Lays Profile
Lays

@_L4ys

Followers
4K
Following
10K
Media
39
Statuses
2K

Co-Founder @TrapaSecurity & @pwnabletw/ MSRC Top 100 2019&2020 / Mobile & Windows Security

台灣
Joined January 2015
Don't wanna be here? Send us removal request.
@_L4ys
Lays
@_L4ys
1 year
A bit late, but here's the talk I gave last year at CODE BLUE and HITCON, about the 20+ Trend Micro Apex One LPE that @0x000050 and I disclosed.
Tweet media one
7
33
142
@_L4ys
Lays
@_L4ys
9 days
RT @starlabs_sg: One of our current intern, @goatmilkkk shared his Chrome-atic escape adventure using CVE-2024-30088.Epic obstacles documen….
0
55
0
@_L4ys
Lays
@_L4ys
9 days
RT @immortalp0ny: Today we released write up about vulnerability that I found and which was patched recently in NTFS.sys CVE-2025-49689. En….
0
98
0
@_L4ys
Lays
@_L4ys
16 days
RT @mistymntncop: Mini Writeup of CVE-2025-6554. POC by @DarkNavyOrg. All errors in writeup my own.
0
35
0
@_L4ys
Lays
@_L4ys
18 days
RT @th3anatomist: 🚨 We got RCE on Solana 🚨.Finally revealing FULL details about the RCE vulnerability we found 2 years ago. Found it. Lost….
0
33
0
@_L4ys
Lays
@_L4ys
22 days
RT @u1f383: A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it!.
0
113
0
@_L4ys
Lays
@_L4ys
23 days
RT @msftsecresponse: File system redirection has long been a tool for attackers seeking privilege escalation. RedirectionGuard, a new Windo….
0
26
0
@_L4ys
Lays
@_L4ys
23 days
RT @__winn: 🚨 NEW PAPER on the 0day Supply Chain 🚨: .I gathered open source data & interviewed Gov employees, VR and China researchers to f….
0
66
0
@_L4ys
Lays
@_L4ys
24 days
RT @MSFTBlueHat: At BlueHat India 2025, George Hughey (@ecthr0s), Senior Security Research Manager at Microsoft, walked through how MSRC tu….
0
3
0
@_L4ys
Lays
@_L4ys
29 days
RT @FuzzySec: It’s unfortunate that there is such wide spread ignorance of Windows (obviously you can do this easily in cmd and ps). Window….
0
4
0
@_L4ys
Lays
@_L4ys
29 days
RT @AdmVonSchneider: Experimenting with #BinExport builds for @HexRaysSA IDA Pro 9.1:.(macOS currently broken).
0
6
0
@_L4ys
Lays
@_L4ys
1 month
RT @_xpn_: My second blog post of the month is up. Nothing too crazy, this time I’m looking at the upcoming Windows Administrator Protectio….
0
67
0
@_L4ys
Lays
@_L4ys
1 month
RT @netsecurity1: 🚨 Interested in Windows kernel exploitation?.Our @sstic 2025 talk on the Shadow Stack implementation in the Windows kerne….
0
62
0
@_L4ys
Lays
@_L4ys
1 month
RT @jsrailton: 🚨NEW INVESTIGATION: We just forensically unmasked #Paragon's Apple spyware. Zero-click targets: Journalists. In 🇪🇺Europe.….
0
275
0
@_L4ys
Lays
@_L4ys
1 month
RT @Synacktiv: Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromi….
0
264
0
@_L4ys
Lays
@_L4ys
1 month
RT @Synacktiv: The "Objective-C helper" IDA plugin presented during the @sth4ck talk "Demystifying Objective-C internals" given by @v1csec….
0
21
0
@_L4ys
Lays
@_L4ys
1 month
RT @GoogleVRP: 🚨 Heads up for web devs! 🚨 . The HTML spec just got an important update to protect against mutation XSS (mXSS). Find out ho….
0
59
0
@_L4ys
Lays
@_L4ys
1 month
RT @ret2systems: What does it take to hack a @Sonos Era 300 for Pwn2Own? . Take a look at our process of adapting existing research, establ….
0
46
0
@_L4ys
Lays
@_L4ys
1 month
Released my small IDA plugin for finding low-hanging fruit vulnerabilities, a global cross reference list for hexrays.
Tweet media one
2
53
271
@_L4ys
Lays
@_L4ys
1 month
RT @d3vc0r3: OffSec Live Training returns to Taipei on 18–22 Aug!. There will be five days of intensive learning led by @offsectraining ins….
0
4
0
@_L4ys
Lays
@_L4ys
1 month
RT @_jaelkoh: The slides for @offensive_con talk "Hunting for overlooked cookies in Windows 11 KTM and baking exploits for them" by @saidel….
0
43
0