Olivia
Online
Pap Gergo
@PapGergo1
Joined March 2018
220 Following
8 Followers
280 Posts
After 6 months of extensive research, I have finally published a new blog post! It describes the journey from breaking into my router using a couple of command injections to finding and exploiting a remote heap overflow in a MediaTek kernel driver :D
https://t.co/FeOrZm0fPa
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
@bl4sty I don't understand either. 😅
I feel the traditional "responsible disclosure" concept has been broken since its inception. you can argue that forcing everyone's hand by dropping (weaponized) bugs/exploits is reckless/harmful behavior or blablabla but I feel you have to keep in mind everyone's stakes/motivation in the game are different.
one thing I guess we can agree on: people sit on bugs/exploits all the time. sometimes because ZDI promises a big bag of money at the end of the rainbow that magically evaporates and sometimes because they don't want to disclose these things and use them tactfully for their own advantage/goals.
I've always felt forcing this acceleration will (hopefully) get the software landscape in better shape, faster. albeit in a messy way. the noise it creates however could be a good signal for people to get an idea of the overall security posture of a piece of software, as well as get a good idea of how a vendor handles disclosures that don't follow their made up fairytale non-enforceable policies. (that typically don't come with any kind of silver lining)
back then, you could be damn sure that another horde of teenagers grep'd the same src tree for memcpy and was probably also sitting on an exploit. today the same applies, anyone can out-slop you producing the next linux LPE after brad tweets out a commit ID
remember: as a researcher you don't own the vendor anything. you don't own the public anything either. if you did this work for free its yours to publish in whatever way suits your needs, agenda or overall quirkiness. :)
RCEliteLLM - Chaining an Environment Variable Leak with Jinja2 SSTI for Remote Code Execution
https://t.co/ak9bOVRG0N
I was hoping to compete in Pwn2Own with a Firefox full-chain entry, but unfortunately it was rejected. I’ve reported the vulnerability to the Mozilla team.
This was supposed to be my PoC for a Claude Code RCE aimed at Pwn2Own Berlin 2026, but ZDI never got back to me about my entry registration. It looks like I won't be able to register it at all...
MAD Bugs: Finding and Exploiting a 21-Year-Old Vulnerability in PHP
@i0n1c was "the PHP security guy" twenty years ago, so we thought it'd be fun to welcome him with a fresh unserialize UAF.
https://t.co/9ErxpKSELx
https://t.co/IRwOS4jJkB
Zyxel has published 2 CVEs for some vulns I found :D
CVE-2025-13943: Authenticated command injection in log export CGI
CVE-2025-13942: Unauthenticated command injection in UPnP daemon
I will blog about this in the coming months. Meanwhile, exploits here: https://t.co/CbVHekdN5q
Pixel 8 kernel debugging with GDB over serial connection (@andreyknvl)
https://t.co/xcqguFkgat
#cybersecurity
Seeing a lot of strong talent impacted by recent tech layoffs.
If you're interested in joining a team scaling thoughtfully and solving hard vulnerability research problems, @dfsec_com is hiring: https://t.co/ZHoJHjAGGY
#hiring #remotefriendly
📞 Microsoft fixed an authenticated RCE in Windows Telephony Service (CVE-2026-20931), discovered by our researcher Sergey Bliznyuk @justbronzebee
Read the write-up: https://t.co/nNsMGF1hLK
Hacking the same target at p2o 5 years in a row. This is the first time I never acquired or tested on the physical device. 1 bug. No ROP, no hard coded offsets. Screenshot is very satisfying. HUGE thanks to @boredpentester for helping with firmware.
Thomson router RCE! 👾🔥
What does it take to hack a @Sonos Era 300 for Pwn2Own?
Take a look at our process of adapting existing research, establishing a foothold, and exploiting media parsers for unauthenticated RCE over the network🔥👇
https://t.co/FxSbV3uEBp
Our client base has been feeding us rumours about in-the-wild exploited SonicWall SMA n-days (CVE-2023-44221, CVE-2024-38475) for a while...
Given these are now CISA KEV, enjoy our now public analysis and reproduction :-)
https://t.co/W3zR5YRifJ
[ZDI-25-216|CVE-2024-11131] (Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: Team Viettel) https://t.co/zyJARz0Fqb
Emulating WGS-804HPT Industrial Switches firmware for security research
https://t.co/TuNSxK1Tde
Credits @Claroty
#cybersecurity
Last Seen Users on Sotwe
علي مسافر
Seen from Germany
Hugo 🙃
Seen from France
Shqipet 👐 Albanian Guys
Seen from United States
ŞİRİN BABA
Seen from Turkey
Seif
Seen from Egypt
THE GOOCHGOBBLER 🦸🏾♀️👅🥵 
Seen from Netherlands
فخامه رجل
Seen from Lebanon
Güzel Kızlar
Seen from Switzerland
廉价养殖鱼
Seen from United States
울산멜섭
Seen from Korea
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers