Thach Nguyen Hoang π»π³
@hi_im_d4rkn3ss
Followers
3K
Following
3K
Media
1
Statuses
889
Security Researcher @starlabs_sg. Pwn2Own Mobile 2020, 2021, 2022, 2023. Pwn2Own Vancouver 2022, 2023, 2024, 2025.
Joined March 2019
This year had two ESXi attempts, and I was lucky to go first. I was nervous, but unlike last year, everything went well. Huge thanks to the ZDI team for the setup support, and to my friends and colleagues for the moral boost π.
Oh my! In a #Pwn2Own first, Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG was able to go from guest to host on #VMware ESXi. Amazing work. He's off to the disclosure room to provide the details. #P2OBerlin
20
9
191
RT @opzero_en: 101 Chrome Exploitation β Part 0: Preface . We are starting a new series on modern browsers' architecture and their exploitaβ¦.
0
70
0
RT @xvonfers: A toolkit to turn Chromium vulnerabilities into full-chain exploits. From BSidesLuxembourg 2025."Browβ¦.
0
46
0
RT @scwuaptx: Thrilled to share our latest deep dive into Windows Kernel Streaming!.Just presented this research at @offensive_con. Checkβ¦.
devco.re
In-depth research into Windows Kernel Streaming vulnerabilities, revealing MDL misuse, buffer misalignment, and exploitation techniques used in CVE-2024-38238 and others.
0
82
0
RT @offensive_con: Congrats to @gerrard_tai , @hi_im_d4rkn3ss and the @starlabs_sg team for winning the first #Pwn2OwnBerlin! https://t.co/β¦.
0
12
0
RT @kind_k11rwhale: Part 2 of the Fuzzilli IR series explores Opcodes.swift, Operation.swift, Program.swift, and Variable.swift. With the gβ¦.
rpc.kr
A deep dive into the core IR components of Fuzzilli, focusing on Opcodes.swift, Operation.swift, Program.swift, Variable.swift. This post is the second in the series exploring the IR internal...
0
14
0
RT @kind_k11rwhale: A deep dive into the core IR components of Fuzzilli, focusing on Analyzer.swift, Blocks.swift, and Context.swift. Thisβ¦.
rpc.kr
A deep dive into the core IR components of Fuzzilli, focusing on Analyzer.swift, Blocks.swift, and Context.swift. This post kicks off a series exploring the internal structure of Fuzzilli's IR.
0
27
0
RT @xvonfers: [$20000](CVE-2024-12693)[382190919][maglev]Array OOB access in the maglev phi untaggingoptimization is now open with PoC: .htβ¦.
0
10
0
RT @0x10n: The most elegant V8 Wasm Turboshaft typer exploit that I've reported. This primitive converts **any** Wasm type confusion in **aβ¦.
0
42
0
RT @starlabs_sg: Think youβve got what it takes to pop shells and snag your ticket to. @REverseConf and @offbyoneconf ? π..
0
44
0
RT @starlabs_sg: π All I Want for Christmas is a CVE-2024-30085 Exploit π.As always, we at @starlabs_sg are sharing what we learnt. This tiβ¦.
starlabs.sg
TLDR CVE-2024-30085 is a heap-based buffer overflow vulnerability affecting the Windows Cloud Files Mini Filter Driver cldflt.sys. By crafting a custom reparse point, it is possible to trigger the...
0
49
0
RT @eternalsakura13: My first V8 sandbox bypass vulnerability has been fixed, and I will continue to discover more.
0
40
0
RT @POC_Crew: #POC2024.Nguyα»
n HoΓ ng ThαΊ‘ch(@hi_im_d4rkn3ss) - VMware Workstation: Escaping via a New Route - Virtual Bluetooth π https://t.cβ¦.
0
10
0
RT @DimitriFourny: My V8 vulnerability CVE-2019-5790 is now public (Heap buffer overflow in the V8 language parser)
0
79
0
RT @zerodaylinks: [Browser Exploitation] Insightful little analysis of v8 CVE-2024-7965: .PoC: .
github.com
This repository contains PoC for CVE-2024-7965. This is the vulnerability in the V8 that occurs only within ARM64. - bi-zone/CVE-2024-7965
0
32
0
RT @samwcyo: New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed aβ¦.
0
998
0
RT @hackyboiz: [Research] Hyper-V 1-day Class: CVE-2024-38127.μ΄λ² μ°κ΅¬κΈλ Hyper-V LPE μ·¨μ½μ λΆμμ
λλ€. CVE-2024-38127μ patch diffing, pocμ λν΄ λ€λ£¨μμ΅λλ€β¦.
hackyboiz.github.io
Introduction μλ
νμΈμ, pwndoreiμ
λλ€. μ΄λ²μλ μ΄κΉμμ΄ Hyper-V 1-day μ·¨μ½μ λΆμκΈλ‘ λμμμ΅λλ€. μ΄λ² λ¬μ λμ¨ μ·¨μ½μ μ μλκ³ μ λ² λ¬μ 곡κ°λ CVE-2024-38127μ΄λ μ·¨μ½μ μ
λλ€. μ΄λ² λ¬μλ DoS μ·¨μ½μ μ΄ νλ 곡κ°λμλλ° μκ°μ΄ λλ€λ©΄ κ·Έκ±°λ λΆμν΄λ³΄κ² μ΅λλ€β¦. CVE-2024-38127 Impact:...
0
28
0