Janggggg
@testanull
Followers
9K
Following
2K
Media
182
Statuses
1K
Kẻ soi mói, Re-searcher @dfsec_com
Hanoi, Vietnam
Joined October 2015
hot take: maybe instead of reporting vuln and getting cves, security nerds should just sell exploits that way devs won't need to bother with too much reports, only critical one that got exploited would need to be fixed. neat!
13
15
210
We have published our AttackerKB @rapid7 Analysis for the recent GoAnywhere MFT vuln, CVE-2025-10035. It's an access control bypass + unsafe deserialization + an as-yet unknown issue in how an attacker can know a specific private key!
attackerkb.com
On September 18, 2025, Fortra published a security advisory for a new vulnerability affecting their managed file transfer product, GoAnywhere MFT. The new vuln…
2
16
62
NEED YOUR HELP! My Friend/Teacher Soroush (@irsdl) Is looking for a new company to join, you know him as the .NET-God, the guy who has popped exchange, sharepoint, has maintained ysoserial_.net for years, contributed to the exploitation scene numerous times, taught all of you
14
127
249
I had the pleasure of working with the web team at DFSEC for the last 2 years. If you feel you are wasting your time finding web 0days for marketing, I suggest you try this role as it requires you to think more outside the box to solve the hardest problems in web app security!
Dataflow Security has officially opened a position for a Web Security Researcher. https://t.co/9R6QmrHJQ8
0
8
51
We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through.
github.com
New exploitation tricks for hardened .NET Remoting servers - codewhitesec/NewRemotingTricks
1
32
92
Semi-controversial thoughts on the recent #SharePoint patch & CVE-2025-53770 (ToolShell++ or ToolPain 🥸): 🪟On Microsoft’s effort: I now believe MS genuinely tried to fix a flawed patch over the weekend before it was exploited by APTs. But several things went wrong beforehand:
Does anyone have a payload for CVE-2025-53770 (toolshell++), I have a feeling that what we have seen so far are related to CVE-2025-49704, and CVE-2025-53770 has not been exploited by malicious actors. Please prove me wrong! I'm not interested in the auth bypass part btw.
4
38
148
https://t.co/lEelo7wiha A nasty hack to save your exiled server from being pwn Not a recommended way, but it can save your work sometime Have a good read!
testbnull.medium.com
Mấy ngày gần đây giới security khá ồn ào về sự việc một lỗ hổng của SharePoint server bị exploit in the wild, mức độ ảnh hưởng của lỗ hổng…
0
14
70
Viettel Cyber Security Press Release for Customer alert, Latest research and Recommendations. Blog is comming https://t.co/JY6zGnTg6T
#SharePoint #ToolShell
0
4
26
My research on CVE-2025-49113 is out. https://t.co/kuLczCSv6V. Happy reading! #CVE #roundcube #poc @FearsOff
7
98
335
A new @rapid7 Analysis of CVE-2024-58136 was just published to AttackerKB, courtesy of Calum Hutton 🔥 Affecting the Yii framework, this analysis details the root cause and how it can be leveraged for RCE via a dirty file write to a log file:
attackerkb.com
Yii framework is a component-based MVC web application framework, providing developers with the building blocks to create complex web applications including mo…
1
25
65
Outstanding! Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin
2
47
279
w00t!! Dinh Ho Anh Khoa (@_l0gg) of Viettel Cyber Security needed two attempts, but he successfully demonstrated his exploit of #Microsoft SharePoint. If confirmed, he'll win $100,000 for his efforts. Off to the disclosure room! #Pwn2Own #P2OBerlin
0
10
74
Write-up cho bài đăng của anh @tuo4n8. Chuyện đã lâu rồi có nhiều thứ mình không còn nhớ. - No outbound Gadgets for CVE-2019-16891. - New JDBC attack chain. For English speakers, please use Google Translate. https://t.co/QzNgis2i2r
2
15
43
My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking
Thread Execution Hijacking is one of the well-known methods that can be used to run implanted code. In this blog we introduce a new injection method, that is based on this classic technique, but much stealthier - Waiting Thread Hijacking. Read More :
15
137
463
Poc for 35587 btw,
Retweet due to so many people asked for the gadgetchain of CVE-2021-35587 in OAM 10g, The step to reproduce it has already been provided in section "Universal gadget chain for 10.3.x" Detail: https://t.co/mDXx1HCVQh
1
0
18
They deserved this :) Responsible disclosure is a joke!
So, rose87168 said he used CVE-2021-35587 to compromise the login[.]us2[.]oraclecloud[.]com server. Oracle then denied the attack and remains silent but quickly disconnected the server from the Internet (probably to investigate? also unknown). The problem is that Oracle has, at
2
1
19
https://t.co/5VY4RXv1e2 A quick note while analyzing CVE-2025-25291 gitlab saml auth bypass
testbnull.medium.com
Cuối tháng 2, đầu tháng 3 vừa qua có lẽ là một thời gian khá khó khăn với những anh em chuyên làm về SAML, khi mà một loạt bug mới, kỹ…
1
62
236
You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study. https://t.co/Ywj2Y7rkIu
portswigger.net
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library
4
66
201