Theori
@theori_io
Followers
5K
Following
510
Media
100
Statuses
389
Empowering Innovation with Security.
Joined January 2016
๐ Theori Wins DEF CON 32 CTF and DARPA AI Cyber Challenge (AIxCC) Semifinals!ย ๐. We are thrilled to announce that Theori has once again emerged victorious at DEF CON 32 CTFโthe world-renowned "Hacker Olympics"! With this win, Theori secures its 8th overall victory and an
4
40
186
Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough?.As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. โข Chrome Renderer RCE :
25
263
933
A few weeks ago, we found an exploitable bug in WebKit which was fixed before we could report to Apple. Interestingly, the latest iOS versions are still vulnerable. Since other exploits for this bug are public, we share our root cause analysis and exploit.
9
132
353
Our intern @_qwerty_po was destined to analyze a recent Linux kernel LPE vuln (CVE-2022-32250), a bug found and reported by @FidgetingBits. Here's a brief write-up on the analysis of the bug and the exploit development. Check it out! (exploit included).
2
102
244
We've started a blog series on N-day full chain exploits. The first part is about chrome renderer exploit, CVE-2023-3079. Check it now!๐๐. #Theori #ํฐ์ค๋ฆฌ #Blog #Research #Fermium252 #Chrome #VirtualMachine #CVE #Vulnerability.
Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough?.As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. โข Chrome Renderer RCE :
4
87
217
Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201) โ.
1
194
188
"Building a 1-day Exploit for Google Chrome" by @brian_pak.Code and slides are available here:
1
95
175
Theori researcher, Junghoon Lee (@lokihardt), reported ASLR bypass for Chrome and Safari that utilize conservative GC. The runtime is greatly improved compared to similar techniques, making it more feasible. Blog post coming soon!.
Currently my favorite bug of the year.
4
37
173
The third series in our N-Day full chain exploit is out now!. We exploited CVE-2023-29360, a beautiful logical vulnerability in the Windows driver, to elevate the privilege from user to SYSTEM. It was also leveraged by @Synacktiv at Pwn2Own 2023.
2
56
155
This effectively makes # of unsolved challenges to be 0 for The Duck :) It was a fun weekend activity that allowed Theori researchers to show off their deep knowledge and strong skills in Web3 security. Thanks to @paradigm_ctf for hosting the CTF!
after further discussion, we've made the decision to pull POOL from the list of active challenges due to certain issues. we apologize to any teams who are affected by this.
7
8
121
We added another example exploit written for pwn.js just now. Itโs for CVE-2017-11873 that was patched today!
1
88
120
Can't escape from COVID-19 madness, but here's how we escaped Chrome Sandbox by exploiting a bug found by our researcher, Tim Becker (@tjbecker_ ) Check it out!.
0
51
118
Theori overtakes the @defcon leaderboard once again!. ๐ @mmm_ctf_team takes 1st place at the world's largest hacking competition, DEFCON CTF. Shout out to our joint partners @maplebaconctf and @PlaidCTF !. Conquering the most difficult cybersecurity challenges, one at a time ๐
2
26
107
Patch analysis of MS16-063 for Internet Explorer 11 JScript Memory Corruption (with proof-of-concept exploit).
6
75
96
Part 4 of our N-Day Exploit Series is LIVE! ๐ฅ.โก๏ธ Unveiling CVE-2023-34044, an information leakage vulnerability in #VMware Workstationโs #VBluetooth device, found by our own @pr0ln!. Itโs a variant of CVE-2023-20870 demonstrated by @starlabs_sg in.
0
43
97
Waiting for our N-Day Exploit Part 5? ๐. We exploited CVE-2023-20869, a Host-to-Guest escape vulnerability in the VMware Workstation VBluetooth device, showcased by @starlabs_sg at #Pwn2Own2023 in Vancouver. Check out our blog for more details!. #Theori.
3
33
96
Did you attend @hexacon_fr this year?. Check out our summarizing blog post ๐. Take a look at the #WindowsOS privilege escalation #vulnerability.and dive a little deeper into the #exploits at the code level. #Theori #ํฐ์ค๋ฆฌ #HEXACON #kernel #lpe.
1
22
83
We have been busy analyzing your carโs radio signals. We are releasing code to receive and decode digital FM radio.
2
45
80
์๋
๊ตฌ๊ธ #Chrome ์ทจ์ฝ์ ๊ณต๊ฒฉ์ ์ด๋ค ๊ธฐ๋ฒ์ด ์ฌ์ฉ๋์์๊น์?. ํฐ์ค๋ฆฌ ์ทจ์ฝ์ ์ฐ๊ตฌ ํ์.#WebAssembly ์ raw ํฌ์ธํฐ๋ฅผ ์ฌ์ฉํด.V8 ์๋๋ฐ์ค ๋ณดํธ ๊ธฐ๋ฒ์ ์ฐํํ ์ ์์๋. ์์ธํ ๋ด์ฉ์ ๋ธ๋ก๊ทธ์์ ํ์ธํด ๋ณด์ธ์!. #Theori #ํฐ์ค๋ฆฌ #Sandbox #V8Engine.
0
27
76
We discovered and reported a vulnerability in Xen paravirtualization driver in Linux. This is a race condition bug in event handler, which can be triggered from a guest and may crash dom0. Here's a brief write-up about the background and the bug.
1
24
75
BlueKeep (CVE-2019-0708) Exploit Demo on Windows 7 x64 by Theori researchers:
0
27
70
We came, we saw, we conquered. MMM takes 1st at @defcon CTF! We had a great time playing with our friends @maplebaconctf and @PlaidCTF as @mmm_ctf_team! ๐๐ฆ๐. Great job to Katzebin and StarBugs, and all other teams! Thank you @Nautilus_CTF for organizing!. Now, back to work!
1
12
65
Over the next few weeks, we will be releasing the detailed analysis write-ups on each vulnerability used in this chain on our blog. All of these CVEs are featured in Fermium-252, our Cyber Threat Intelligence Database Platform. You can check out the information about Fermium-252.
1
3
60
Researchers at Theori published an analysis of Internet Explorer 11 VBScript Memory Corruption (with PoC exploit)
3
49
54
๐ ์ค์ ๋ณด์ ์ปจ์คํ
์ค ๋ฐ๊ฒฌํ.์๊ฒฉ ์ฝ๋ ์คํ(RCE) 0-Day ์ทจ์ฝ์ 4๊ฑด ๊ณต๊ฐ!.๐ Endpoint Protector(EPP) ์๋ฃจ์
์ทจ์ฝ์ ์.๋ฐ๊ฒฌ ๋ฐฐ๊ฒฝ, ๋ถ์ ๊ณผ์ , ์ด์ฉ ๋ฐฉ๋ฒ๊น์ง ํ์ธํด ๋ณด์ธ์!. #ํฐ์ค๋ฆฌ #Theori #์ปจ์คํ
#RCE #์ทจ์ฝ์ ๋ถ์ #CoSoSys #์ฌ์ด๋ฒ๋ณด์ #๋ณด์ #0Day #EPP #CVE.
0
18
52
[๐Vulnerability Research] N-day Exploit Series Finale โจ. Itโs been a long journey, and the sixth and final chapter of our N-Day Exploit Series is out!. Introducing CVE-2023-36802, a critical In-The-Wild exploit leveraging a Windows kernel vulnerability to gain host system.
0
16
52
Here's our write-up on three challenges from Paradigm CTF 2022: Solhana-{1,2,3}, Stealing Sats, fun-reversing-challenge.
We're done! Thanks to everyone for playing Paradigm CTF 2022. Congrats to @theori_io, @hexensio, and @PwningEth for scoring in the top 3!. A big shoutout to @0xGreg_, @Mauricio_0218, @Zellic_io, @osec_io, and @dumbcontract2 for guest authoring challenges. See you next year!
0
14
48
Hiring CTF ๐ฉ Offensive Security Researcher. ์ธ๊ณ ์ต์ ์ ํด์ปค์ ํจ๊ป.๋ด ์์ผ๋ก ์์ ํ ์ธ์์ ๋ง๋๋ ๊ฒฝํ. 2024๋
3์ 31์ผ๊น์ง.Hiring CTF๋ก ๋์ ํด ๋ณด์ธ์!.๐ #ํฐ์ค๋ฆฌ #Theori #์ฑ์ฉ #์ฑ์ฉ๊ณต๊ณ #SA #์ปจ์คํ
#Consulting
0
10
47
Researchers at Theori have successfully confirmed the CVE-2020-16898 vulnerability, dubbed as Bad Neighbor, by demonstrating a remote crash of Windows with BSOD. Be aware of those packets! We are working to craft an RCE exploit, though it looks tough ;).
1
19
46
Theori ์ฐ๊ตฌ์์ด 2023 #์ฌ์ด๋ฒ๊ณต๊ฒฉ๋ฐฉ์ด๋ํ(CCE)์์ ์ฐ์ํ ๊ฒฐ๊ณผ๋ฅผ ์ป์์ต๋๋ค!. ๐ฅ ์ผ๋ฐ๋ถ ์ฐ์น 'The Duck': ๊ฐ์ฐ์, ์ดํ์, ์์ค์ค, ์ง์ฉํ.๐ฅ ์ผ๋ฐ๋ถ ์ค์ฐ์น 'GYG': ์ก์์ค, ์ด์ค์ค. ์ด๋ก์จ ํฐ์ค๋ฆฌ๋ CCE์์ 5๋
์ฐ์ ์์ํ๋ ์พ๊ฑฐ๋ฅผ ๋ฌ์ฑํ์ต๋๋ค. ์ฐธ์ฌํ์ ๋ชจ๋ ๋ถ๋ค ๊ณ ์ํ์
จ์ต๋๋ค!
0
7
45
In related to the Chrome exploit talk, we've also updated the pwn.js (our JS library for browser exploitation) to support Chrome targets, thanks to our researcher @zoaedk. An example exploit (from the talk) for Chrome is also added. Please check it out!
1
19
42
๐ ํฐ์ค๋ฆฌ ๋ฐ์ธ์ค ๋ํ, ๋ํต๋ น ํ์ฐฝ ์์! @brian_pak. ์ฌ์ด๋ฒ ๋ณด์์ ์ง์์ ์ธ ์ฐ๊ตฌ ๊ฐ๋ฐ, ๊ตญ๋ด ๋ณด์ ๊ธฐ์ ๋ฐ์ ๊ณผ ์ธ์ฌ ์ก์ฑ์ ํ์ด ๊ณต๋ก๋ฅผ ์ธ์ ๋ฐ์, . '2024 ๊ณผํยท์ ๋ณดํต์ ์ ๋ ๊ธฐ๋
์'์์ ๋ฐ์ธ์ค Theori ๋ํ๊ฐ ๋ํต๋ น ํ์ฐฝ์ ์์ํ์ต๋๋ค! . ํฐ์ค๋ฆฌ๋ ์์ผ๋ก๋ ์ฌ์ด๋ฒ ๋ณด์ ๋ถ์ผ ๊ณ ๋ํ๋
0
3
40
Theori๊ฐ ์ ๋ นํ 2023 ํ์ดํธํ ์ฝํ
์คํธ!.ํฐ์ค๋ฆฌ ์ฐ๊ตฌ์์ด 1, 2, 3์ ๋ชจ๋ ์ฐจ์งํ์ต๋๋ค ๐. ๐ฅ ์ผ๋ฐ๋ถ ์ฐ์น: ๊ฐ์ฐ์, ์ดํ์, ์์ค์ค, ์ง์ฉํ.๐ฅ ์ผ๋ฐ๋ถ ์ค์ฐ์น: ์ด์ค์ค, ์ ํ์.๐ฅ ์ผ๋ฐ๋ถ 3์: ์ก์์ค. ์๋์ ์ธ ์ค๋ ฅ์ผ๋ก ์ฌ์ด๋ฒ ๋ณด์์ ๋ฆฌ๋ํ๋ ํฐ์ค๋ฆฌ!. #ํฐ์ค๋ฆฌ #theori #ctf #ํ์ดํธํ #ํด์ปค
3
2
38
์ฒญ์๋ ์๋น๊ด์์ ์ด๋ฆฐ '์ฒญ๋
ํ์ดํธํด์ปค์์ ๋ํโ ์๋ฆฌ์.ํฐ์ค๋ฆฌ์ โThe Duckโํ์ด ์ด์ฒญ๋ฐ์ ๋ค๋
์์ต๋๋ค!. ์ฌ์ด๋ฒ ๊ณต๊ฒฉ์ ๋์ํ๋ ํ์ดํธํ ํด์ปค์ ์ญํ ๊ณผ ์ค์์ฑ์ ๋ํด ์ด์ผ๊ธฐ ๋๋ ์ ์๋ ์๊ด์ค๋ฌ์ด ๊ธฐํ์์ต๋๋ค ๐. #ํฐ์ค๋ฆฌ #theori #ํด์ปค #์ฒญ์๋
0
3
39
๐ Can LLMs be used in Offensive Security? ๐. NEW BLOG POST.๐ LLMs are now making waves in offensive security! Our latest blog explores:. ๐ ๏ธ Google OSS-Fuzz-Gen: Automates test harness creation for open-source projects.๐ค PromptFuzz: Generates harnesses.
0
8
39
Our researchers conquered yet another CTF at #codegate 2022!.Congratulations to โThe Duckโ and all our researchers who competed as different teams. GG everyone! ๐
1
0
38
N-Day Exploit๋ถํฐ Pwn2Own๊น์ง ๐.์ฐ๋ฌ์ ๋๋ผ์ด ์์์ ์ ํ ํฐ์ค๋ฆฌ ํ. Vulnerability Research ํ์ ์ฐ๊ตฌ์ ์ค๋น ๊ณผ์ ์.๋ธ๋ก๊ทธ์์ ํ์ธํด ๋ณด์ธ์!. #ํฐ์ค๋ฆฌ #Theori #์ธํฐ๋ทฐ #์ทจ์ฝ์ #์ทจ์ฝ์ ์ฐ๊ตฌ #Vulnerability #VR #P2OVancouver.
0
6
37
๐ฏ What's the Linux kernel's biggest target for researchers?. Mingi Cho from Theori's Vulnerability Research Team unveiled a crucial Linux nftables vulnerability at #Zer0Con2024. Our findings show advanced mitigation bypasses, spotlighting its risk in KernelCTF contests.
#Zer0Con2024. His research will bring great light this year ๐. Mingi Cho ๐ฐ๐ท of @theori_io."Exploiting a Missed Linux Kernel Patch in a KernelCTF Instance"
0
2
39
During the first day of #Pwn2Own Vancouver 2024,.our researchers Gwangun Jung (@pr0ln) and Junoh Lee (@bbbig12) successfully combined three different zero-day vulnerabilities for a #VMware Guest-to-Host escape and #Windows11 Privilege Escalation!. #Theori #Vulnerbility #Windows.
Confirmed! Gwangun Jung (@pr0ln) and Junoh Lee (@bbbig12) from Theori (@theori_io) combined three different bugs to escape #VMware Workstation and then execute code as SYSTEM on the host OS. This impressive feat earns them $130,000 and 13 Master of Pwn points. #Pwn2Own
0
5
34
ํฐ์ค๋ฆฌ์ ๋๋๋ฌด๊ฐ ํจ๊ป ํ๋.์น3 ๋ณด์ ์ธ์ฌ ์์ฑ ๐. ๊ธ๋ก๋ฒ ๊ฒฝ์๋ ฅ์ ๊ฐ์ถ ์น3 ๋ณด์ ์ต์ ์ ์ธ์ฌ ์์ฑ์ ์ํด.<์
์ฌ์ด๋ ์์นด๋ฐ๋ฏธ> 1๊ธฐ ๋ฐ๋์์ ์งํํ์ต๋๋ค. ๋ฌด๋ ค 12:1 ๊ฒฝ์๋ฅ ์ ๋ซ๊ณ ์ ๋ฐ๋ 19๋ช
์ ๊ต์ก์๋ค์ด.Web3 ๋ณด์์ ๋ด์ผ์ ๋ง๋ค์ด๊ฐ๋ ์ธ์ฌ๊ฐ ๋ ์ ์๊ธฐ๋ฅผ.
2
7
33
Theori representing South Koreaโs cybersecurity technology at @RSAConference ๐ซก.Come swing by our booth at S-634 to hear more about Xint, the newest #USPM encompassing cloud security and external threat detection! . #Theori #RSAC2024 #Xint #CloudSecurity #ExternalThreatDetection
2
4
29
Mark your calendars! ๐
.Our researchers Junoh and Jeongoh will be presenting at @hexacon_fr. They'll be sharing the #WindowsOS privilege escalation #vulnerability and exploit technique. See you in Paris on October 13-14th!.#Theori #HEXACON2023.
๐ฃUnveiling Hidden Paths: Unearthing Vulnerabilities and Exploiting Modern Windows Kernel, by Junoh Lee and JeongOh Kyea
1
3
30
Our CTF team, The Duck, is the winner of LINE CTF 2024!. Completing all of the challenges with 6 hours to spare๐,.weโve won almost every single LINE CTF so far!. Hereโs to todayโs victory, as well as many more to come ๐ฅ. #Theori #ํฐ์ค๋ฆฌ #TheDuck #LINECTF #LINECTF2024
1
1
31
โจ Missed @offbyoneconf? Catch up now!. At #offbyoneconf, Theori's Vulnerability Research Teamโ @kkokkokye, @pr0ln, Yeonghun Kimโbroke down the N-Day Full Chain, detailing the exploit methods and chaining techniques. Check out the comprehensive details on our blog! ๐.๐.
๊ฐ์ฌํฉ๋๋ค to the phenomenal @theori_io team @kkokkokye @pr0Ln & Yeonghun Kim @offbyoneconf ๐๐๐ค๐ ๐-๐๐๐ฒ ๐๐ซ๐๐๐ญ ๐๐ ๐๐ข๐ง-๐๐ก๐ ๐๐ญ๐จ๐ซ๐ฒ ๐จ๐ ๐-๐๐๐ฒ ๐
๐ฎ๐ฅ๐ฅ ๐๐ก๐๐ข๐ง ๐๐ซ๐จ๐ฆ ๐๐ซ๐จ๐ฐ๐ฌ๐๐ซ ๐ข๐ง ๐ ๐ฎ๐๐ฌ๐ญ ๐ญ๐จ ๐๐๐๐๐๐ ๐ข๐ง ๐ก๐จ๐ฌ๐ญ is a winner! ๋ ๋ณด์
0
7
28
We had two of our researchers speaking at #zer0con2018 last week. We are releasing the code and slides from the talk! Links to each of them will follow.
1
16
28
Final results are in! #Theori takes 4th place on the #Pwn2Own leaderboard! ๐.Along with yesterday's VMware exploit with Windows kernel addon, our researcher Mingi Cho also successfully escalated privileges on #Ubuntu desktop, winning $5,000 in prizes!.#Zeroday #P2OVancouver.
That's a wrap! #Pwn2Own Vancouver is complete. Overall, we awarded $1,132,500 for 29 unique 0-days. Congrats to @_manfp for winning Master of Pwn with $202,500 and 25 points. Here's the final top 10 list:
0
1
29
In the 2023 OpenTRS #3 ๐ก. CTF Team GYG and Theori VR team explores #MacOS, #Win32k vulnerabilities. And our CTO @andrewwesie takes you through #Web3 ZK proof-based @RelicProtocol. On July 6th, live on This seminar will be conducted in English.
2
7
23
โ ๏ธ 2023 ํ๋ฐ๊ธฐ, ์ด๋ค ๋ณด์ ์ด์๊ฐ ์์์๊น์?. Cisco @Cisco .โข ๋ผ์ฐํฐ ๋ฐ ์ผ๋ถ ์ค์์น ์ด์์ฒด์ ์์ ์ทจ์ฝ์ ๋ฐ๊ฒฌ. JetBrains TeamCity @teamcity .โข ๋ถํ ํด์ปค์๊ฒ ๊ณต๊ฒฉ๋นํ CI/CD ์๋ฃจ์
์ทจ์ฝ์ . MOVEit exploit campaign.โข ๋์ฌ์จ์ด ๊ทธ๋ฃน Cl0p์ MOVEit ํ๋ก๊ทธ๋จ ์ต์คํ๋ก์.โข ๊ธฐ์
๋ด ๋ฐ์ดํฐ.
1
7
27
๋ํ๋ฏผ๊ตญ #๊ตญ๋ฐฉ๋ถ ์ฃผ์ต, #์ฌ์ด๋ฒ์์ ์ฌ๋ น๋ถ ์ฃผ๊ด์ผ๋ก ๊ฐ์ต๋ 2022 ํ์ดํธํ ์ฝํ
์คํธ! Theori ์ฐ๊ตฌ์๋ค์ด ํฉ์ธ๊ณ ์์ต๋๋ค!. ๐ฅ์ผ๋ฐ๋ถ ์ฐ์น โ์กด์ํด์ปค๋ชจ์โ: ์ด์ค์ค.๐ฅ ์ผ๋ฐ๋ถ ์ค์ฐ์น โThe Duckโ: ๊ฐ์ฐ์, ์ดํ์, ์์ค์ค, ๊ฐ์ง์ค. ๋ค ํจ๊ป ์ฌ์ง์ ์ฐ์ผ๋ฉฐ ๋ด๋
CTF๋ ๊ธฐ์ฝํ๋ ํฐ์ค๋ฆฌ์์ต๋๋ค!
0
1
24
ใ๐๐๐๐ค๐ง๐ ๊ณต๊ฐ ์ฑ์ฉ ์๋ดใ. ์๋ํด๋์ค ์ฌ์ด๋ฒ ๋ณด์ ํ์ฌ #ํฐ์ค๋ฆฌ.๊ฐ์ฅ ํ์ ์ ์ธ ์ฐ๋ฆฌ์ ํจ๊ป.์์ ํ ์ฌ์ด๋ฒ ๋ณด์ ์ธ์์ ๋ง๋ค์ด๊ฐ์๐. ๐ธ๋ชจ์ง ๋ถ์ผ.๋ณด์ ์ปจ์คํดํธ, ๋์์ด๋, Web3, R&D ์ฐ๊ตฌ์, ์ ๋ต ๊ธฐํ ๋ฑ ์ ์ง๊ตฐ. #์ฑ์ฉ #์ฑ์ฉ๊ณต๊ณ #ํฐ์ค๋ฆฌํ๊ตญ #theori #recruit.
1
20
26
Theori์ ์๋ก์ด ๋ชจ์ต์ ๊ณต๊ฐํฉ๋๋ค!. ๋๊ตฌ๋ ์์ ํ๊ฒ ๊ฟ๊ฟ ์ ์๋ ์ธ์์ ์ํด.ํฐ์ค๋ฆฌ๊ฐ ๋์ฑ ๊ฒฌ๊ณ ํด์ก์ต๋๋ค. ํฐ์ค๋ฆฌ๊ฐ ํผ์น ์๋ก์ด ๋ชจ์ต์.๊ธฐ๋ํด ์ฃผ์ธ์!. . #ํฐ์ค๋ฆฌ #Theori #๋ธ๋๋ฉ #๋ฆฌ๋ธ๋๋ฉ #rebranding.
0
7
25
๊ตญ๋ด ์ต๋ ๋ณด์ ๊ต์ก ํ๋ซํผ ๋๋ฆผํต๊ณผ ํจ๊ป.3๋
์ฐ์ ๊ฐ์ตํ๋ LG์ ์ ์ฌ๋ด CTF โ @LGE_korea. ๊ตฌ์ฑ์ ๋ณด์ ์ญ๋ ํฅ์์ ์ํ ์ ํ,.๋๋ฆผํต ์ํฐํ๋ผ์ด์ฆ๋ก ๋ณด์ ํ์ ์ ์ด๋์ด๊ฐ์!. #Theori #ํฐ์ค๋ฆฌ #LG์ ์ #LGE #Dreamhack #๋๋ฆผํต #CTF #Hacking #Hacker #Cybersecurity
0
4
26
[Notable CVEs from Theoriโsย #Vulnerabilityย #Researchย in 2022]. 1/.Our Vulnerability Research team has worked tirelessly last year to discover and report numerous vulnerabilities, including critical zero-days on Windows, Linux, and popular browsers.
1
2
25
์ฌํด๋ ์๊ณ ๋ง์ผ์
จ์ต๋๋ค. ํ ํด ๋์ ํฐ์ค๋ฆฌ์ ํจ๊ปํด ์ฃผ์ .๋ชจ๋ ๋ถ๋ค๊ป ์ง์ฌ์ผ๋ก ๊ฐ์ฌ๋๋ฆฝ๋๋ค. ์ํด์๋ ๋์ฑ ์์ ํ๊ณ ํ๋ณต์ด ๊ฐ๋ํ๊ธธ ๊ธฐ์ํฉ๋๋ค!.Happy New Year โจ.
0
1
25
Theori, 2024 ์ฌ์ด๋ฒ๊ณต๊ฒฉ๋ฐฉ์ด๋ํ(CCE) ์ข
ํฉ์ฐ์น ๐. CCE ์ผ๋ฐ๋ถ์ ์ฐธ์ฌํ ํฐ์ค๋ฆฌ 4๊ฐ ํ์ด 1, 2, 3, 4๋ฑ ๋ชจ๋ ์ฐจ์งํ์ต๋๋ค! . ๐ฅ ์ข
ํฉ์ฐ์น 'The Duckling': @junorouse, @5unKn0wn, @_bincat, ์ฑํด๋น.๐ฅ ์ผ๋ฐ๋ถ ์ฐ์น 'The Gosling': ๊ฐ์ฐ์, @RBTree_, @yechan_bae, ๊นํํ.๐ฅ ์ผ๋ฐ๋ถ ์ค์ฐ์น 'GYG':
0
9
25
๐จ ์ด์ (5/17) D์ฌ ๊ณต์ ์น์ฌ์ดํธ์์ ๋ค์ด๋ฒ ๊ณ์ ์ ๋ณด๋ฅผ ํ์ทจํ๋ #๋ํ์ด์ค #ํดํน ๊ณต๊ฒฉ์ด ๋ฐ์ํ์ต๋๋ค. ๋คํํ๋ ํฐ์ค๋ฆฌ์ ๋น ๋ฅธ ๋ฐ๊ฒฌ๊ณผ ๋์์ผ๋ก ํผํด๋ฅผ ์ต์ํํ ์ ์์์ต๋๋ค. ๋์ฑ ์์ ํ ์ธ์์ ์ํด ํฐ์ค๋ฆฌ๋ ๋์์์ด ๋
ธ๋ ฅํฉ๋๋ค ๐. ํดํน ๋ถ์ ๋ ํฌํธ.๐ #ํผ์ฑ.
1
8
23
๋๋ฆผํต (@dreamhack_io) ์ฑ์ฉ CTF ํ๋ก๊ทธ๋จ์ ํตํด.์ค๋ ฅ ์๋ ์คํ์๋ธ ๋ณด์ ์ฐ๊ตฌ์์ด ํฉ๋ฅํ๊ฒ ๋์์ต๋๋ค!. ํฐ์ค๋ฆฌ ๋ณด์ ์ปจ์คํ
ํต์ฌ ๋ถ์, SA(Security Assesment) ํ์ ์ฑ์ฉ CTF ํ๊ธฐ๋ถํฐ.๋ณด์ ์ค๋ฌด ์ธ์ฌ์ดํธ๋ฅผ ๋ด์ CTF ๋ฌธ์ , ๊ด๋ จ ์ด๋ฒคํธ๊น์ง. ์์ธํ ๋ด์ฉ์.
1
6
24
Heading to @hackinthebox 2022 Singapore?.Interested in browser hacking?. @singi21a, a star researcher of our Vulnerability Research team, will be presenting his research about Browser Hacking with ANGLE. Attend his talk to learn ANGLE basics and how it is used in WebGL/WebGL2.
1
1
23
ํฐ์ค๋ฆฌ์์ ๋๊ฐ, ๋ฌด์์ ํ๊ณ ์์๊น์?. ์ธ์์ ๋์ฑ ์์ ํ๊ฒ ๋ง๋ค๊ธฐ ์ํด ๋
ธ๋ ฅํ๋ ํฐ์ค๋ฆฌ ๊ตฌ์ฑ์์ ์ด์ผ๊ธฐ๋ฅผ ์ ํด ๋๋ ค์. ๋ณด์์ ๋๊ตฌ๋ ์ฝ๊ฒ ๊ณต๋ถํ ์ ์๋๋ก ๋
ธ๋ ฅํ๋ @dreamhack_io ์ฝํ
์ธ ํ bincat์ ์ด์ผ๊ธฐ,.์ง๊ธ ํ์ธํด ๋ณด์ธ์!. #ํฐ์ค๋ฆฌ #์ธํฐ๋ทฐ #๋๋ฆผํต.
0
6
22
๐ก ํฐ์ค๋ฆฌ๋ ์ง๊ธ Open TRS ์ค #BEACON2023. #web3 ๋ณด์์ ๋ฆฌ๋ฉํ๋ @ChainLight_io ๊ณผ ํจ๊ป .์ง์ ๊ฐ๋ฅํ Web3 ์ํ๊ณ ๊ตฌ์ถ์ ์ํด.์๊ฒฌ์ ๋๋๊ณ ์์ต๋๋ค.
๐ก Web3์ ๋ฏธ๋๊ฐ ๊ถ๊ธํ์ ๊ฐ์? ๐งต(1/2). ์ง์ ๊ฐ๋ฅํ #Web3 ์ํ๊ณ ๊ตฌ์ถ์ ์ํด ํผ์ณ์ง๋.ํ๋ คํ ๋ผ์ธ์
์ ๋ฐํ์ ํ ๋ก ๋ค,.๋ง์๊ณ ๐ ์ ์ตํ ๋คํธ์ํน๊น์ง. 11์ 23์ผ ์คํ 7์, ๋ฌด๋ฃ๋ก ์ฆ๊ฒจ๋ณด์ธ์!.๐ #Theori #ํฐ์ค๋ฆฌ #Web3Networking.#์น3 #ChainLight #Defi #crypto
1
1
23
Following up on @QubitFin's post about the recent attack, here's our brief post-mortem. While we can't prevent our customers from modifying the code after our audit, additional mitigations could've been suggested by our team that would've reduced risk.
4
8
20
[๐ฐ] Theori x ๋๋๋ฌด ์
๋ฌด ํ์ฝ(MOU) ์ฒด๊ฒฐ ๐. ํฐ์ค๋ฆฌ๊ฐ ๋ธ๋ก์ฒด์ธยทํํ
ํฌ ์ ๋ฌธ ๊ธฐ์
๋๋๋ฌด์.์น3 ๋ณด์ ์ธ์ฌ ์์ฑ์ ์ํด ์
๋ฌด ํ์ฝ์ ์ฒด๊ฒฐํ์ต๋๋ค!. ํฐ์ค๋ฆฌ์ ์น3 ์ ๋ฌธ๋ถ์ @ChainLight_io ๊ฐ.์ปค๋ฆฌํ๋ผ์ ๊ฐ๋ฐํ๊ณ ๊ฐ์, ๋ฉํ ๋ง ํ ์์ ์ด์์. #ํฐ์ค๋ฆฌ #theori #๋๋๋ฌด.
0
2
23
์ธ๊ณ ์ต๋ ํดํน ๋ํ๋ ์ด๋ป๊ฒ ์ฐ์นํ ๊น์?. Theori CTF Team, The Duck์ด ๋งํ๋ DEF CON 31 ๊ณผ.@AppSec_Village ์์ ๋ฐํํ dohyeon์ ํ๊ธฐ๊น์ง๐ฌ. ์กฐ๊ธ ๋ฆ์์ง๋ง, ์์ํ 8์ @defcon ํ์ฅ์.ํฐ์ค๋ฆฌ ๋ธ๋ก๊ทธ์์ ํ์ธํด ๋ณด์ธ์!. #ํฐ์ค๋ฆฌ #DEFCON #ํดํน #๋ํ #๋ฐํ #ํ๊ธฐ.
0
8
21
๐ฅ Theori at #HEXACON2024 ๐ฅ.Weโre excited to have four researchers sharing groundbreaking insights:. 1๏ธโฃ Guest Revolution: Our Story of Compromising the Host Kernel from the VMware Guest โ @bbbig12 & @pr0Ln detailed their Pwn2Own 2024 success, highlighting vulnerabilities and
0
2
21
Our researchers Dohyun and Woowon will be presenting at the @DEFCON #AppSecVillage this year. They'll be sharing noteworthy vulnerabilities and mitigation measures from a front-end perspective, based on their experiences in security consulting. See you in Las Vegas in August!.
ASV is excited to welcome Dohyeon Kim and @wooeong337 to the @defcon stage this August! . We're looking forward to their discussion on protecting #frontend #applications from overlooked #vulnerabilities . See you Vegas Dohyeon and WooWon! . #appsec #applicationsecurity #defcon31
0
5
21
์ค๋์ ํฐ์ค๋ฆฌ์ 6๋ฒ์งธ ์์ผ์
๋๋ค ๐. ๋ชจ๋ ํจ๊ป ํฐ์ค๋ฆฌ์ ์ฑ์ฅ์ ์์ถํ๋ฉฐ,.์ฐ๋ฆฌ์ ๋์ ์ ์์ํ์ต๋๋ค!. ํฐ์ค๋ฆฌ์ ์์ผ, ์ฌ๋ฌ๋ถ๋ ๋ค ๊ฐ์ด ์ถํํด ์ฃผ์ค ๊ฑฐ์ฃ ?. #BusinessAnniversary #6YearAnniverary
0
1
21
๐ #Web3 ์ด์ฉ์, ๊ฑฐ๋์, ํ๋ก์ ํธ ๋น๋๋ฅผ ๋ณดํธํ๋ ํตํฉ ๋ณด์ ํ๋ซํผ.ChainLight DART(Digital Asset Risk Tracker)๋ฅผ ๋ฐ์นญํ์ต๋๋ค!. DART๋ฅผ ํตํด ์น3์์ ์ฐ์ฌํ๋ ๋ค์ํ ์ทจ์ฝ์ ๊ณผ ์ํ์ผ๋ก๋ถํฐ ๋ณดํธ๋ฐ์ผ์ธ์. ์๋ ๋งํฌ๋ฅผ ๋๋ฌ DART์ ์ ์ํ ์ ์์ต๋๋ค ๐.
0
7
20
Of course, there's 0xmonaco racing still going on for another couple hours. but apparently we are not good racers :p.
0
1
20
์ฒญ๋
์ด ์ผํ๊ธฐ ์ข์ ๊ธฐ์
ํฐ์ค๋ฆฌ! ๐โโ๏ธ. ์ทจ์ฝ์ ์ฐ๊ตฌ Vulnerability Research ํ์.ํฐ์ค๋ฆฌ ์ต์ฐ์ ์ฒญ๋
์ด ์๋ค๋๋ฐ์. ๊ณ ๋ฑํ์ ์ธํด heegong์ด ๊ฒฝํํ ํฐ์ค๋ฆฌ๋ ์ด๋ ์๊น์?.ํฐ์ค๋ฆฌ ์ธํด ์ํ์ ํ์ธํด ๋ณด์ธ์!.๐ #ํฐ์ค๋ฆฌ #Theori #์ธํฐ๋ทฐ #์ธํด #Intern #Vulnerability.
0
4
19
โ ๏ธ 2024 ์๋ฐ๊ธฐ, ์ฃผ๋ชฉํด์ผ ํ ๋ณด์ ์ฌ๊ฑด๋ค. LockBit Takedown.โข ์
๋ช
๋์ ๋์ฌ์จ์ด ์กฐ์ง LockBit์ด ๊ตญ์ ์์ฌ๊ธฐ๊ด์ ๊ณต์กฐ๋ก ์ฅ์
๋นโํ์ง๋ง, ๊ณง๋ฐ๋ก ํ๋ ์ฌ๊ฐ.โข ์ง์์ ์ธ ๋์ฌ์จ์ด ๋๋น ํ์. XZ Backdoor.โข ์ ๋์ค ๋ฐ ์๋์ฐ ์์ถ ์ ํธ๋ฆฌํฐ XZ์ ๋ฉ์ธํ
์ด๋๊ฐ ๋ฐฑ๋์ด๋ฅผ.
0
4
19
Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7. * Added RIPEMD160 to the default provider. * Fixed regressions introduced in 3.0.6 version. * Fixed two buffer overflows in punycode decoding functions. ([CVE-2022-3786]) and ([CVE-2022-3602]).
0
5
19
๐ก #FrontEnd ๋ณด์ ์ํ, ์ด๋ป๊ฒ ๊ทน๋ณตํ ๊น์?. #ํ๋ก ํธ์๋ ๊ฐ๋ฐ์๋ผ๋ฉด ๋๊ตฌ๋ ๊ฒช๊ณ ์์.๋ณด์ ์ํโ ๊ณผ ๊ทน๋ณต ๋ฐฉ์, ์ค์ ์ฌ๋ก.๋ง์๊ณ ๐ ์ ์ตํ ๋คํธ์ํน๊น์ง!. ํฐ์ค๋ฆฌ๊ฐ ์คํ๋ผ์ธ์ผ๋ก ์ฌ๋ฌ๋ถ์ ์ฐพ์๊ฐ๋๋ค. ๋ชจ๋ 9์ 14์ผ #OpenTRS ์์ ๋ง๋์!.๐ #ํฐ์ค๋ฆฌ #์ธ๋ฏธ๋ #Seminar
0
10
17
Theori๋ Web3 ๋ณด์์ ์ํด ๋ฌด์์ ํ๊ณ ์์๊น์?. #๋ธ๋ก์ฒด์ธ ๋ฐ์ดํฐ๋ฅผ ์ดํผ๊ณ ์ํ ๊ด๋ฆฌ๋ฅผ ํ๋ฉฐ Web3 ์ธ์์ ์์ ํ๊ฒ ๋ง๋๋ ํ์
๋๋ค. #Web3 ์ธ์์ ๋ฐ๊ฒ ๋น์ถ๋ @chainlight_io ํ juno, mika, qwaz์ ์ด์ผ๊ธฐ,.์ง๊ธ ํ์ธํด ๋ณด์ธ์!. #ํฐ์ค๋ฆฌ #์ธํฐ๋ทฐ #์ฒด์ธ๋ผ์ดํธ.
0
6
18
Theori์ AI ํ์ ์ด๋ค ์ผ์ ํ ๊น์?. ๋ ๋ง์ ์ฌ๋๋ค์๊ฒ ๋ ์์ ํ ๋ณด์ ์๋น์ค๋ฅผ ์ ๊ณตํ๊ธฐ ์ํด.์ด์ ๊ป ์ธ์์ ์๋ ๋ณด์์ ์ธ๊ณต์ง๋ฅ์ ๋ง๋๋ ํ. AIOS ํ noah์ ์ด์ผ๊ธฐ, ์ง๊ธ ํ์ธํด ๋ณด์ธ์!. #ํฐ์ค๋ฆฌ #Theori #์ธํฐ๋ทฐ #AIOS #์ธ๊ณต์ง๋ฅ #AI #๋ณด์.
1
5
16
์ฝ 9๋ง ๋ช
์ด ์ฃผ๋ชฉํ ๋ฐ๋ก ๊ทธ ์ทจ์ฝ์ ! ๐พ.์ต๊ทผ ๊ฐ์ ๋จธ์ ์ ์ทจ์ฝํ ๋ถ๋ถ์ ๊ณต์ ํ ํฐ์ค๋ฆฌ ํ์.ํ์ ์ด๋ค ์
๋ฌด๋ฅผ ํ ๊น์?. ์ฌ์ด๋ฒ ์ํ์ ์ฌ์ ์ ๋ฐฉ์งํ๊ธฐ ์ํด ๋์์์ด ์ฐ๊ตฌํ๋ .Vulnerability Research ํ์ ์ด์ผ๊ธฐ๋ฅผ ํ์ธํด ๋ณด์ธ์!. ๐ #ํฐ์ค๋ฆฌ #Theori #์ธํฐ๋ทฐ #์ทจ์ฝ์ .
0
2
18
๐ก ํฐ์ค๋ฆฌ๋ ์ง๊ธ Open TRS ์ค!. ๊ฐ์๋จธ์ , ๋ฆฌ๋
์ค ์ปค๋ TCP, V8 ์์ง ๋ฑ.์๋ ํด๋์ค ํด์ปค์ ํดํน ์ฐ๊ตฌ๋ฅผ ๊ณต์ ํ๊ณ ์์ต๋๋ค.
๐ก ์๋ ํด๋์ค ํด์ปค๋ค์ ์ฐ ํดํน ์ฐ๊ตฌ.Open Theori Research Seminar์์ ๊ณต์ ํฉ๋๋ค! . ๊ฐ์๋จธ์ ์ทจ์ฝ์ , ๋ฆฌ๋
์ค ์ปค๋ TCP 0-Day์.V8 ์์ง ์ต์คํ๋ก์ ๊ธฐ๋ฒ ๋ณ์ฒ์ฌ,.์ธ๊ณ ํดํน๋ํ ์ฐ์น ์ทจ์ฝ์ ๋ถ์๊น์ง!. 8์ 27์ผ(ํ) ์คํ 4์.30์ธ ํ์ ๋ ์ธ์์ผ๋ก ์งํ๋๋ ์๋๋ฌ ์ ์ฒญํ์ธ์!.๐
0
3
16
๐ ์ฑ๋ฅ๊ณผ ํธ์์ฑ์ ์ํ ๊ฐ๋ฐ์ด ๋ณด์ ์ํ์ผ๋ก ์ด์ด์ง ์ ์์ต๋๋ค. Hidden XSS, HTTP/2 Rapid Reset DoS ๋ฑ.๊ฐ๋ฐ์ ์ฌ์ด๋ ์ดํํธ๋ก ๋ฐ์ํ ๋ณด์ ์ํ ์ฌ๋ก๋ฅผ ํ์ธํด ๋ณด์ธ์!.๐ #ํฐ์ค๋ฆฌ #Theori #OffensiveScurity #Hacking #Hacker #๊ฐ๋ฐ #XSS #HTTP2 #Apple.
2
4
17
Our researcher will speak about browser and kernel 1-days for Windows. Also releasing a JS library for browser exploitation. #POC2017.
0
6
18
" ์๋์ ์ธ ๊ธฐ์ ๋ ฅ๊ณผ ์ค๋ฆฌ ์์์ผ๋ก.์ฌ์ด๋ฒ ์์ ๋ชจ๋ ๋ฌธ์ ๋ฅผ ํด๊ฒฐํ๊ธฐ ์ํด ๋
ธ๋ ฅํด์ ". ์ฌ์ด๋ฒ ํด๊ฒฐ์ฌ๊ฐ ๋์ด ์ธ์์ ๋ณดํธํ๋.SA ํ reset์ ์ธํฐ๋ทฐ๋ฅผ ์ง๊ธ ํ์ธํด ๋ณด์ธ์!. #ํฐ์ค๋ฆฌ #Theori #์ธํฐ๋ทฐ #SA #์ปจ์คํ
#Consulting #๋ณด์.
1
1
18
๐ ํฐ์ค๋ฆฌ๋ ์ธ์ฌ ์ฑ์ฉ ์ค #HIRING. ๋ง์ผํฐ, ์ ๋ต ๊ธฐํ, ๋ณด์ ์ปจ์คํดํธ, ์์ง๋์ด, ๋์์ด๋ ๋ฑ.์ ์ง๊ตฐ ์ฑ์ฉ์ ์งํํ๊ณ ์์ต๋๋ค!. ๊ฐ์ฅ ํ์ ์ ์ธ ์ฌ์ด๋ฒ ๋ณด์ ํ์ฌ, ํฐ์ค๋ฆฌ์ ํจ๊ป.์์ ํ ์ธ์์ ๋ง๋ค์ด๊ฐ์ ๐. #ํฐ์ค๋ฆฌ #theori #์ฑ์ฉ #์ฑ์ฉ๊ณต๊ณ #์ทจ์
#๋ฉด์ .
2
8
16
Another day, another win โ Theori on the podium at Hack the DRONE 2024! ๐ค. Theoriโs researchers @bbbig12 and @s0ngsari530 with Team GYG took 3rd place ๐ฅ. Hack the DRONE, hosted by the Korean Drone Security Association, saw 164 teams from 35 countries competing to uncover drone
0
1
20
Congratulations @chainlight_io for winning the NumenCTF. Thank you @numencyber for organizing a great Web3 competition!.
๐ฅณ We're excited to announce that we WON a Web3 CTF competition!. โ
Check out the NumenCTF scoreboard and take a look at our impressive performance!. โณ Even though we were ~15 hours late to the party compared to other teams, we managed to take the lead.
0
2
14
2023๋
5์, ํฐ์ค๋ฆฌ๋ ์๋ก์ด ๋ณด๊ธ์๋ฆฌ๋ก ์ด์ฌํ์ต๋๋ค. ์ง๋ 1๋
์ฌ์ด ๋ ๋ฐฐ ์ด์ ๋์ด๋ ๊ตฌ์ฑ์๊ณผ ํจ๊ป ์พ์ ํ ๊ณต๊ฐ์์ ์
๋ฌดํ ์ ์๋๋ก ํ์ฅ ์ด์ ํ๋๋ฐ์. ํฐ์ค๋ฆฌ์ ์๋ก์ด ์คํผ์ค๋ ์ด๋ค ๋ชจ์ต์ผ๊น์?.Theori Universe๋ก ์ถ๋ฐ ๐๐จ. #ํฐ์ค๋ฆฌ #์คํผ์ค์ด์ .
0
3
16
[๐ฐ] "์ธ์ ๊ฐ, ์ฐ๋ฆฌ๋ค ๋๋ถ์ ์ธ์์ด ๋ ์์ ํด์ก๋ค๊ณ ๋งํ ์ ์๋๋ก ๋
ธ๋ ฅํ ๊ฒ๋๋ค.". ๋ฐํ์ฝ 7ํ, ๊ตญ๋ด์ธ ํดํน๋ํ 80์ฌํ ์ฐ์น.์ด๋ง์ด๋งํ ๊ธฐ๋ก์ ๋ณด์ ํ ํ์ดํธํ ํด์ปค.๋ฐ์ธ์ค Theori ๋ํ์ ์ธํฐ๋ทฐ๋ฅผ ํ์ธํด ๋ณด์ธ์!. #ํฐ์ค๋ฆฌ #์ธํฐ๋ทฐ #ํด์ปค.
0
6
17
LoL ๊ฒ์ DDoS ์ฌํ๋ฅผ ๋ถ์ํด ํ์ ๊ฐ ๋ ํ์ดํธํ ํด์ปค,.๋ณธ์
์ ๊ตญ๋ด ์ต๋ ๊ท๋ชจ ์ฌ์ด๋ฒ ๋ณด์ ๊ต์ก ํ๋ซํผ ๊ฐ๋ฐ์!?.๐ ํดํน์ ๊ณต๋ถํ๋ ์ฌ๋์ด๋ผ๋ฉด ๋ชจ๋ ๊ฑฐ์ณ๊ฐ ํ๋ซํผ, @dreamhack_io.๋๋ฆผํต์ ์ด๋ป๊ฒ ํ์ํ๊ณ , ๊ฐ๋ฐ ํ์ ์ด๋ค ๋ฌธํ๋ฅผ ๊ฐ์ง๊ณ ์์๊น์? . ์ง๊ธ ๋ฐ๋ก ํฐ์ค๋ฆฌ.
0
5
16
์ฌ์ด๋ฒ ๊ณต๊ฐ์ โ์จ๊ฒจ์ง ์ํธ์โ๋ฅผ ๋ฐํ๋ค. ๋คํธ์ํฌ์ ์๋ก์ด '์ '์ด ํ๋์ฉ ์ถ๊ฐ๋ ๋๋ง๋ค.์ฌ์ด๋ฒ ๋ณด์์ ์ค์์ฑ๊ณผ ์๊ธ์ฑ์ ๋์ฑ ์ค์ํ๊ธฐ์. ๋์งํธ ์ํธ์๋ค์ ๋ ์นด๋ก์ด ํต์ฐฐ๋ ฅ๊ณผ.์ง์น ์ค ๋ชจ๋ฅด๋ ์ธ๋ด์ ๋๊ธฐ๋ฅผ ๊ฐ์กฐํฉ๋๋ค. HACK created by THEORI. #DOTHACK2024
0
10
15