Paolo Stagno (VoidSec)
@Void_Sec
Followers
5K
Following
3K
Media
231
Statuses
2K
Director of Research @Crowdfense. Windows Vulnerability Researcher and Exploit Developer, ex-@XI_Research
ntoskrnl.exe
Joined November 2013
Another one bite the dust.
The following vulnerabilities have been added to our feed:.- CVE-2025-32756: multiple Fortinet products Buffer Overflow RCE.- CVE-2025-47955: Windows RasMan LPE.- CVE-2025-1758: Kemp LoadMaster Stack Overflow DoS.
0
1
11
RT @crowdfense: Crowdfense is ready for @TheOffensiveX in Athens!.Meet us at our stand to talk 0-days, research and offensive security. Let….
0
2
0
Enjoy these, they’re the only bugs we give away for free. Everything else goes through our bug bounty program 🐛.
Shiny bug stickers? We’ve got them. They’re waiting for you at our stand at @TheOffensiveX, starting tomorrow! 🪲
1
0
7
Touched down in Berlin! So hyped for @offensive_con, who else is here? Let's connect and chat all things VR/ED.
0
1
24
New post from the team!.
Read our newest blog-post on CVE-2024-11477, a buffer overflow vulnerability in 7-Zip's ZSTD decompression algorithm; explore the technical details:
0
4
25
RT @justandrijana: At #SAFACon2025 we hosted the 1st-ever Security Panel to discuss key topics in our industry and it was a great success!….
0
8
0
RT @justandrijana: Taking off to Seoul! See you at #Zer0con2025 in a bit ☺️ @POC_Crew .@f_roncari @lpontorieri @Void_Sec .
0
3
0
Let's go, more weaponized CVEs got added to the feed :).
The following CVEs have been added to our n-day feed:.- CVE-2024-38189: Microsoft Project Improper Input Validation RCE.- CVE-2024-43454 Microsoft Windows Remote Desktop Licensing Service Relative Path Traversal Arbitrary File Deletion.
0
2
16
RT @POC_Crew: [#Zer0Con2025] Gold Sponsor. @crowdfense is the go-to, trusted partner for top-tier zero-day exploits!.Submit your vulnerabil….
0
2
0
Proud of the team and all the work done so far.
Crowdfense's N-Day Vulnerability Intelligence Feed is live! A must-have for red and blue teams, delivering real-time insights and exploit code for actively exploited N-days. Enhance your adversary simulation & stay ahead. 🔗
2
2
24
Totally agree on this take.
"$100,000 for an Office 365 application. Microsoft Office-based targets will have Protected View enabled where applicable". I'm not saying ZDI can't do this (it's their money), but this is really and proven unrealistic (look nobody participated in Office category before). This.
0
2
4
One of the most interesting analysis I've ever seen.
How the NSA (Equation Group) allegedly hacked into China's Polytechnical University 👀. I analysed intelligence reports from Chinese cyber firms (360, Pangu, CVERC) to aggregate TTPs attributed to Equation Group. 🔗
0
1
5
Ah man, amazing! That's a childhood dream.
Another pointless weekend project - a playable version of the old 3DMaze screensaver from Windows 9x. I reverse-engineered the original screensaver binary and added user-input functionality for the controls (and fixed some other minor issues!).
0
0
7
That's amazing! I've always wanted to give it a go but never tried: RCE on GameBoy color.
0
18
66