Orange Tsai π
@orange_8361
Followers
59K
Following
16K
Media
60
Statuses
1K
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! Highlights include:.β‘ Escaping from DocumentRoot to System Root.β‘ Bypassing built-in ACL/Auth with just a '?'.β‘ Turning XSS into RCE with legacy code.
37
656
2K
This will be one of the few OSEE trainings held in Asia. Welcome to Taiwan :).
4
32
253
RT @u1f383: A bit late, but I just published my blog post on bypassing Ubuntuβs sandbox! Hope you enjoy it!.
0
97
0
I don't have OSCPβinstead, I have OSEE! π
55
65
2K
RT @scwuaptx: Thrilled to share our latest deep dive into Windows Kernel Streaming!.Just presented this research at @offensive_con. Checkβ¦.
0
80
0
Another day, another bug of mine got listed in CISA's KEV. Why does everyone love my bugs (sigh. )? BTW, great article by @SinSinology again!.
Our client base has been feeding us rumours about in-the-wild exploited SonicWall SMA n-days (CVE-2023-44221, CVE-2024-38475) for a while. Given these are now CISA KEV, enjoy our now public analysis and reproduction :-).
4
26
285
RT @ashl3y_shen: Come join us at the Ask A Security Expert session at Black Hat Asia on April 4th! I'll be there with @orange_8361, @ryan_fβ¦.
0
5
0
RT @terrynini38514: The blog post is the full version of my talk at 38c3. It's about some vulnerabilities we found in libarchive and someβ¦.
0
18
0
RT @PortSwiggerRes: The results are in! We're proud to announce the Top ten web hacking techniques of 2024!
0
296
0
This is absolutely the greatest recognition for a researcher. Thank you all!.
The results are in! We're proud to announce the Top ten web hacking techniques of 2024!
10
22
462
Voting for the Top 10 Web Hacking Techniques of 2024 is live! Two of my research are nominated β Give them a vote! π₯. > Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! .> WorstFit: Unveiling Hidden Transformers in Windows ANSI!.
Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here:
1
21
215
The detailed version of our #WorstFit attack is available now! π₯.Check it out! π cc: @_splitline_.
Our talk at #BHEU is done! Hope you all enjoyed it. π A detailed blog is on the way, but in the meantime, check out the pre-alpha website for early access and the slides!. Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! πβ.
3
211
536
Our talk at #BHEU is done! Hope you all enjoyed it. π A detailed blog is on the way, but in the meantime, check out the pre-alpha website for early access and the slides!. Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! πβ.
15
226
793
./ @_splitline_ and I will be in London for Black Hat Europe next week. Let's see how many calcs we will pop! π #BHEU @BlackHatEvents .
0
13
208
RT @u1f383: Dropped my slide for POC2024 on Linux kernel exploitation, including a journal from Pwn2Own Vancouver earlier this year. Enjoyβ¦.
0
106
0
I love CRLF Injection π.
Confirmed! Pumpkin Chang (@u1f383) and Orange Tsai (@orange_8361) from the DEVCORE Research Team combined a CRLF Injection, an Auth Bypass, and a SQL Injection to exploit the Synology BeeStation. They earn $20,000 and 4 Master of Pwn points. #Pwn2Own #P2OIreland
14
52
656
RT @terrynini38514: Tips for Pwn2Own player: pick a target that no one care, then you got no collision. Shout out to my colleague: @h3xr4bβ¦.
0
10
0
Remember CVE-2024-4577, the PHP-CGI RCE bypass? Actually, the Best-Fit 'feature' also impacts non-CJK codepages such as locales in the Americas, Western Europe, Oceania, and more! @_splitline_ and I will share these cool findings at @BlackHatEvents! π₯. Let's make argument
4
75
379