swing
@bestswngs
Followers
3K
Following
1K
Media
35
Statuses
335
Security Researcher Focus on PWN/Reverse https://t.co/OFy100ZZri Blog: https://t.co/yRv3acwHEJ
Joined July 2016
RT @orange_8361: Turns out my #PHRACK article is live! 🔥. > The Art of PHP — My CTF Journey and Untold Stories!. Kinda a love letter to tho….
0
186
0
RT @watchtowrcyber: Are we bleeding out? Enjoy our analysis of CitrixBleed 2, aka CVE-2025-5777 - the "new" Citrix NetScaler Memory Leak vu….
labs.watchtowr.com
Before you dive into our latest diatribe, indulge us and join us on a journey. Sit in your chair, stand at your desk, lick your phone screen - close your eyes and imagine a world in which things are...
0
79
0
RT @DarkNavyOrg: Our Black Hat USA 2025 talk, "What's NEXT in Security: Adversarial Review of HarmonyOS NEXT", has been made public. https….
0
22
0
😰 对比了下 Cusor 和 Trae 的用户协议, 然后再搜索了一下 Embedding inversion 的相关文献,在 Trae 没有隐私模式的情况下,我是不太想用. 图1: Cusor的用户协议: 图2: Trae 海外版本用户协议.
1
0
12
The previous version of the image was compressed, and I re-uploaded a version. 🥲.
1
0
4
It’s a pleasure to present our research at the Off by One conference. 🤩.
WeiMing Shi (@bestswngs) and GaoJu Yang (@chumen777) - security researchers from @ChaitinTech; along with @fxc233233, shares the attack surface analysis of ASUS router devices, provide review of some key historical vulnerabilities. and more!. More info:
1
2
26
如果真的是一个恶意的项目(MCP),怎么避免提示词注入导致绕过扫描呢? 😛. 同样的 test代码, 图一检测出来有风险, 加了点提示词注入, 图二无风险
Very nice 👍 .基于AI Agent驱动AI-Infra-Guard V2版本,实现对工具投毒、数据窃取、命令注入等9类MCP服务常见安全风险的一键智能检测。.
2
1
18
RT @Horizon3Attack: Just finished reproducing CVE-2025-32433 and putting together a quick PoC exploit — surprisingly easy. Wouldn’t be shoc….
0
138
0
RT @stephenfewer: We have just published our AttackerKB @rapid7 Analysis of CVE-2025-22457, an unauth stack buffer overflow in Ivanti Conne….
attackerkb.com
On April 3, 2025, Ivanti published an advisory for CVE-2025-22457, an unauthenticated remote code execution vulnerability due to a stack based buffer overflow.…
0
72
0
RT @n132XxX: We(@bestswngs @leommxj and me) found a memcpy bug one year ago. This bug allows arbitrary adderess write whenthe third paramet….
0
5
0
这个洞在之前分析 CVE-2025-0282的时候我就注意到了. 写不出来利用😅
Ivanti, Connect Secure, a pledge, and CVE-2025-22457 - the jokes write themselves sometimes. Enjoy, and happy Friday - speak Monday ;-).
2
8
112
RT @itszn13: Claude reversing a binary using Binary Ninja via MCP while I get a snack. @bl4sty.@ziyadedher.@vector35
0
203
0
RT @LiveOverflow: You have something cool to share? Don't forget the CFP for Phrack's 40th anniversary!
0
74
0