Q5Ca
@_q5ca
Followers
958
Following
3K
Media
17
Statuses
238
Chief Remote Work Officer at @u0Kplusplus
Vietnam
Joined November 2017
Ước 🥹
Blog for ToolShell Disclaimer: The content of this blog is provided for educational and informational purposes only. https://t.co/gT0aoKXkig
#SharePoint #ToolShell
0
0
8
Just a quick reminder: Copilot on https://t.co/eLVLz54TkG ( https://t.co/kp59kwHIFU) is not on scope for bounty 🥲 https://t.co/97nAwrizaT
1
0
13
Congrats @_l0gg! You did the thing I thought was impossible. Hard work pays off 💪
Confirmed!! Dinh Ho Anh Khoa (@_l0gg) of Viettel Cyber Security combined an auth bypass and an insecure deserialization bug to exploit #Microsoft SharePoint. He earns $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OBerlin
0
0
7
Happy to share that my colleague @vudq16 and I will be speaking at PHDays in Moscow 🇷🇺 next week, May 24th. I’ll share a story from one of our red team projects, with techniques to maximize stealth during the operation. Hope to make new connections there:D https://t.co/PkfCZfiT7v
5
4
49
* People ask LLMs to write code * LLMs recommend imports that don't actually exist * Attackers work out what these imports' names are, and create & upload them with malicious payloads * People using LLM-written code then auto-add malware themselves https://t.co/Va9w18RpWu
81
2K
8K
@PeckShieldAlert @peckshield @SlowMist_Team @BlockSecTeam @cz_binance and @0xblvck_ pointed out the exploit block 26864890 has only one transaction. We need some explanation from @ankr ?
0
2
9
Success! dungdm (@_piers2) of Team Viettel (@vcslab) used an uninitialized variable and a UAF bug to exploit Oracle VirtualBox. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own #P2OVancouver
0
10
66
Success! @hoangnx99, @rskvp93, and @_q5ca from Team Viettel (@vcslab) used a 2-bug chain in their attempt against Microsoft Teams. They earn $75,000 and 8 Master of Pwn points.
0
12
58
Success! @testanull of @starlabs_sg was able to execute a 2-bug chain on Microsoft SharePoint. They earn $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OVancouver
5
47
262
Good works 👍 @BlockSecTeam successfully blocked an attack to rescue 2,906 ETH. https://t.co/EcK4GetFKo Then the attacker left a message: https://t.co/XeVyh1GJkV
We blocked an attack on @ParaSpace_NFT and rescued 2900 eth. Please contact us asap. Dmed 45 minutes ago but get no response.
2
5
59
1
40
101
This might be the best compilation of critical issues/exploits from 2022, with explanations. If you want to do good as an auditor make sure you understand how those attacks work. Thanks @patrickd_de this is golden🫡 https://t.co/SDVAWMAuY3
ventral.digital
Ventral Digital LLC is a research and consultancy firm specializing in Information Security and Privacy.
5
39
172
#microsoft #exchange #RCE #tabshell #owassrf #PowerShell #tabexpansion #bugbountytips #viral #xuhuớng
I learned a lot about internal Powershell working when I go through TabShell bug #CVE-2022-41076. Here is the detail https://t.co/lJb7OjPzMj. And a few problems still there and may be need more investigation. with @_q5ca, @hoangnx99
0
0
5
Hi folks, So, anyone has any idea how to make direct contact with the CTFTime team (maybe they’re on holiday) ? Our TetCTF2023 will start in the next 9-10 days but the CTF event is still not listed on CTFTime :'(. (1/2)
4
7
55
Finally, I can use the skills I studied so hard 13 years ago!
0
1
19