Olivia
Online
bbbig
@bbbig12
Vulnerability Researcher @theori_io; Pwn2Own Vancouver 2024 Winner;
DEFCON CTF 31, 32 Winner;
CTF Player (Team GYG, TheDuck, MMM)
; MS at SoftSec Lab in KAIST.
Joined November 2018
107 Following
544 Followers
33 Posts
We’ve released Part II of our Windows Kernel Streaming series!
Thank you for listening to our presentation.
If you have any questions, please DM(or email) me or @bbbig12.
Thrilled to learn our (@theori_io) CRS got first place in the AIxCC Semifinal competition. For the semifinal competition, we focused on implementing simple ideas in a robust way. I'm eager to implement our more ambitious ideas for the final event next year!
https://t.co/17NpbBlbuv
🚨 New Linux Kernel vulnerability (CVE-2024-27394) discovered & patched by Theori!
🔗 https://t.co/w5s8PTDvdl
Our researcher @v4bel at #Theori identified a critical #UAF vulnerability in TCP-AO caused by a race condition in the #RCU API. Using techniques from the ExpRace paper, we extended the race window to demonstrate its exploitability.
Curious how we did it?
Read our deep dive for the full details!
#Theori #Cybersecurity #LinuxKernel #TCP #VulnerabilityResearch #CVE #TechBlog
See you at Paris!!
"Guest Revolution: Our Story of Compromising the Host Kernel from the VMware Guest" 🏚️
by Junoh Lee & Gwangun Jung (@pr0ln)
In a recent #APT simulation, #Theori uncovered 4 critical #RCE vulnerabilities in @cososys Endpoint Protector (EPP) that let us fully compromise the server & clients. Here’s a peek:
👾 CVE-2024–36072: Unauthenticated attackers can exploit a logging flaw to execute system commands with root privileges.
👾 CVE-2024–36073: With admin access, attackers can overwrite configurations and execute commands on client endpoints.
👾 CVE-2024–36074: Server access allows attackers to execute malicious files.
👾 CVE-2024–36075: Unauthenticated attackers can manipulate client configurations to potentially bypass security and achieve remote code execution.
Could your server be #hacked the same way? Find out through our blog post!
👉 https://t.co/PslFaFDbcF
Today, Angelboy (@scwuaptx) revealed his Kernel Streaming research! 🚀 Check out how he uncovered this overlooked attack surface, leading to pwning Windows 11 at #Pwn2Own Vancouver 2024:
https://t.co/sPrNqjPoDO
#WindowsKernel #MSRC
Our team member @v4bel and @_qwerty_po exploited kernelCTF lts with 0day vulnerability. It was really amazing work. They'll gonna share the detail soon.
Part 4 of our N-Day Exploit Series is LIVE! 🔥
➡️ https://t.co/7qm9IzDqYu
Unveiling CVE-2023-34044, an information leakage vulnerability in #VMware Workstation’s #VBluetooth device, found by our own @pr0ln!
It’s a variant of CVE-2023-20870 demonstrated by @starlabs_sg in #Pwn2Own2023 Vancouver.
Dive into the details.
#Theori #티오리 #VulnerabilityResearch #ndayfullchainexploit
We posted our third writeup of N-day full chain series:
Chaining N-days to Compromise All: Part 3 — Windows Driver LPE: Medium to System https://t.co/wEsseLMLDU
We posted our second writeup of N-day full chain series:
https://t.co/9tgCnSExHq
@qwqbebe Our team likes to share things, so 'maybe' we could make it public.
Before that, please look forward to the N-day chain blog series that will be posted soon. :)
We just pwned VMware and Windows11
Confirmed! Gwangun Jung (@pr0ln) and Junoh Lee (@bbbig12) from Theori (@theori_io) combined three different bugs to escape #VMware Workstation and then execute code as SYSTEM on the host OS. This impressive feat earns them $130,000 and 13 Master of Pwn points. #Pwn2Own
@0x10n Awesome work...!!
Wow! The Theori was able to exploit VMware Workstation with an additional Windows Kernel LPE vulnerability in the Virtualization category. They went from guest OS to SYSTEM on the host OS. They're off to the disclosure calls with details. #Pwn2Own
We've started a blog series on N-day full chain exploits.
The first part is about chrome renderer exploit, CVE-2023-3079.
Check it now!👇👇
https://t.co/JTU6RZD2g4
#Theori #티오리 #Blog #Research #Fermium252 #Chrome #VirtualMachine #CVE #Vulnerability
We are recruiting reversing guys. If you are interested in our team, plz mail to [email protected] with your self introduction. We will review and mail back!! Thank you.
we won zer0pts CTF 2021 😃😃
The challenges are really insanely hard and creative. Thank you for team zer0pts :)
Last Seen Users on Sotwe
Mauritius Desi Boy
Seen from Malaysia
boy cung khủ 😝🍌💦
Seen from Vietnam
GENÇ ÇİFT
Seen from Turkey
Joei Ha
Seen from Thailand
BUDE YANTI
Seen from Indonesia
(Fantastic Cpl) Mistress Zoya
Seen from Pakistan
Nightwolf
Seen from United States
عِعِݪيۅي
fantcy couple ❤️
Seen from India
cent98
Seen from Thailand
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers