Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! https://t.co/YzYcwxOGBn Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

Say hi to them — check out our latest research!

Really love the style of this exploit chain! 👏

國語友善XD https://t.co/jiDA8HWdLG

Turns out my #PHRACK article is live! 🔥 > The Art of PHP — My CTF Journey and Untold Stories! Kinda a love letter to those CTF players & PHP nerds! Hope all the credit goes to the right ppl. Also huge thanks to @0xdea for not forgetting me, @guitmz for the edits, and the

MODERATOR: Are you willing to commit to NOT raise the sales tax? MIKIE SHERRILL: I'm not going to commit to anything right now. On Nov. 4, vote NO on Mikie Sherrill. ❌

yaaaaa! Long time no see!

The #defcon hardcopy of @phrack is a thing of beauty! It embodies both technical depth & the hacker spirit (as usual). Reading @orange_8361's musings on CTF & his role as a bug archeologist was like recognizing an old friend. Thank you, Phrack staff, for making this treasure.

thanks for the mention, @orange_8361 :-)

Brian says CFO. We say spokesperson. He says receipts. We say Ramp. RSVP to see who wins.

Didn’t get a Phrack zine at @defcon? Come to @HacksInTaiwan next week! We’re dropping 100 HITCON limited edition copies, with a chance to get @orange_8361 ’s autograph. 🍊Walk-in tickets available!

Thanks @PortSwigger and @BugBountyDEFCON for this awesome event — and also to my @d3vc0r3 buddies for standing on stage to collect the trophy for me! A little follow-up article on this research is coming soon... stay tuned! 🤘

Oh mom, I am in @phrack! #why2025

This will be one of the few OSEE trainings held in Asia. Welcome to Taiwan :) https://t.co/7dTQH8RR4B

A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! https://t.co/Q9Nra9n6N0

I don't have OSCP—instead, I have OSEE! 🎉

Thrilled to share our latest deep dive into Windows Kernel Streaming! Just presented this research at @offensive_con. Check it out:

Another day, another bug of mine got listed in CISA's KEV. Why does everyone love my bugs (sigh...)? BTW, great article by @SinSinology again!

Come join us at the Ask A Security Expert session at Black Hat Asia on April 4th! I'll be there with @orange_8361, @ryan_flores, and @Marmusha answering your cybersecurity questions. Submit your topics in advance using the form on the event page. Looking forward to seeing you!

The blog post is the full version of my talk at 38c3. It's about some vulnerabilities we found in libarchive and some interesting behaviors of libarchive that you don't want to miss. My favorite part is it only took us 56 seconds to trigger a crash by AFL++.