Olivia
Online
Mohamed Sayed - مُحَمَّد 🇵🇸
@FlEx0Geek
check @FahemSec
Joined January 2016
253 Following
4.1K Followers
1.4K Posts
Pinned Tweet
اصلح نفسك شوية تجميعات لبودكاست وسلاسل لتتعلم منها دينك.
https://t.co/L4GlTvbKXe
1/ My first MSRC experience, documented. I reported a 1-click account takeover in Microsoft Bing for Android
steal a signed-in user's OAuth tokens and leak all private files. They closed it "Not a Vulnerability" twice, and silently shipped
the fix twice.
بريطانيا : تم تبرئة محمد فاهر أماز من تهمة الاعتداء المزعوم على ضباط شرطة في مطار مانشستر
فشلت هيئتا محلفين في الوصول إلى حكم، ولن تجرى محاكمة إضافية
وكان أماز قد دافع عن والدته التي تعرضت لإساءة من الشرطة في المطار ، وقد نشرنا قصته سابقا
New research disclosed
فريق Dexpose و Darkatlas
قدرنا نعمل identity reveal ل Quellostanco
عضو في Int3x
اللي كان بيتارجت الجامعات والحكومات المصرية
We successfully conducted a full identity reveal on Quellostanco, an active member of the Int3x group, who was systematically targeting Egyptian universities and government entities.
https://t.co/FR45Q1jIOC
رحمه الله وغفر له وجعل عمله في ميزان حسناته.
الأخ أمين حارس مسجد في سان دييجو، اسْتَشْهَدَ في إطلاق نار بينه وبين مسلحين عشان يمنعهم يأذوا حد في المسجد أو يوصلوا للأطفال في جريمة من جرائم الكره والتطرف، أخونا أمين رحمه الله بطل. قبل الاستشهاد بكام يوم نزل البوست دا، لعله كان صادقاً فيما تمنى، سبحان الله.
إِنَّ اللَّهَ اشْتَرَىٰ مِنَ الْمُؤْمِنِينَ أَنفُسَهُمْ وَأَمْوَالَهُم بِأَنَّ لَهُمُ الْجَنَّةَ ۚ يُقَاتِلُونَ فِي سَبِيلِ اللَّهِ فَيَقْتُلُونَ وَيُقْتَلُونَ ۖ
No quotes
No spaces
No Parentheses
No Semicolons
Still SQLi....
Collab with @or4nge16hehe
https://t.co/3sImxZUAzs
#bugbounty
[2]After our failed competition, we headed to Apple Store and bought the mbp m5 and spent less than half an hour to set it up and found a fixed offset is changed 1 bit on it, so we just change 1 bit on our exp and it worked with a 100% success rate. Yes just 1 bit change, 1 to 2.
![ga1ois's tweet photo. [2]After our failed competition, we headed to Apple Store and bought the mbp m5 and spent less than half an hour to set it up and found a fixed offset is changed 1 bit on it, so we just change 1 bit on our exp and it worked with a 100% success rate. Yes just 1 bit change, 1 to 2. https://t.co/SzYzz0D3Ke](https://pbs.twimg.com/media/HIZRMiTXMAATG2c.jpg)
@moyix Is this bugs with a full exploit or it could be accepted without it.
And this one is human insight w/ LLM-assisted research. Took about one week to finish everything. The AI really rescued me from a lot of tedious work
— excluding the part where it changed the Domain Admin password, locked me out, and claimed it got RCE 🤦
مش طبيعي
Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
"ممنوع تدخل الجنة"!
ردا على المشككين في إسلام #بتول_علوش والمهتدين عموماً.
لاحظنا ان الكلمة الماضية "دعم وتأييد لبتول علوش" أثارت غير وقهر الشبيحة، فالحمد لله على ذلك. موتوا بغيظكم.
😓 Pwn2Own 2026
الفكرة دي (لها مراحل اصعب سيكا) لكن خدت مني تقريبا ٧ ��هور بدور فيها بالتجربة (علي فترات طبعا مش كل يوم يعني):
https://t.co/eHIPDlD47G
War criminals
My pwn2own first try: https://t.co/uEpEXwoX0w
@S1r1u5_ pwn2own lite
@_mccaulay nnnnice, I just reported it today to Litellm xD Nice catch. u win.
We are here: https://t.co/uEpEXwoX0w
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.
Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.
▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.
Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.
Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.
ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers