Olivia
Online
Jiantao Li
@CurseRed
Security Researcher @starlabs_sg , playing CTF with @r3kapig
Joined February 2010
399 Following
2.2K Followers
384 Posts
Ever wondered what happens when you pickle a mailbox? 🥒📬
(No, it’s not a recipe, it’s a vulnerability.)
Our team breaks down CVE-2025-20393 in a new deep dive post covering root cause, internals & exploitation details
https://t.co/VLx4amr7J9
Written by @CurseRed & @bestswngs
🖨️ Brother, can you spare us a root shell?
We were ready for Pwn2Own but they patched it on the LAST DAY of registration 😭
Hope you enjoy this new blog post from us.
📖 https://t.co/TpVeBDHDWj
Confirmed! @starlabs_sg used a heap based buffer overflow to exploit the @CanonUSA imageCLASS MF654Cdw. They earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland
Who to follow
sakura
@eternalsakura13
Lead Security Researcher @zellic_io. Top 3 Chrome VRP. Top 2 Facebook Whitehat. MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con & OffensiveCon speaker.
Zeddy
@ZeddYu_Lu
Web Developer | CTFer | Security Researcher. Play CTFs w/ Tea Deliverers and @Water_Paddler. Like cats. Looking for jobs in HK and SG.
swing
@bestswngs
Security Researcher Focus on PWN/Reverse https://t.co/OFy100ZZri
Blog: https://t.co/yRv3acwHEJ
2025 off-by-one speaker
The interns spent almost two months on this. Congratulations to @hi_im_d4rkn3ss @gerrard_tai @KaligulaSec Lin Zewei and Tan Ze Jian
Recently our co-worker, @CurseRed found and reported some bugs in OnlyOffice while on a pentest engagement.
We are always preparing organisations to protect against the ever-evolving threat of cyber attacks.
Lost in Translation: Apache Vulnerabilities That Don’t Count (Literally)
Found a few bugs in Apache projects in 2024 - SSRF in Pony Mail Foal & RCE on whimsy\.apache\.org
Fixed but no CVEs
Sharing is Caring: https://t.co/XHfDoAKbZC
Found by @CurseRed & former intern Devesh.
Some of my bugs are patched in this month's patch tuesday, including the ones I used for Pwn2Own Berlin 2025.
CVE-2025-50167 Race UAF in Hyper-V
I hope everyone got some rest after @DownUnderCTF this weekend. My colleague @hash_kitten wrote up a blog post on a novel technique for SQL Injection in PDO's prepared statements, required to exploit the “legendary” challenge, which only got one solve: https://t.co/ep3oa9898x
CASE CLOSED: CVE-2025-29824
0 public samples, 0 information
Suspect: Windows CLFS driver
Crime: UAF leading to Privilege Escalation
Status: ACTIVELY EXPLOITED ITW
Investigation: Debugged and documented
Case files: https://t.co/Ig6RbvhLmZ
Done by our intern, Ong How Chong
One of our current intern, @goatmilkkk shared his Chrome-atic escape adventure using CVE-2024-30088
Epic obstacles documented in it too!
https://t.co/pZH3WgQG91
🎉 Last weekend we participated in bi0sCTF 2025 as r3kapig and secured first place! 🥇 Huge thanks to @teambi0s for organizing such an amazing competition! 🙏 Congratulations to @ProjectSEKAIctf for second place 🥈 and @thehackerscrew1 for third place 🥉
When life gives you tangerines🍊
Intern Lin Ze Wei's task: Port a 2-bug exploit to Pixel 6 Pro
Problem: One bug "doesn't work"
Solution: Make it work with 1 bug
Sometimes the best research comes from working with what you think you have
https://t.co/bPqxoxaAGz
After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to @st424204, @n0psledbyte, @Peterpan980927 & @rainbowpigeon_
CVE-2025-23095 to CVE-2025-23107
📍 https://t.co/Fk4mE0HVeY
"Why is my exploit taking 10 minutes?"
*checks logs*
*sees 10,000 kernel warnings*
"...oh" 💡
Fresh Friday night read: our intern, Tan Ze Jian, on Mali exploitation - sometimes the fix is simpler than you think!
https://t.co/kIe2DTgFOU
Confirmed!! Dung and Nguyen (@MochiNishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validation of Array Index for the Windows privilege escalation. They earn $70,000 and 9 Master of Pwn points. #Pwn2Own
Big shoutout to @hi_im_d4rkn3ss & @gerrard_tai for flying over & represent us
To our 1st-timers Gerrard @cplearns2h4ck @MochiNishimiya for the awesome work
To @n0psledbyte & @st424204 for guiding the next gen & @_piers2 @bruce30262 who are part of it
Lets continue trying #Pwn2Own
Outstanding! Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin
Nicely done! Billy (@st424204) and Ramdhan (@n0psledbyte) of STAR Labs used a UAF to perform their Docker Desktop escape and execute code on the underlying OS. They earn $60,000 and 6 Master of Pwn Points.
Confirmed! Chen Le Qi (@cplearns2h4ck) of STARLabs SG combined a UAF and an integer overflow to escalate to SYSTEM on #Windows 11. He earns $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OBerlin
Last Seen Users on Sotwe
….
Seen from Turkey
Master'An
Seen from Indonesia
After Dark. 
Seen from Poland
Soka mak
Seen from Indonesia
แอบคนข้างบ้าน(ด้านมืด 18+)
Seen from Thailand
lelaki cadangan
Seen from United States
Chapinas de Corte GT
Seen from United States
fe;Dora🌸
Mamãe incestuosa
Seen from Switzerland
Bare Beach Dreams
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers