Olivia
Online
Piotr Bazydło
@chudyPB
Principal Vulnerability Researcher at watchTowr | Previously: Zero Day Initiative | @[email protected]
Joined October 2017
318 Following
4.7K Followers
1K Posts
Pinned Tweet
My OffensiveCon 2024 talk about Exchange PowerShell Remoting is available. Includes a chain of 3 vulns to RCE (file write + file read + DLL load).
https://t.co/dDdhAmD0yA
CVE-2026-0265, the PAN-OS auth bypass (when Cloud Auth Services are enabled) was fun to reproduce and load into the watchTowr Platform.
Our friends @ @HacktronAI are publishing their analysis this week, so we won’t be publishing. Looking forward to it 🚀
We took home Master of Pwn at #Pwn2Own Berlin 2026 with 50.5 points, pwning Microsoft Edge, Exchange, Windows 11, and SharePoint.
Edge was the only successful Browser entry, Exchange earned the highest single-target prize — and no memory bugs this time.
#P2OBerlin
That's a wrap on Pwn2Own Berlin 2026! 🏆 $1,298,250 awarded. 47 unique 0-days. 3 days of absolute chaos. And talk about main character energy - congrats to DEVCORE for claiming Master of Pwn with 50.5 points and $505,000 - they never slowed down. See you next year! #Pwn2Own #P2OBerlin
Who to follow
TheZDIBugs
@TheZDIBugs
Checks for high severity, 0day, or Pwn2Own related advisories published by @thezdi
sakura
@eternalsakura13
Lead Security Researcher @zellic_io. Top 3 Chrome VRP. Top 2 Facebook Whitehat. MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con & OffensiveCon speaker.
TrendAI Zero Day Initiative 
@thezdi
TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
100% reliable linux LPE (not just redhat) has been Summoned! Thank you a thousand times to the one and only LPE God @h0mbre_ 👑🐐
without his help, this wouldn't be possible ❤️
And this one is human insight w/ LLM-assisted research. Took about one week to finish everything. The AI really rescued me from a lot of tedious work
— excluding the part where it changed the Domain Admin password, locked me out, and claimed it got RCE 🤦
We are hiring for vulnerability researchers! If you are at @offensive_con, let’s chat!
https://t.co/uMZEPtfrLy
@Rhynorater Don't be so harsh for yourself, you're killing it 😎
There are humans, there are LLMs and there is Orange. 🔥 I wish I was 20% as good as him, insane stuff man.
There it is! Orange Tsai (@orange_8361) of DEVCORE Research Team was able to exploit Microsoft Exchange! If confirmed, they win a whooping $200,000 and 20 Master of Pwn points. Off to the disclosure room to explain how they did it and seal the deal. #Pwn2Own #P2OBerlin
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
RCEliteLLM - Chaining an Environment Variable Leak with Jinja2 SSTI for Remote Code Execution
https://t.co/ak9bOVRG0N
The Internet is falling down, falling down, falling down
Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940
Enjoy with us..
https://t.co/bOzCPy8iS1
@S1r1u5_ But you won't learn anymore 😬
🫡 We’re back.
Today, we’re publishing vulnerabilities we discovered, disclosed, and chained to achieve pre-auth RCE against Progress ShareFile.
Enjoy the journey with us, while you sob into your hands 🫠
https://t.co/fHR6dsaILM
What number CitrixBleed are we on?
Join us, yet again, for part 2 of our analysis of Citrix NetScaler CVE-2026-3055 - which now appears to be multiple vulnerabilities bundled into one.
Sigh.
https://t.co/cNFLboyvLx
Happy weekend! Enjoy our analysis of CVE-2026-3055 - yet another 'Memory Overread' vulnerability in Citrix NetScaler appliances.
https://t.co/fA2geUtDhQ
👀👀👀 https://t.co/yAYyfyBsC3
What's new is old, and what's old is new - as is relentlessly proven.
Join us in our analysis of CVE-2026-32746, the recent pre-auth RCE in inteutils' Telnetd
Speak soon.
https://t.co/taD1iltZBB
In 2025, we achieved pre-auth RCE against another solution in a ransomware gang favourite category. Today, we finally click publish.
Join us as we walk through a chain of vulnerabilities we identified in BMC’s FootPrints ITSM solution.
Enjoy!
https://t.co/gtCNb05QHu
@matthias_kaiser Good luck!🤟
Can you feel it too?
Join us today for our analysis of Juniper's recent pre-auth RCE - CVE-2026-21902 - affecting a very specific set of devices. Curious?
https://t.co/sziS0PBUmB
Last Seen Users on Sotwe
BLACKED_TURKIYE
Seen from Turkey
vsksb
Seen from Turkey
The Award Center
Seen from United States
(구) 스타💫스프라우트 (메인트확인)
คู่แท้34/36
Seen from Thailand
MIND MELTER 🤭💖
Seen from Israel
Christoffer Eskerod
Seen from Nigeria
The Charity Guy
Luiton 💜
Seen from Spain
That guy who likes animated porn 🔞🔞🔞🔞🔞
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers