Ali Ahmad @aahmad097 takes us into the internals of Windows file system mini-filters, focusing on cldflt.sys—driver behind Windows cloud synch. Get a practical look at how cloud sync ops expose potential attack surfaces in the kernel. #RVA #Cyber #Training

We're officially announcing our speakers DistrictCon Year 1! Check out our incredible lineup:

Come learn about bug hunting on File System Minifilters @DistrictCon :)

uh........huh.

[ZDI-25-622|CVE-2025-25268] (Pwn2Own) Phoenix Contact CHARX SEC-3150 Configuration Service Missing Authentication Vulnerability (CVSS 8.8; Credit: HT3 Labs (@ht3labs))

[ZDI-25-621|CVE-2025-25269] (Pwn2Own) Phoenix Contact CHARX SEC-3150 DHCP Configuration Command Injection Remote Code Execution Vulnerability (CVSS 8.8; Credit: HT3 Labs (@ht3labs))

Absolutely marvelous work from Piotr and watchTower team!

Check out this blog post about the Windows Brokering File System :) Hope you all enjoy!

Less than 2 weeks until "Advanced .NET Exploitation" at @reconmtl, as usual, we'll be exploiting 15+ RCEs and and 5 LPEs across multiple enterprise targets, lets chain some bugs! https://t.co/biDIcQi7CT

Writeups are literally just hastily written markdown files converted to HTML, so typos and weird grammar might exist. Most importantly, they have full exploit code.

Our blog is live! Here is our Phoenix Contact exploit from Pwn2Own Automotive 2025 https://t.co/VUBFmDw0s0

Our blog is live! Here's our QNAP exploit from Pwn2Own Ireland https://t.co/fRtlpaicql

Our blog is live! Here's our BeeStation exploit from Pwn2Own Ireland https://t.co/auHYJ2WFun

Interesting bug here ;) https://t.co/ppARSWHaCP

Sup, I'm the guy that hacked the Samsung S24 during Pwn2Own Ireland 2024 I just released a non-beginner Android application security course on Udemy. The course is released under my company, Malicious Erection LLC Check it out here!

Confirmed! The folks from @ht3labs used a missing authentication bug combined with an OS command injection to exploit the Phoenix Contact CHARX. Their 2nd round win nets them $25,000 and 5 Master of Pwn points.

In their #Pwn2Own debut, the team from HT3 Labs (@ht3labs) exploited the Phoenix Contact CHARX SEC-3150. They were nice enough to make Zed an honorary member, too. They head off to the disclosure room to explain themselves. #P2OAuto

mi tink me gwan hack di charx

Tokyo here we come @m40282845 @TheGrandPew @ht3labs

https://t.co/p5DADzpMuo