kylebot
@ky1ebot
Followers
6K
Following
899
Media
10
Statuses
219
CTF player @Shellphish | PhD Student @ASU | @angrdothorse dev | Author of how2heap | Vulnerability Research Hobbyist | @[email protected]
Tempe, AZ
Joined September 2018
Another year, another Linux PE at TyphoonPwn ;).
Verification of another Linux PE is complete, and we’re now in talks with the vendor. Excellent discovery - well done! #TyphoonCon25.
2
3
96
But yeah, the race window is so small that it is not practically exploitable.
1
0
4
And clearly my report was not shared with the patch developer that they think taprio_change cannot race with advance_sched (written in the comment).
0
0
4
This is interesting. I exploited and reported this kernel bug at pwn2own in March last year and it got patched after more than half a year in Oct. And to this day, there is no mention that it is exploitable. Btw, the patch only reduces race window.
2
13
103
Just confirmed that I first blooded the bounty! Will write a blog about it when Google allows it :).
The V8 Sandbox is now in scope for Chrome VRP for bypass submissions, meeting specific criteria, with rewards up to $5,000! .Please see the Chrome VRP rules [ for full submission criteria and eligibility details.
9
4
163
Found a V8 sandbox bypass during @PlaidCTF . Let's see whether I will be the first one claiming the bounty 👀.
The V8 Sandbox is now in scope for Chrome VRP for bypass submissions, meeting specific criteria, with rewards up to $5,000! .Please see the Chrome VRP rules [ for full submission criteria and eligibility details.
8
12
277
I'm so proud to have attended the event with the best hackers in the world! (And appeared for 0.5s in the cool video! :) ) It was really fun! Thanks Google! And @sirdarckcat !.
bugSWAT live hacking 📣: We are planning two events this year, one in the US and one in Europe. Invites based on recent submissions and past bugSWAT performance. More details soon - keep those bug reports coming!. Here's a peek into our last bugSWAT:
0
4
42
RT @Zardus: Hello Hackers! The inaugural #pwncollege Quarterly Quiz is LIVE at It’s a series of tough kernel pwnin….
0
15
0
RT @SCAI_ASU: Hey hey! #SCAI doctoral student @ky1ebot just walked off with $20K! A PhD team supervised by @___tiffanyb___ is working hard….
0
4
0
I did it again! It was fun to work on exploit one night before the event and one shot it at the demonstration!.And thank you @thezdi and @ubuntu for making the report process painless!.
Validated! Kyle Zeng from ASU SEFCOM brought a race condition to #Pwn2Own and successfully used it to escalate privileges on #Ubuntu desktop. He earns $20,000 and 2 Master of Pwn points. #P2OVancouver
13
8
172
Let's do this again, Shellphishers!.
Congrats to the 7 companies that will receive $1 million each to develop AI-enabled cyber reasoning systems that automatically find and fix software vulnerabilities as part of the #AIxCC Small Business Track! Full announcement:
1
1
41
And CVE-2021-46940 is even for tools. I'm sorry, it is not even in the kernel. And "it must be run be run as root". And the direct impact is "prevents the timer from update the stat". I'm not sure why this is a security bug.
2
1
16
Great. Now memory leaks, warnings, bugs in components not exposed to non-root users (CVE-2021-46957), even performance issue patches ( CVE-2024-26602) are "security bugs".
Happy Wednesday! Hope you're all enjoying the 86 CVEs assigned by the Linux CNA today:
3
5
60
My favorite fuzzing paper in recent years:.SoK: Prudent Evaluation Practices for Fuzzing.
0
19
98