup. However, one of the bugs he used was previously known. He still earns $31,250 and 6.25 Master of Pwn points. #Pwn2Own
0
6
12
Success! Team Viettel (@hoangnx99, @vudq16, @biennd279, @_q5ca from @vcslab) were able to execute a single-bug attack against the Xiaomi 13 Pro. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own
0
19
118
Sometimes bug disclosures go smoothly. Then there are other times. @dustin_childs discusses some of the adventures in vulnerability disclosure in his latest blog.
zerodayinitiative.com
The Zero Day Initiative (ZDI) is the world’s largest vendor-agnostic bug bounty program. That means we purchase bug reports from independent security researchers around the world in Microsoft...
0
14
37
A long day with so many emotions. Nearly failed in the morning. Found the solution at noon. Another vendor problem in the afternoon. Fix it at night. Finally success. Keep trying util the last minute. Thanks for our team 👍👍👍
#P2OVancouver Day 2 Highlights – Team Viettel (@vcslab) uses a 2-bug chain against Microsoft Teams. #Pwn2Own
5
2
60
https://t.co/Le5UrIqg7u: makes reverse engineering Android apps easier
3
79
201
If you enjoy sailing the sea, beware! @MajorTomSec has found a critical security vulnerability in @RaftSurvivaGame, allowing 0-click RCE on any online player. The vendor has remained silent for 5 months, so here are the details: https://t.co/oqW4u4VIpM
7
58
136
This was really a cool 2-bug chain which lead to RCE on Microsoft Exchange Server: - https://t.co/WuEdu9dWVZ - https://t.co/jsJplHfpaE We also rced Exchange Online. Great work from @rskvp93 <3 Follow him for upcoming blogs #tabshell
MSRC released the patch for our "TabShell" vulnerability ( https://t.co/5vlDHIlX02). This is a nice bug chain to RCE Exchange on-premises, Exchange Online, Skype for Business Server (may be SFB Online+Teams too but can't find its powershell remote endpoint) with @_q5ca @hoangnx99
0
57
165