Olivia
Online
Major_Tom
@MajorTomSec
Underground control to Major_Tom. Security ninja @Synacktiv CTF Player @SentryWhale
Lille, France
Joined April 2013
385 Following
3.1K Followers
1.8K Posts
🔥 Excited to announce our keynote!
We are thrilled to welcome Bruce Dang (@brucedang) and Thai Duong (@XorNinja) from @calif_io! With all their recent AI buzz, we had to check they aren't just LLMs in a trench coat. 🤖🧥
🎟️ Ticketing opens this Thursday at 2:00 PM CEST ⏰
Proud to finally share the write-up of our VMware Workstation escape from P2O Berlin 2025, featuring a generic bypass for Windows LFH mitigations using side-channels.
I hope it will be as fun to read as it was to exploit!
https://t.co/TGOc6LejsS
At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller.
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.
🔍 Full technical write-up 👇
https://t.co/R0E5Uqql1E
At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller.
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.
🔍 Full technical write-up 👇
https://t.co/R0E5Uqql1E
Confirmed! Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) used a heap-based buffer overflow to exploit #VMware Workstation. They earn $80,000 and 8 Master of Pwn points - sending the contest to over $1,000,000 total! #Pwn2Own
Who to follow
mr.gas
@gabaas1
Rinnegatamante
@Rinnegatamante
Founder of @VitaDB1 and creator of VitaGL.
The opinions stated here are my own, not those of my company.
Biz: [email protected]
The Zett
@The_Zett
I tweet about various console hacking related topics. I also tweet about other stuff I want to share. I am usually located at the end of the Alphabet.
Boom! Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) close out #Pwn2Own in style with a guest-to-host escape in VMware Workstation. If confirmed, it will put the total contest payout at over $1,000,000! #Pwn2Own
A successful collision! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics used 2 bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 & 11.5 Master of Pwn points. #Pwn2Own
In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b took a long journey down a rabbit hole to understand its root cause.
https://t.co/q03QTtw373
I've published the repo for Byepervisor (we love named vulns out here). Contains exploit implementation for two PS5 hypervisor bugs for 2.xx and lower. Slides from the talk + vod should hopefully be published soon.
https://t.co/YBrHXOpzQA
Feels great when an idea can finally be tested and works out after like a year :)
Shouts to ChendoChap for working out the ROP chain. Protip: staying < 3.00 is a good idea.
Decided to publish PPPwn early. The first PlayStation 4 Kernel RCE. Supporting FWs upto 11.00.
https://t.co/INayQSp8fL
Here we are! 🥷 Masters of pwn for the third time 🎉 Congratulations to all the ninjas involved! #Pwn2Own
For the second talk of the day, @OnlyTheDuck and @MajorTomSec present their methodology on attacking virtualization solutions. #GreHack23
🎥 Recordings of #HEXACON2023 talks are now available on our YouTube channel: https://t.co/WdLfbSbxi3
The program for @GrehackConf is out with 3 Synacktiv talks!
🖥️ Virtualization from an attacker Point-Of-View: @OnlyTheDuck & @MajorTomSec
🚘 Unlocking the Drive: Exploiting Tesla Model 3: @_p0ly_ & @vdehors
🐧 Ubuntu Shiftfs: Unbalanced Unlock Exploitation Attempt: @jbcayrou
As announced at #FIC, @Synacktiv is opening a new office in the center of #lille with a team of 7 ninjas.
All our positions are now open in Lille 📍7 Boulevard Louix XIV.
If you want to join us : [email protected]
kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices: https://t.co/wR7MSxdQ5L
📦 Breaking Out of the Box: Technical analysis of VirtualBox VM escape with Windows LPE, by Thomas Bouzerar (@MajorTomSec) and Thomas Imbert (@masthoon)
[ZDI-23-486|CVE-2023-21988] (Pwn2Own) Oracle VirtualBox GPA Request Handling Uninitialized Memory Information Disclosure Vulnerability (CVSS 6.0; Credit: @MajorTomSec from @Synacktiv) https://t.co/fqWHFI5m3j
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers