Huge thanks to @offsectraining for bringing such intensive and high-level training to Taiwan. 5 days, 3 courses: EXP-401, WEB-300, PEN-300. Proud to see participants push through and even earn the rare OffSec Coin. Looking forward to more in the future! 🔥

Congrats to Orange (@orange_8361) for making @PortSwigger’s Top 10 Web Hacking Techniques again — and to splitline (@_splitline_) for the debut. #1 Confusion Attacks — Apache HTTP Server https://t.co/WPUSs8SHf8 #4 WorstFit — Windows ANSI https://t.co/A3sxYFZKZy #DEFCON

Thanks @PortSwigger and @BugBountyDEFCON for this awesome event — and also to my @d3vc0r3 buddies for standing on stage to collect the trophy for me! A little follow-up article on this research is coming soon... stay tuned! 🤘

How tough is the @offsectraining #OSEE exam? Orange (@orange_8361) lays out his exam-prep journey, personal reflections, and the key lessons from the EXP-401 (AWE) course. Explore the full story (TC) here: https://t.co/y2cUODtJbZ

#Ubuntu’s new AppArmor-based sandbox aimed to limit untrusted access to user namespaces & io_uring. But it wasn’t foolproof. Pumpkin (@u1f383)’s latest blog shows how he bypassed it—covering the issue, technical details & reporting process. https://t.co/XoMa3KpnRR #Linux

@offsectraining Correction: this is one of the few EXP-401 sessions in Asia.

OffSec Live Training returns to Taipei on 18–22 Aug! There will be five days of intensive learning led by @offsectraining instructors, covering EXP-401 (OSEE), PEN-300 (OSEP), and WEB-300 (OSWE). It’s Asia’s only EXP-401 in 2H 2025—don’t miss it 👉 https://t.co/1ZZrmjS9zH

Check out Nini's (@terrynini38514) blog on his experience with the #OffSec EXP-401 course and #OSEE certification exam! https://t.co/25GMgcPhQe We'll be hosting EXP-401 again in Taipei, alongside PEN-300 and WEB-300. Don’t miss out! https://t.co/1ZZrmjS9zH

Our latest deep dive explores research on Windows Kernel Streaming. Check out Angelboy’s (@scwuaptx) write-up for key insights and analysis. Read more here: https://t.co/tx4ywZS3YT #VulnerabilityResearch #Cybersecurity #WindowsKernel #OffensiveCon

We have another collision. Although Angelboy (@scwuaptx) from DEVCORE Research Team successfully demonstrated their privilege escalation on Windows 11, 1 of the 2 bugs he used was known to the vendor. He still wins $11,250 and 2.25 Master of Pwn points. #Pwn2Own

Our first confirmation of #Pwn2Own Berlin! Pumpkin (@u1f383) from DEVCORE Research Team used an integer overflow to escalate privs on Red Hat Linux. He earns $20,000 and 2 Master of Pwn points. #P2OBerlin

Angelboy (@scwuaptx) will give a talk at #OffensiveCon this week! Following his deep dive into Kernel Streaming vulnerabilities, this week, Angelboy will unveil a new set of bug classes discovered through his research on one of the most common input sources – webcam frames.

Big congrats to @terrynini38514 on earning Taiwan’s First OffSec OSEE Certification 🙌 After completing Taiwan’s first OffSec Live Training EXP-401 in August last year, NiNi from our research team has officially passed the OSEE exam! #OffSec

Based on last year’s talk at #DEVCORECONFERENCE, our Red Team expert XY breaks it all down in a new blog. over 50% of organizations still have risky AD CS setups—and yes, full domain takeover is still happening. Read more: https://t.co/gn6x2cGY5o #CyberSecurity #RedTeam #ADCS

DEVCORE CONFERENCE 2025 wrapped, from red team assessment roots to now featuring satellite security, PhaaS, cloud security, exploit hunting and more. Huge thanks to our guest speakers Echo, John, Ashley, GD, and Vic Huang for sharing their cutting-edge research! #cybersecurity

Our latest deep dive explores libarchive vulnerabilities under recent Windows 11 updates. 🔍🔓 Check out NiNi's (@terrynini38514) technical write-up for key insights and security implications. Read more here: https://t.co/MUb7koMIrw #VulnerabilityResearch #Cybersecurity

🤘Congrats Orange(@orange_8361) and Splitline(@_splitline_) on making it to 2024 Top 10 Web Hacking Techniques! Check out their groundbreaking research:

Congrats to @terrynini38514 on his debut at the 38th Chaos Communication Congress (CCC)! He’ll be presenting “From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11,” diving into several vulnerabilities in libarchive—including a RCE exploit.#38c3

This month, @orange_8361 and @_splitline_ revealed a new attack surface at #BHEU, uncovering Windows's deepest Unicode Transformer with wide impacts on well-known applications and OSS projects. Explore the pre-release site while we prepare the full blog: https://t.co/TFExJUhKeX

Angelboy (@scwuaptx) takes the CODE BLUE stage in Japan with his latest insights into Windows Kernel vulnerabilities. Don’t miss it! #MSRC #VulnerabilityResearch #codeblue_jp