Zero Day Initiative
@thezdi
Followers
77,474
Following
17
Media
820
Statuses
3,329
Trend Micro’s Zero Day Initiative (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Austin, Texas
Joined November 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Namorados
• 368884 Tweets
HAPPY ANNIVERSARY BTS
• 362372 Tweets
Congreso
• 313059 Tweets
Elon
• 261553 Tweets
Ciotti
• 221160 Tweets
Jerry West
• 155709 Tweets
Nigel
• 119563 Tweets
$COOKIE
• 96464 Tweets
The Logo
• 88207 Tweets
Happy 11th
• 82558 Tweets
Zemmour
• 71265 Tweets
Rohit
• 61657 Tweets
Kohli
• 59371 Tweets
Jamundí
• 55536 Tweets
Polis
• 54910 Tweets
LIKES ARE PRIVATE NOW
• 45898 Tweets
Mancuso
• 43627 Tweets
Virat
• 42645 Tweets
Powell
• 42516 Tweets
欄非公開
• 34653 Tweets
#BattleForNo10
• 22715 Tweets
Bullrich
• 19515 Tweets
Super 8
• 19225 Tweets
TRES DE FEBRERO IS COMING
• 16441 Tweets
Lia Thomas
• 15250 Tweets
Dube
• 13163 Tweets
Thiago Motta
• 13114 Tweets
Bookmarks
• 12721 Tweets
Inter Miami
• 12241 Tweets
Pinned Tweet
Pwn2Own Vancouver 2024 is complete! Over the 2 day event, we awarded $1,132,500 for 29 0-days. Join
@dustin_childs
and
@MaliciousInput
as they cover some of the highlights, including Master of Pwn winner
@_manfp
exploiting all 4 web browsers in the event.
0
20
95
That's a wrap! Congrats to
@fluoroacetate
on winning Master of Pwn. There total was $375,000 (plus a vehicle) for the week. Superb work from this great duo.
33
268
937
Windows
#UAC
isn't a favorite feature, but
@HexKitchen
details a bug submitted by Eduardo Braun Prado that shows how you can use it to escalate from guest to SYSTEM (includes video)
8
336
658
The
@fluoroacetate
duo does it again. They used a type confusion in
#Edge
, a race condition in the kernel, then an out-of-bounds write in
#VMware
to go from a browser in a virtual client to executing code on the host OS. They earn $130K plus 13 Master of Pwn points.
25
226
649
Confirmed! Valentina Palmiotti (
@chompie1337
) with IBM X-Force used an Improper Update of Reference Count bug to escalate privileges on Windows 11. She nailed her first
#Pwn2Own
event and walks away with $15,000 and 3 Master of Pwn points.
56
75
653
CONFIRMED!
@Synacktiv
successfully executed a TOCTOU exploit against Tesla – Gateway. They earn $100,000 as well as 10 Master of Pwn points and this Tesla Model 3.
#Pwn2Own
#P2OVancouver
17
140
622
CONFIRMED!
@Synacktiv
used a heap overflow & an OOB write to exploit the Infotainment system on the Tesla. When they gave us the details, we determined they actually qualified for a Tier 2 award! They win $250,000 and 25 Master of Pwn points. 1st ever Tier 2 award. Stellar work!
7
121
494
While
@bl4sty
only scored a COLLISION (non-unique bug) - Peter definitely gets a boatload of STYLE POINTS for this hack on a Canon printer @
#P2OToronto
#Pwn2Own
14
72
487
Success! OV was able to demonstrate his exploit of
#Microsoft
#Teams
. They're off to the disclosure room with the details. If confirmed, it will be worth $200,000 USD and 20 Master of Pwn points.
3
133
424
Wow.
@mj0011sec
did it. Used heap overflow in Edge, type confusion in kernel, & uninit buffer in VMware for complete virtual machine escape.
9
343
392
Congrats to
@RZ_fluorescence
on being named Master of Pwn for
#Pwn2Own
2018! His exploits for Edge and Firefox earned him $120,000, this sweet jacket, and the trophy. We hope he returns in the future to defend his title.
9
119
377
In a new guest blog, the folks from Trend Micro Research provide an in-depth analysis of CVE-2019-0708, the recent Remote Desktop Services bug.
0
218
337
Confirmed!
@fluoroacetate
leveraged a race condition leading to an out-of-bounds write to escalate from a
#VMware
client to execute code on the host OS. The effort brings them another $70,000 and 7 more Master of Pwn points. Their Day 1 total is $160,000 USD.
5
85
336
Confirmed! Tencent Security - Team Sniper used a Windows kernel UAF, a VMware infoleak & an uninitialized VMware buffer to go guest-to-host.
3
282
330
Confirmed!!! The
@Synacktiv
team used a single integer overflow to exploit the
#Tesla
ECU with Vehicle (VEH) CAN BUS Control. The win $200,000, 20 Master of Pwn points, and a new Tesla Model 3 (their second!). Awesome work as always.
#Pwn2Own
#P2OVancouver
9
79
332
Details on CVE-2019-0546 from
@HexKitchen
: Visual C++ compiler bug affecting Visual Studio 2015 & '17.
Quick PoC:
void f1()
{
int y=1;
[&](){
__asm
{
mov y,0xdeadbef3
}
}();
}
int main()
{
volatile int r=1;
void(*f)()=f1;
f();
return r;
}
0
173
301
Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks: A new blog from
@HexKitchen
detailing how a technique first submitted by
@KLINIX5
can change a DoS into an LPE on
#Windows
. See details & source code examples at
1
95
292
No info leak, no ROP, no shellcode? No problem!
@HexKitchen
describes his no shellcode exploit of a write-what-where vulnerability in
#IE
. Details at
5
174
280
Success!
@testanull
of
@starlabs_sg
was able to execute a 2-bug chain on Microsoft SharePoint. They earn $100,000 and 10 Master of Pwn points.
#Pwn2Own
#P2OVancouver
6
47
265
The
@Synacktiv
team shows off their remote exploit of the
#Tesla
Model 3. Earlier today, this research earned them $75,000 during
#Pwn2Own
.
8
97
263
Wow. Just wow. Starting from a web browser within a virtual client and ending with code execution on the host OS. Now off to the disclosure room for all the details.
5
72
264
CVE-2024-30043:
@chudyPB
details this
#SharePoint
XXE he discovered. He calls it one of the craziest XXEs he has ever seen, both in terms of vuln discovery and the method of triggering. He shows how it can be used for info disclosure & NTLM relaying.
3
87
256
Success!
@Synacktiv
used a TOCTOU bug to escalate privileges on Apple macOS. They earn $40,000 and 4 Master of Pwn points.
#Pwn2Own
#P2OVancouver
1
43
246
That brings
#Pwn2Own
Tokyo 2019 to a close. Congrats to
@fluoroacetate
on successfully defending their Master of Pwn title. In two days, they racked up $195,000 for their research. Congrats!
7
44
233
In a new guest blog,
@orange_8361
provides details on how he used 3 bugs to get code execution on
#Microsoft
#Exchange
during
#Pwn2Own
. He calls it ProxyShell. We call it amazing. Read the details a
1
104
237
Confirmed! The Synacktiv team used a heap overflow to take over the
#Canon
ImageCLASS MF644Cdw printer. In doing so, they win $20,000 and 2 Master of Pwn points.
#Pwn2Own
#P2OAustin
1
45
237
And the Master of Pwn is.....
A tie!
Congrats to Team DEVCORE, OV, and Daan Keuper and Thijs Alkemade. All are considered Master of Pwn and receive Platinum status next year. Thanks again to all who participated. It was an amazing contest, & we couldn't have don it without you.
1
55
234
Detailing CVE-2020-0932 - a now patched RCE bug in
#Microsoft
#SharePoint
reported to us by an anonymous researcher. The blog lays out how code exec is possible using TypeConverters and provides video demonstration and PoC. Read the post at
1
125
227
Success!
@abdhariri
of
@HaboobSa
completed his attack against Adobe Reader using a 6-bug logic chain exploiting multiple failed patches which escaped the sandbox and bypassed a banned API list. He earns $50,000 and 5 Master of Pwn points.
#Pwn2Own
#P2OVancouver
12
40
220
The teams keep upping the game on the printer hacks! Ever been Rick-rolled on a printer? Didn't think so!
#P2OToronto
#Pwn2Own
1
37
219
Want to know how to exploit the recently patched
#Microsoft
#Exchange
CVE-2020-0688?
@hexkitchen
provides the details on how to take advantage of the fixed cryptographic keys used during installation.
6
143
220
A deep look at CVE-2020-1181: RCE in
#SharePoint
through Web Parts. An anonymous researcher sent this to us and
#Microsoft
patched it last week. Includes step-by-step PoC.
4
102
222
Introducing
#ProxyToken
, which allows an unauthenticated attacker to modify the configuration of a victim’s mailbox on an
#Exchange
Server. Originally reported to us by Le Xuan Tuyen,
@HexKitchen
details CVE-2021-33766 & shows how it could be exploited.
3
123
221
That brings to an end
#Pwn2Own
Tokyo 2018! Congrats to team
@fluoroacetate
on earning 45 points and being crowned Master of Pwn!
#P2OTokyo
10
48
217
Confirmed! The
@fluoroacitate
duo used a JIT bug in the renderer to win $35,000 and a Model 3. What a great way to kick off the automotive category of
#Pwn2Own
.
4
49
216
That’s a wrap for
#P2OVancouver
! Contestants disclosed 27 unique 0-days and won a combined $1,035,000 (and a car)! Congratulations to the Masters of Pwn,
@Synacktiv
, for their huge success and hard work! They earned 53 points, $530,000, and a Tesla Model 3.
#Pwn2Own
4
50
216
In our 1st
#Pwn2Own
#AfterDark
entry this evening,
@Synacktiv
used an improper certificate validation and a stack-based buffer overflow to compromise the NETGEAR router via the WAN interface. They earn $20,000 and 2 critical Master of Pwn points.
#P2OAustin
4
46
209
Confirmed! The team of
@fluoroacetate
used an integer overflow in JIT and a heap overflow to escape the sandbox. The successful
#Safari
exploit chain earned them $55,000 and 5 Master of Pwn points.
5
56
200
Confirmed! After plenty of drama -including reworking his exploit live, on the clock, in front of a crowd-
@RZ_fluorescence
used 2 UAFs in Edge and an integer overflow in the kernel to win $70,000 and 7 points towards Master of Pwn.
#Pwn2Own
3
66
206
A full analysis of the
#Microsoft
#Exchange
code execution bug released today (CVE-2018-8302) is now available. Includes a video demo of the exploit in action. Read the details at .
2
162
201
CVE-2019-5420, an RCE bug in Ruby on Rails - originally discovered by
@ooooooo_q
- receives the full write-up and PoC treatment from the Trend Micro Research team. Details and PoC at .
0
108
202
In a new guest blog,
@cogallag
describes the bug he used to exploit
#Oracle
#VirtualBox
at
#Pwn2Own
Vancouver. He gives an in-depth analysis of how he used a race condition to win $20,000 at the contest.
0
60
204
The first ever
#Pwn2Own
Automotive is in the books! We awarded $1,323,750 throughout the event and discovered 49 unique zero-days. A special congratulations to
@synacktiv
, the Masters of Pwn! Stay with us here and at the ZDI blog as we prepare for Pwn2Own Vancouver in March.
2
46
202
They did it. A successful demonstration by the
@fluoroacetate
duo on the Model 3 internet browser. Now off to the disclosure room for details and confirmation.
5
54
198
CVE-2021-20226:
@_wmliang_
details this
#Linux
privilege escalation via io_uring originally submitted by
@ga_ryo_
. The bug leads to a UAF on any file structure, which can be leveraged for LPE in the kernel.
2
84
196
Two different RCE bugs in
#IBM
#WebSphere
are detailed by
@zebasquared
in his latest blog. Read the root cause and see video demos of CVE-2020-4464 and -4448 at
1
106
196
Confirmed! OV used a pair of bugs to compromise
#Microsoft
#Teams
and get code execution. He wins $200,000 and 20 points towards Master of Pwn.
#Pwn2Own
#P2O
3
54
191
Confirmed! The DEVCORE team leveraged an integer underflow to gain code execution on the
#Sonos
One speaker. This unique bug chain earns them $60,000 and 6 points towards Master of Pwn.
#Pwn2Own
#P2OAustin
1
31
191
Miss
@chudyPB
's talk on .NET deserialization bugs during
@hexacon_fr
? You can check out his full white paper at:
And be sure to catch his exploit videos for
#Exchange
() and
#SolarWinds
()
0
76
189
Boom! It takes
@abdhariri
less than 15 seconds to kick off
#Pwn2Own
Vancouver with a successful exploit of
#Adobe
Reader on macOS. He's off to the disclosure room to discuss the details of his research.
8
32
181
CVE-2019-12527: Code Execution on Squid Proxy Through a Heap Buffer Overflow - the Trend Micro Research team provides details about this recently patched vuln.
2
91
183
In a new guest blog,
@kkokkokye
describes how CVE-2021-26900 can be used to escalate privileges on
#Windows
through win32k. His write-up includes root cause, patch analysis, and PoC. Read the details at
0
83
174
CVE-2020-1300 - Remote code execution via
#Windows
CAB files. Our colleagues from Trend Micro Research bring all the details about this recently patched bug. Read them at
0
102
173
At
#Pwn2Own
Vancouver,
@hi_im_d4rkn3ss
of
@starlabs_sg
used 2 bugs to exploit
#VMware
Workstation. CVE-2023-20869/20870 are now patched, so he provides details of the uninitialized variable & stack-based overflow bugs he used to win $80K. Read the blog at
0
55
175
A successful
#VMware
#ESXi
demo at
#Pwn2Own
is worth $150K.
@_wmliang_
had 2 unauth RCEs in ESXi patched last week. Not only does he break down the details in his latest blog, he went further & wrote a full code execution exploit for one of the bugs.
0
91
172
Analyzing a trio of RCE bugs in
#Intel
wireless drivers -
@trendytofu
looks at CVE-2020-0558 and provides details on the root causes. He also includes PoC for you to test your adapters. Details at
0
91
169
CVE-2022-23088: A new guest blog from
@m00nbsd
describes a 13-yr-old heap overflow in the Wi-Fi stack that allows network-adjacent attackers to execute code on affected installations of FreeBSD Kernel. Includes root cause & PoC. Read the details at
5
62
169
Confirmed! Jack Dates from RET2 Systems used an integer overflow in Safari and an OOB Write to get kernel code execution. He wins $100K plus 10 Master of Pwn points to start the contest off right!
1
27
169
It's a partial win. Despite the great demonstration (with ASCII art), the bug used by
@alisaesage
had been reported prior to the contest. It's still great work, & we're thrilled she broke ground as the 1st woman to participate as an independent researcher in
#Pwn2Own
history.
89
22
167
Announcing
#Pwn2Own
Toronto 2022! Phones, Routers, Automation Hubs, Smart Speakers, & NAS devices all return as targets. And introducing the SOHO Smashup! More than $1,000,000 in prizes available. Read all the details at
#P2OToronto
1
55
161
Is exploiting a null pointer deref for LPE just a pipe dream?
@izobashi
shows the process discovering a couple of
#Bitdefender
AV bugs (CVE-2021-4198/CVE-2021-4199). The exploit leads to LPE by exploiting a link following issue.
1
51
159
In his first blog for us,
@zebasquared
details a recently patched deserialization bug that could lead to RCE in the
#Oracle
#WebLogic
server. Read all the details at
1
82
154
Some remotely exploitable ESXi goodness from
@_wmliang_
: - We'll blog about the details soon.
0
71
154
That concludes Day 2 of
#P2OVancouver
– we awarded $475,000 for 10 unique zero-days today, bringing the total awarded to $850,000! Stay tuned tomorrow for the final day of the competition.
#Pwn2Own
2
37
99
With all of the points totaled,
@starlabs_sg
has been crowned Master of Pwn for
#Pwn2Own
Vancouver 2022! They wan $270,000 and 27 points during the contest.
10
24
155
Not only did
@SinSinology
Rick Roll the Ubiquity charger, he turned on the camera, which is normally disabled by the manufacturer. He’s off to the disclosure room to provide all the details.
5
32
154
Getting RCE in Office through URI handlers.
@hexkitchen
details the now patched bug originally submitted by the prolific rgod.
0
91
153
In a new guest blog, Marcin Wiązowski details CVE-2023-21822 – a Use-After-Free in win32kfull that could lead to an LPE. He provides root cause, looks at how it could be exploited, and reviews the patch from
#Microsoft
. Read all the details at
3
55
152
Success! To kick things off for
#Pwn2Own
2022 Day 2 in style, David BERARD and Vincent DEHORS from
@Synacktiv
demonstrated code execution on the
@Tesla
infotainment system resulting in a arbitrary file write and a switch unlock.
#P2O15
2
44
152
Confirmed! The DEVCORE team of
@orange_8361
,
@scwuaptx
and
@mehqq_
used an elegant heap overflow to get code execution on the
#Synology
NAS during their 2nd attempt. They earn themselves $20,000 and 2 Master of Pwn points.
0
24
152