cbayet
@OnlyTheDuck
Followers
2K
Following
1K
Media
9
Statuses
399
Security expert and CTO @Reverse_Tactics
Joined April 2017
RT @GoogleVRP: Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and….
bughunters.google.com
Curious to hear about our experience exploiting Retbleed (a security vulnerability affecting modern CPUs)? Then check out this post to see how we pushed the boundaries of Retbleed exploitation and...
0
50
0
Love the top-bottom approach of this blogpost ! A great way to explain internals in my opinion, and the kind of reference you look when you're trying to exploit a heap bug. Also glad to see that our paper (with @paulfariello) of 2020 is still relevant !.
Good morning! Just published a blog post diving into Windows Kernel Pool internals: basics, memory allocation functions, internal structures, and how Segment Heap, LFH, and VS work.
0
2
14
Jet lag hit hard but still really enjoyed @typhooncon, Seoul and meeting new friends 😁.
@typhooncon is already over, but we enjoyed every minute ! During our talk "Journey To Freedom", we disclosed for the first time the details on the Windows LPE we used at Pwn2Own Vancouver 2024 after escaping from VirtualBox. Slides are already available:
0
0
11
RT @typhooncon: 🌪️ Back from lunch just in time to escape VirtualBox and unchaining objects in the Windows Kernel with Corentin Bayet https….
0
6
0
RT @Reverse_Tactics: Slides and video of our talk at @offensive_con are already online !.Thanks to @Binary_Gecko for the amazing event.http….
0
12
0
Had a blast at @offensive_con and #Pwn2Own ! Going to sleep now, but not for long. .
And that's a wrap for @offensive_con and #Pwn2Own ! We had the best time there and were so glad to reunite with the finest researchers out there. See you next year !.
2
1
20
RT @thezdi: Sweet! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics barely needed a second to demonstrate his exploit against VMware ESX….
0
10
0
RT @Reverse_Tactics: It's time for @offensive_con and #Pwn2Own ! Come meet us there and and attend our sessions:. 📅 Fri, May 16 @ 18:45 — O….
0
2
0
So proud to speak for the first time @offensive_con ! Excited to be there and meet the finest researchers 🍻.
Our talk "Journey to Freedom" about our Pwn2Own 2024 VirtualBox escape is coming to @offensive_con ! We will dive deeper into the technical challenges and obstacles we faced. @OnlyTheDuck will break down the key research phases and the exploit's most critical components.
0
1
16
RT @typhooncon: 🌪️ Speaker Announcement!. Excited to welcome @OnlyTheDuck to the #TyphoonCon2025 Conference lineup!.Join us in Seoul on May….
0
4
0
RT @SinSinology: it took me so much time to finish this exploit but I finally did it! my first guest-to-host virtualbox escape is finally r….
0
135
0
If you see hypervisors as magic black boxes that are hard to break, join us to this training and learn to apply your reverse, bug hunting and exploit knowledge to build VM escapes !.
For the first time, our training "Bug Hunting in Hypervisors" is open to the public at @reconmtl !.Designed for security researchers,we will dive into VM escapes, hypervisor attack surfaces, and real-world exploitation. More info:
0
12
31
GG @SinSinology !!.
And that��s a wrap! #Pwn2Own Automotive 2025 is complete. In total, we awarded $886,250 for 49 0-days over the three day competition. With 30.5 points and $222,250 awarded, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) is our Master of Pwn. #P2OAuto
0
0
5
RT @Reverse_Tactics: Slides & video from our @GrehackConf talk "Attacking Hypervisors - A Practical Case" are online! Learn how we exploite….
0
28
0
RT @Reverse_Tactics: Join us live at @GrehackConf for @OnlyTheDuck's talk "Attacking Hypervisors : A practical case" at 4PM (paris time)! h….
0
4
0
RT @Reverse_Tactics: Ready for @GrehackConf ! This Friday, catch @OnlyTheDuck's talk "Attacking Hypervisors: A practical case". If you're a….
0
4
0