Congrats to Orange (@orange_8361) for making @PortSwigger’s Top 10 Web Hacking Techniques again — and to splitline (@_splitline_) for the debut. #1 Confusion Attacks — Apache HTTP Server. #4 WorstFit — Windows ANSI. #DEFCON

RT @orange_8361: Thanks @PortSwigger and @BugBountyDEFCON for this awesome event — and also to my @d3vc0r3 buddies for standing on stage to….

How tough is the @offsectraining #OSEE exam? . Orange (@orange_8361) lays out his exam-prep journey, personal reflections, and the key lessons from the EXP-401 (AWE) course. Explore the full story (TC) here:

#Ubuntu’s new AppArmor-based sandbox aimed to limit untrusted access to user namespaces & io_uring. But it wasn’t foolproof. Pumpkin (@u1f383)’s latest blog shows how he bypassed it—covering the issue, technical details & reporting process. #Linux

@offsectraining Correction: this is one of the few EXP-401 sessions in Asia.

OffSec Live Training returns to Taipei on 18–22 Aug!. There will be five days of intensive learning led by @offsectraining instructors, covering EXP-401 (OSEE), PEN-300 (OSEP), and WEB-300 (OSWE). It’s Asia’s only EXP-401 in 2H 2025—don’t miss it.👉

Check out Nini's (@terrynini38514) blog on his experience with the #OffSec EXP-401 course and #OSEE certification exam!. We'll be hosting EXP-401 again in Taipei, alongside PEN-300 and WEB-300. Don’t miss out!.

Our latest deep dive explores research on Windows Kernel Streaming. Check out Angelboy’s (@scwuaptx) write-up for key insights and analysis. Read more here: #VulnerabilityResearch #Cybersecurity #WindowsKernel #OffensiveCon.

RT @thezdi: We have another collision. Although Angelboy (@scwuaptx) from DEVCORE Research Team successfully demonstrated their privilege e….

RT @thezdi: Our first confirmation of #Pwn2Own Berlin! Pumpkin (@u1f383) from DEVCORE Research Team used an integer overflow to escalate pr….

Angelboy (@scwuaptx) will give a talk at #OffensiveCon this week!. Following his deep dive into Kernel Streaming vulnerabilities, this week, Angelboy will unveil a new set of bug classes discovered through his research on one of the most common input sources – webcam frames.

Big congrats to @terrynini38514 on earning Taiwan’s First OffSec OSEE Certification 🙌 . After completing Taiwan’s first OffSec Live Training EXP-401 in August last year, NiNi from our research team has officially passed the OSEE exam! . #OffSec.

Based on last year’s talk at #DEVCORECONFERENCE, our Red Team expert XY breaks it all down in a new blog. over 50% of organizations still have risky AD CS setups—and yes, full domain takeover is still happening. Read more: #CyberSecurity #RedTeam #ADCS.

DEVCORE CONFERENCE 2025 wrapped, from red team assessment roots to now featuring satellite security, PhaaS, cloud security, exploit hunting and more. Huge thanks to our guest speakers Echo, John, Ashley, GD, and Vic Huang for sharing their cutting-edge research!. #cybersecurity

Our latest deep dive explores libarchive vulnerabilities under recent Windows 11 updates. 🔍🔓. Check out NiNi's (@terrynini38514) technical write-up for key insights and security implications. Read more here: #VulnerabilityResearch.#Cybersecurity.

🤘Congrats Orange(@orange_8361) and Splitline(@_splitline_) on making it to 2024 Top 10 Web Hacking Techniques!. Check out their groundbreaking research:

Congrats to @terrynini38514 on his debut at the 38th Chaos Communication Congress (CCC)!. He’ll be presenting “From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11,” diving into several vulnerabilities in libarchive—including a RCE exploit.#38c3

This month, @orange_8361 and @_splitline_ revealed a new attack surface at #BHEU, uncovering Windows's deepest Unicode Transformer with wide impacts on well-known applications and OSS projects. Explore the pre-release site while we prepare the full blog:

Angelboy (@scwuaptx) takes the CODE BLUE stage in Japan with his latest insights into Windows Kernel vulnerabilities. Don’t miss it!. #MSRC #VulnerabilityResearch #codeblue_jp.

#POC2024 kicks off this week! 🚀. Catch Pumpkin (@u1f383)’s debut talk on his breakthrough exploitation technique from #Pwn2OwnVancouver2024: "How I use a novel approach to exploit a limited OOB on Ubuntu at Pwn2Own Vancouver 2024". #VulnerabilityResearch #Ubuntu #CyberSecurity.