Olivia
Online
Lucas Leong
@_wmliang_
Play hard, Exploit hard
@[email protected]
Taipei
Joined November 2013
576 Following
2.4K Followers
1.4K Posts
Arbitrary code execution in objdump -g
We have a thing for finding bugs in bug finding tools. IDA Pro, Ghidra, Binja Sidekick, or radare2. You name it we hacked it. Our friends were saying we should try objdump. So here we go.
Blog post: https://t.co/C8BgkW5KoE
AI-generated PoC and writeup: https://t.co/kWJnryHAtn
What does a kernel MTE panic actually look like on Apple Silicon? We built tooling to find out — and to make it KASAN-style useful.
Pointer tag, memory tag, tag map. All in the panic output.
👉 https://t.co/7NQ3IZj2A6
#AppleSilicon #MTE #KernelSecurity #iOSSecurity
i still see the same teams winning. I don’t see much difference between “with AI” and “without AI” yet.
with ai that takes job, whoever is token-rich automatically wins right? seems not the case?
so its like AI is still only as good as the operator or team using it?
DEF CON patched our QEMU nday, what about a 0day?
https://t.co/AZcNzAQY9P
Who to follow
sakura
@eternalsakura13
Lead Security Researcher @zellic_io. Top 3 Chrome VRP. Top 2 Facebook Whitehat. MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con & OffensiveCon speaker.
starlabs
@starlabs_sg
A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
Mmm
@hackyzh
Chrome GPU sandbox escape and Anroid Kernel Stuff.
@M4x_1997 4/4:
Last but not least CVE-2026-40369 - Windows Kernel Arbitrary Increment primitive reachable from any browser sandbox renderer process
This one was rejected from Pwn2Own and closed anyway yesterday :(
My exploit is here - blogpost will be soon:
https://t.co/Qqpi7Zo4Gi
Turns out that the fix for the CVE-2020-17103 , the Cloud Filter HsmOsBlockPlaceholderAccess driver bug reported by @tiraniddo was never ported to Windows 11 / Server 2025 and still not fixed. LPE from user to SYSTEM 🤦♂️
Codex, recreate this based on context clues alone and make no mistakes 👀
The fuzzer that found https://t.co/Y5DOo7QGHE (and a number of issues prior to that as well) is now open-source: https://t.co/zCdbHCpJ4z
It uses pkeys, trap-handling and single-stepping to intercept and mutate in-sandbox reads (see trap-fuzzer.h). Definitely had fun writing it!
**Claude Mythos Preview (@AnthropicAI) → #OpenBSD security patch: https://t.co/9JaWqAl77z
27-year-old TCP SACK bug found autonomously.
This is how AI accelerates security research.
Details: https://t.co/a326FyEtDV**
Finally, with Clang 22's release, here's v1 of Linux kernel slab cache partitioning with help of Clang's AllocToken feature: https://t.co/148LRLnFBg
You can now run a full Linux operating system inside a 6mb PDF.
Someone embedded a RISC-V emulator inside a standard document. You don't need a virtual machine, just a PDF reader.
→ Runs interactively inside the file.
→ Powered by a tiny RISC-V emulator.
→ The entire OS fits in just 6MB.
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.
https://t.co/Cv8M69i1Mk
Prof. Donald Knuth opened his new paper with "Shock! Shock!"
Claude Opus 4.6 had just solved an open problem he'd been working on for weeks — a graph decomposition conjecture from The Art of Computer Programming.
He named the paper "Claude's Cycles."
31 explorations. ~1 hour. Knuth read the output, wrote the formal proof, and closed with: "It seems I'll have to revise my opinions about generative AI one of these days."
The man who wrote the bible of computer science just said that. In a paper named after an AI.
Paper: https://t.co/juSOmK9vOt
1/4 LLMs solve research grade math problems but struggle with basic calculations. We bridge this gap by turning them to computers.
We built a computer INSIDE a transformer that can run programs for millions of steps in seconds solving even the hardest Sudokus with 100% accuracy
Just derestricted a now-fixed kernel bug in Pixel 10. I think this ranks as the most easily exploited kernel bug of all time😬
Thanks to @tehjh for collab'ing on this driver and full credits for noticing this bug in the first 5 minutes of auditing😂
https://t.co/hebHBfXB4F
Coruna exploit kit is targeting iOS.
Coruna leverages 23 exploits against Apple devices running iOS 13-17.2.1. It is being used for espionage, and by financially motivated actors to steal crypto.
Update your iOS devices, and learn more about this threat: https://t.co/c7QRDPWMKI
A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets.
A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic.
https://t.co/IxURrHpBT0
I started playing CTFs in 2022, and LLMs definitely changed the **competitive** CTF scene a lot, especially since mid-2025. I also started using LLMs in late 2025. Yes, those models did one-shot many challenges, but what's the fun of slopping them? I learned absolutely nothing 🥲
In the final part of his blog series, @tiraniddo tells the story of how a bug was introduced into a Windows API.
Code re-writes can improve security, but it’s important not to forget the security properties the code needs to enforce in the process.
https://t.co/MZHNks6eGc
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers