REverse_Tactics
@Reverse_Tactics
Followers
796
Following
6
Media
8
Statuses
32
Software reverse engineering & vulnerability discovery company.
Paris, France
Joined May 2022
📢 We're excited to announce our complete training catalog is now live at !.Next up: "Bug Hunting In Hypervisors" at @reconmtl Register here:
0
1
9
Slides and video of our talk at @offensive_con are already online !.Thanks to @Binary_Gecko for the amazing event.
0
12
31
@OnlyTheDuck will also be in @typhooncon in a few weeks to present the second part of the part of our "journey to freedom !"
0
1
2
And that's a wrap for @offensive_con and #Pwn2Own ! We had the best time there and were so glad to reunite with the finest researchers out there. See you next year !.
1
2
14
#Pwn2Own went well for us ! If you are interested in learning about attacking hypervisors, sign up for our incoming training at @reconmtl !
Sweet! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics barely needed a second to demonstrate his exploit against VMware ESXi. He heads off to the disclosure room to provide the details of his work. #Pwn2Own #P2OBerlin
0
0
12
RT @thezdi: A successful collision! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics used 2 bugs to exploit ESXi, but the Use of Uniniti….
0
7
0
It's time for @offensive_con and #Pwn2Own ! Come meet us there and and attend our sessions:. 📅 Fri, May 16 @ 18:45 — Our talk “Journey to Freedom” about escaping VirtualBox during Pwn2Own 2024.📅 Sat, May 17 @ 14:00 — Watch our live VMware ESXi escape attempt ar #Pwn2Own.
0
2
9
Our talk "Journey to Freedom" about our Pwn2Own 2024 VirtualBox escape is coming to @offensive_con ! We will dive deeper into the technical challenges and obstacles we faced. @OnlyTheDuck will break down the key research phases and the exploit's most critical components.
0
2
9
Excited to announce our talk at #TyphoonCon2025: "Journey to freedom"! @OnlyTheDuck will share how we escaped VirtualBox and chained it to Windows kernel LPE at #Pwn2Own 2024. Expect a story-driven session filled with insights from the high-stakes environment of #Pwn2Own !.
🌪️ Speaker Announcement!. Excited to welcome @OnlyTheDuck to the #TyphoonCon2025 Conference lineup!.Join us in Seoul on May 29-30:
0
2
15
Could not dream of a better advertisement for our training "Bug Hunting in Hypervisors" at @reconmtl ! Students will be expected to (almost) do this in one day 😉.More details:
it took me so much time to finish this exploit but I finally did it! my first guest-to-host virtualbox escape is finally ready, using a combination of 2 bugs I can target the latest version :).Eternal thank you to my dear friend Corentin @OnlyTheDuck for constantly encouraging me
0
4
39
For the first time, our training "Bug Hunting in Hypervisors" is open to the public at @reconmtl !.Designed for security researchers,we will dive into VM escapes, hypervisor attack surfaces, and real-world exploitation. More info:
0
5
23
Slides & video from our @GrehackConf talk "Attacking Hypervisors - A Practical Case" are online! Learn how we exploited vulnerabilities to escape VirtualBox during Pwn2Own Vancouver 2024:
0
27
59
Join us live at @GrehackConf for @OnlyTheDuck's talk "Attacking Hypervisors : A practical case" at 4PM (paris time)!
0
4
8
Ready for @GrehackConf ! This Friday, catch @OnlyTheDuck's talk "Attacking Hypervisors: A practical case". If you're attending, Last year's talk is a must-read for background on hypervisor security. Check it out here :
0
4
19
With so many variables in chained exploits and unknown network setups, anything can happen—but we’re thrilled that our tactics worked flawlessly in under 15 seconds across two different devices at #Pwn2Own.
We have a collision in the SOHO Smashup. Corentin BAYET (@OnlyTheDuck) of @Reverse_Tactics used three bugs to go from the QNAP QHora-322 to the QNAP TS-464, but 1 had been previously seen in the contest. He still earns $41,750 and 8.5 Master of Pwn points. #Pwn2Own #P2OIreland
0
0
4
Live from Cork for #Pwn2Own Ireland! Tomorrow at 3PM (Cork time), we will exploit 3 vulnerabilities to compromise both the QNAP QHora322 router and TS-464 NAS in a SOHO smashup. Stay tuned !.
0
0
5
For french readers, we also authored an article titled "Sécurité des hyperviseurs" in the latest issue of MISC N°135, where we explore attack surfaces and virtual machine escape scenarios along with known and previously exploited vulnerabilities:
Notre nouveau numéro s'intéresse entre autres à la sécurité des #hyperviseurs : retrouvez-le désormais en kiosque & sur pour profiter des ports offerts ou de la lecture en ligne immédiate !
0
1
3
Tickets will be on sales tomorrow at 10AM on ! Make sure to grab one and check @OnlyTheDuck last year's talk that introduce all you need to know:
1
4
3
Are you curious about the vulnerabilities we used against @virtualbox at #Pwn2Own earlier this year ? We will be at @GrehackConf to talk about it !.Following up on last year's talk, @OnlyTheDuck will present tools and techniques to find and exploit vulnerabilities in hypervisors.
📢 #GreHack24 program release day 2!. 👤 Corentin Bayet @OnlyTheDuck, for the second time . ➡️ Attacking hypervisors - A practical case. See you tomorrow 🔥.
1
6
11
We are planning to publish more details on the exploit later. In the meantime, make sure to check the other vulnerabilities used at #Pwn2Own on @TheZDIBugs , exploited by other awesome researchers and teams:.@_manfp @carrot_c4k3 @chompie1337 @theori_io @Synacktiv @starlabs_sg.
0
1
8