k0shl
@KeyZ3r0
Followers
7K
Following
960
Media
29
Statuses
605
Our slide is online: Glad to share our pre-auth DoS & RCE bug hunting research at #BHUSA! Thanks @BlackHatEvents for the pre-recording, as we couldn’t attend in person this time for personal reasons. Questions? DM us @vv474172261 @XiaoWei___ @edwardzpeng
7
57
182
RT @5aelo: We released our Fuzzilli-based V8 Sandbox fuzzer: It explores the heap to find interesting objects and c….
github.com
This is a basic fuzzer for the V8 Sandbox. It uses the memory corruption API to implement a random-but-deterministic (given a seed) traversal through the V8 heap object graph and corrupts some obje...
0
73
0
Turn old photos into videos and see friends and family come to life. Try Grok Imagine, free for a limited time.
721
1K
5K
Well. Happy to be on the MVRs annual list again and again — twice in a year 😂! Ended up #11. Thanks @msftsecresponse and congrats all!.
Our previously published Most Valuable Researchers (MVR) leaderboard contained inaccuracies due to technical issues on our end. We apologize for the error and have since resolved the issue. We’re now sharing a fully refreshed and accurate leaderboard. The Microsoft Researcher
2
0
20
RT @BlackHatEvents: During #BHUSA Briefing "Diving into Windows HTTP: Unveiling Hidden Preauth Vulnerabilities in Windows HTTP Services," w….
0
1
0
Happy to make list again! Thank you @msftsecresponse and congrats all!.
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers by discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s
1
1
24
RT @BlackHatEvents: In #BHUSA Briefings "Diving into Windows HTTP: Unveiling Hidden Preauth Vulnerabilities in Windows HTTP Services" where….
0
3
0
Excited to announce our talk has been accepted by.@BlackHatEvents #BHUSA!🥳🥳🥳.In my part of presentation, I’ll cover logic-based pre-auth remote vulnerabilities uncovered via novel abuse of Windows native HTTP API. Can't wait to see y'all in Las Vegas!.
11
19
154
RT @deepsec_cc: [Official Announcement]: 2025 IS COMING!!!. This is a community-driven, non-profit information secu….
0
11
0
RT @vv474172261: I'm unable to join the conference Insomni’hack 2025, so I write a part of content into a blog, hope you enjoy my blog. htt….
0
39
0
RT @starlabs_sg: We are publishing less here now. But here is a recent post by @Tuan_Linh_98 & lots of guidance by @cplearns2h4ck . https:/….
starlabs.sg
Executive Summary CVE-2024-26230 is a critical vulnerability found in the Windows Telephony Service (TapiSrv), which can lead to an elevation of privilege on affected systems. The exploit leverages a...
0
44
0
RT @starlabs_sg: Think you’ve got what it takes to pop shells and snag your ticket to. @REverseConf and @offbyoneconf ? 😏..
0
45
0
Received my MVR swag box at the last day of 2024, thank you @msftsecresponse ! And happy new year you all!
2
1
27
RT @starlabs_sg: 🎄 All I Want for Christmas is a CVE-2024-30085 Exploit 🎄.As always, we at @starlabs_sg are sharing what we learnt. This ti….
starlabs.sg
TLDR CVE-2024-30085 is a heap-based buffer overflow vulnerability affecting the Windows Cloud Files Mini Filter Driver cldflt.sys. By crafting a custom reparse point, it is possible to trigger the...
0
50
0
RT @FuzzySec: I have posted the slides for the talk @chompie1337 and I gave this past weekend at @h2hconference -> The Kernel Hacker’s Guid….
0
219
0
Finally received my PwnieAwards @PwnieAwards and a cute letter from @chompie1337 , thank you and @FuzzySec for congratulations and international delivery, it's definitely a milestone in my hacker's career. Just stay hungry and keep hunting!
5
9
157
I definitely had some discussions with MSRC during this quarter period, I reported some logical based issues and shared how them work and why with them. Thanks MSRC and bounty team for their understanding, quick response and kind help as always.😄.
1
0
22
I'm happy to get BEST RCE as my first pwnie awards! A new archievement in my career. Thanks @PwnieAwards and CONGRATS to all pwnies, same to my friend @chompie1337 🥳🥳🥳.
Congrats @KeyZ3r0.
1
8
100
Glad to be #15 on overrall list and #6 on Windows list, thanks MSRC and bounty team as always. Congrats all on the list!.
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers by discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s
3
0
28
Nice work! I'm glad that my blog post could be a little helpful in inspiring the discovery of such a beautiful bug.😃😃.
I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out:
1
1
25
Excited to be nominated for the Best RCE of 2024 Pwnie Awards🥰.
🚨We are very pleased to announce the nominees for the 2024 Pwnie Awards! Be sure to tag your friends and catch us at Def Con! 🚨. 🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇.
4
4
65