Q5Ca

Security Engineer at @calif_io. Winner of Pwn2own Vancouver 2021, Torento 2022, Vancouver 2023. MSRC top 100 2019, 2020, 2021.

about 1 month ago

Locked in! Le Duc Anh Vu (@vulda17) of Viettel Cyber Security (@vcslab) exploited Cursor, earning $30,000 and 3 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin

thezdi's tweet photo. Locked in! Le Duc Anh Vu (@vulda17) of Viettel Cyber Security (@vcslab) exploited Cursor, earning $30,000 and 3 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin https://t.co/16QgoxIyyH

1

121

12

10

7K

Who to follow

Pham Khanh

@rskvp93

VCSLab

@vcslab

This is the Twitter channel of VCSLab - the research team of Viettel Cyber Security

peterjson

@peterjson

Offensive Security Engineer at @calif_io

_q5ca retweeted

about 1 month ago

Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin

thezdi's tweet photo. Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin https://t.co/zIgluSn4ax

29

2K

182

144

271K

_q5ca retweeted

about 1 month ago

There it is! Orange Tsai (@orange_8361) of DEVCORE Research Team was able to exploit Microsoft Exchange! If confirmed, they win a whooping $200,000 and 20 Master of Pwn points. Off to the disclosure room to explain how they did it and seal the deal. #Pwn2Own #P2OBerlin

16

527

62

48

68K

_q5ca retweeted

about 1 month ago

Boom! @rewhiles of Viettel Cyber Security was able to exploit Anthropic Claude Code! If confirmed, they win $40,000 and 4 Master of Pwn points. They're off to the disclosure room to explain how they did it. #Pwn2Own #P2OBerlin

1

55

6

4

6K

_q5ca retweeted

Orange Tsai 🍊

@orange_8361

about 1 month ago

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

112

3K

366

361

214K

about 2 months ago

@D1iv3 Thanks for the hint. Allow me to farm some aura 😉 https://t.co/WCXiFtuGyh JFYI, codex 5.4 xhigh implemented most of it.

0

1

0

106

10 months ago

@ZackKorman Happened to me. Tried to remind you guys 😂

about 1 year ago

Just a quick reminder: Copilot on https://t.co/eLVLz54TkG (https://t.co/kp59kwHIFU) is not on scope for bounty 🥲 https://t.co/97nAwrizaT

1

13

0

3

3K

0

3

0

160

11 months ago

@GodfatherOrwa @aditi_singghh 👀

0

200

11 months ago

@huyvinhptit @grok 👀

2

0

30

11 months ago

Ước 🥹

Khoa Dinh @_l0gg

11 months ago

Blog for ToolShell Disclaimer: The content of this blog is provided for educational and informational purposes only. https://t.co/gT0aoKXkig #SharePoint #ToolShell

_l0gg's tweet photo. Blog for ToolShell
Disclaimer: The content of this blog is provided for educational and informational purposes only.
https://t.co/gT0aoKXkig
#SharePoint #ToolShell https://t.co/pwl3hN0yBO

10

247

84

88

27K

0

9

0

641

about 1 year ago

@S1r1u5_ Cool!

0

105

about 1 year ago

@by6153 @haxor31337 Yes, but I think it didnt help much 😅

1

0

42

about 1 year ago

@GodfatherOrwa @HusseiN98D @haxor31337 Remember that! I’m comming!

2

0

660

about 1 year ago

@vudq16 Slide: https://t.co/ef1eUieyCr Recording: https://t.co/M8BlNFmOvB

0

12

1

1K

about 1 year ago

Happy to share that my colleague @vudq16 and I will be speaking at PHDays in Moscow 🇷🇺 next week, May 24th. I’ll share a story from one of our red team projects, with techniques to maximize stealth during the operation. Hope to make new connections there:D https://t.co/PkfCZfiT7v

5

49

4

4K

about 1 year ago

@pfiatde @haxor31337 Here is it: https://t.co/ef1eUieyCr Please tell me if there is any problem 😅

0

3

0

1

54

about 1 year ago

@HusseiN98D @haxor31337 Keep what’s in Moscow in Moscow man 🙏

0

1

0

1

48