_tsuro Profile Banner
stephen Profile
stephen

@_tsuro

Followers
10K
Following
2K
Media
42
Statuses
1K

@v8js security, CTFs and CPU vulnz. LCHL. @[email protected]

Zurich, Switzerland
Joined August 2011
Don't wanna be here? Send us removal request.
@_tsuro
stephen
@_tsuro
7 years
My latest Chrome bug just got derestricted. Did you know that floats have a minus zero? Turns out if you forget about it, that can mean RCE :).
9
183
631
@_tsuro
stephen
@_tsuro
9 hours
RT @sirdarckcat: I wrote two challenges for this year's Google CTF. One of them is Circo - A challenge inspired by EntrySign (the AMD ucode….
0
41
0
@_tsuro
stephen
@_tsuro
3 days
RT @5aelo: V8 Security is hiring in Munich, Germany: Great opportunity to work on some really hard and interesting….
0
21
0
@_tsuro
stephen
@_tsuro
24 days
RT @bugscale: Check out our first blog post about V8 CVE-2024-12695:
0
45
0
@_tsuro
stephen
@_tsuro
1 month
RT @mistymntncop: I spoke too soon 😆.
0
4
0
@_tsuro
stephen
@_tsuro
1 month
RT @mistymntncop: Over 6 months and no ITW V8 exploits? Have I spoken too soon?. .
0
1
0
@_tsuro
stephen
@_tsuro
1 month
RT @cor_ctf: 🚨🚨🚨We just broke everyone’s favorite CTF PoW🚨🚨🚨. Our teammate managed to achieve a 20x SPEEDUP on kctf pow through AVX512 on….
0
36
0
@_tsuro
stephen
@_tsuro
2 months
RT @offensive_con: #OffensiveCon25 videos are now up!.
0
170
0
@_tsuro
stephen
@_tsuro
2 months
RT @hosselot: The fix for #Pwn2Own Mozilla Firefox Out-of-bounds access vulnerability when resolving Promise objects (CVE-2025-4920 [196661….
0
5
0
@_tsuro
stephen
@_tsuro
2 months
RT @hosselot: The fix for #Pwn2Own Mozilla Firefox JIT compiler vulnerability when optimizing linear sums (CVE-2025-4921 [1966614]):.https:….
0
10
0
@_tsuro
stephen
@_tsuro
2 months
RT @0dayMarketing: 300 likes and we'll sponsor again next year @offensive_con
Tweet media one
0
4
0
@_tsuro
stephen
@_tsuro
2 months
RT @chompie1337: Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native….
0
239
0
@_tsuro
stephen
@_tsuro
2 months
RT @akrasuski1: My latest Spectre research is now public! See intra-mode BHI CPU vulnerability disclosure and PoC at .
0
9
0
@_tsuro
stephen
@_tsuro
2 months
RT @roddux: No shortage of kernel bugs. :). Kernel 6.6.87 got pwned by 6 unique 0days within 25 seconds of going live on kCTF, lol: https….
0
69
0
@_tsuro
stephen
@_tsuro
3 months
RT @0dayMarketing: THIS IS A GREAT TIME TO BUY 0DAY!!!.
0
3
0
@_tsuro
stephen
@_tsuro
3 months
Senior Software Engineer, V8 Bug Detection: Software Engineer II, V8 Bug Detection:.
0
6
22
@_tsuro
stephen
@_tsuro
3 months
V8 Security is hiring in Warsaw!. If you want to work on improving our JavaScript and Wasm fuzzers, check out the links below!.
2
26
91
@_tsuro
stephen
@_tsuro
4 months
RT @roddux: I find myself repeating this a bit, so fuck it, here's how to get into an unprivileged namespace on Ubuntu 24.04/24.10. PSA: l….
0
157
0
@_tsuro
stephen
@_tsuro
4 months
RT @eternalsakura13: Exploit Chrome once again :)
Tweet media one
Tweet media two
0
15
0
@_tsuro
stephen
@_tsuro
5 months
RT @cffsmith: I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Was….
0
107
0
@_tsuro
stephen
@_tsuro
5 months
RT @_MatteoRizzo: Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!.
0
291
0