Dbad @d4sherCap0 - Twitter Profile

about 1 month ago

‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy. ▪️ AI surfaces a massive wave of 0-day RCEs. ▪️ Submissions overwhelm ZDI past max capacity. ▪️ Slots run out. Researchers with working chains get rejected. ▪️ "Revenge disclosures" begin. ← we are here. Confirmed casualties so far: ▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land. ▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla. ▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere. ▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel. ▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected. ▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected. Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in. ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

IntCyberDigest's tweet photo. ‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.

Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.

▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.

Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.

Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.

ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

31

2K

379

641

414K

d4sherCap0 retweeted

Nicolas Krassas

@Dinosn

about 2 months ago

Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively using AI agents. https://t.co/lACioWjtkf

2

427

95

414

20K

d4sherCap0 retweeted

7h3h4ckv157

@7h3h4ckv157

about 2 months ago

claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.mdfile that primes Claude with expert-level methodology for a specific attack surface from SQLi to shellcode, EDR evasion to exploit development. Resource: https://t.co/0XvEqoqPfv

7h3h4ckv157's tweet photo. claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.mdfile that primes Claude with expert-level methodology for a specific attack surface from SQLi to shellcode, EDR evasion to exploit development.

Resource: https://t.co/0XvEqoqPfv

12

2K

239

2K

114K

d4sherCap0 retweeted

NVIDIA AI

@NVIDIAAI

about 2 months ago

Happy Friday! We just put DeepSeek-V4-Pro up on https://t.co/es07MrTxSs. It’s the world’s largest open source model at 1.6T parameters, and you can run it for free running on NVIDIA Blackwell GPUs. Try the NVIDIA NIM API → https://t.co/zeWX4Y7Ipd

96

3K

290

2K

202K

Who to follow

redNULL

@0xrednull

Red. Hacking the planet. My other computer is your domain controller.

Opcode

@opcode_osi

Average Active Directory enjoyer

Tharun

@th3r5n

I find 🐞🪲🐛/CVE-2020-36599

d4sherCap0 retweeted

DeepSeek

@deepseek_ai

about 2 months ago

🚀 DeepSeek-V4 Preview is officially live & open-sourced! Welcome to the era of cost-effective 1M context length. 🔹 DeepSeek-V4-Pro: 1.6T total / 49B active params. Performance rivaling the world's top closed-source models. 🔹 DeepSeek-V4-Flash: 284B total / 13B active params. Your fast, efficient, and economical choice. Try it now at https://t.co/GCdiMzk1Dl via Expert Mode / Instant Mode. API is updated & available today! 📄 Tech Report: https://t.co/drlDrxkYtp 🤗 Open Weights: https://t.co/T13Y8i7SDM 1/n

deepseek_ai's tweet photo. 🚀 DeepSeek-V4 Preview is officially live & open-sourced! Welcome to the era of cost-effective 1M context length.

🔹 DeepSeek-V4-Pro: 1.6T total / 49B active params. Performance rivaling the world's top closed-source models.
🔹 DeepSeek-V4-Flash: 284B total / 13B active params. Your fast, efficient, and economical choice.

Try it now at https://t.co/GCdiMzk1Dl via Expert Mode / Instant Mode. API is updated & available today!

📄 Tech Report: https://t.co/drlDrxkYtp
🤗 Open Weights: https://t.co/T13Y8i7SDM

1/n

2K

46K

8K

10K

10M

d4sherCap0 retweeted

Chaofan Shou

@Fried_rice

about 2 months ago

Chinese LLMs can hack better than state-sponsored hackers with properly evolved harness - Kimi K2.5 managed to find and exploit 6 vulnerabilities in browsers: a single page view or an extension install by victims equal full system hijack. Check https://t.co/d0SZSf1KqF

Fried_rice's tweet photo. Chinese LLMs can hack better than state-sponsored hackers with properly evolved harness -

Kimi K2.5 managed to find and exploit 6 vulnerabilities in browsers: a single page view or an extension install by victims equal full system hijack.

Check https://t.co/d0SZSf1KqF https://t.co/UbD7QR45l0

45

2K

414

2K

188K

d4sherCap0 retweeted

Global Statistics

@Globalstats11

about 2 months ago

The True Size of Mexico 🇲🇽

43

4K

553

784

731K

d4sherCap0 retweeted

Security Harvester @secharvesterx

2 months ago

DeepZero: An automated, agentic vulnerability research pipeline for finding kernel zero-days https://t.co/vCWDnMjYAd

secharvesterx's tweet photo. DeepZero: An automated, agentic vulnerability research pipeline for finding kernel zero-days
https://t.co/vCWDnMjYAd https://t.co/Nj5LS6N6Yj

0

117

25

115

6K

d4sherCap0 retweeted

F.O.L.A

@folaoftech

2 months ago

Me pretending to understand this stuff and smiling 🙂😁.

34

2K

216

1K

115K

d4sherCap0 retweeted

ς๏гєɭคภς0๔3г ([email protected])

@corelanc0d3r

2 months ago

New post: Exploit Writing Tutorials series "on video" - collab with @wetw0rk7 : https://t.co/wyNtX8fyZR #sharethelove

0

99

33

70

5K

Dbad @d4sherCap0

3 months ago

When will there be robots that do household chores @elonmusk ?

0

2

d4sherCap0 retweeted

PwnFuzz @pwnfuzz

3 months ago

An automated N-day research pipeline at PwnFuzz. Ghidra + Ollama + n8n →Diffs Patch Tuesday binaries → LLM analyzes the output → Structured vuln reports, monthly AI-generated reports gets you oriented fast! Blog: https://t.co/O0EzQNdZev Repo: https://t.co/wCFo8zoyeL

pwnfuzz's tweet photo. An automated N-day research pipeline at PwnFuzz.

Ghidra + Ollama + n8n →Diffs Patch Tuesday binaries → LLM analyzes the output → Structured vuln reports, monthly AI-generated reports gets you oriented fast!
Blog: https://t.co/O0EzQNdZev
Repo: https://t.co/wCFo8zoyeL https://t.co/PsmUiTl1F6

0

495

113

484

26K

d4sherCap0 retweeted

Yasho

@YShahinzadeh

over 1 year ago

How I reverse-engineered an Android app, bypassed custom encryption layer, achieved server-side RCE, and earned a $5000 bounty. read the full story here (TLDR; but worth reading) https://t.co/xgvffzspiB

YShahinzadeh's tweet photo. How I reverse-engineered an Android app, bypassed custom encryption layer, achieved server-side RCE, and earned a $5000 bounty. read the full story here (TLDR; but worth reading)

https://t.co/xgvffzspiB https://t.co/LR51IiPqpK

24

1K

212

788

120K

d4sherCap0 retweeted

chiefofautism

@chiefofautism

4 months ago

someone built an entire AI RED TEAM - multiple agents that coordinate HACKING ATTACKS together, ZERO human input PentAGI, open source, one agent does recon, another scans, another exploits, another writes the report. they talk to each other and adapt based on what they find it ships as one docker container with nmap, metasploit, sqlmap, hydra preinstalled. the AI decides which tool to use and when. you point it at a target and walk away a red team engagement costs $30-50k and takes weeks. this is one docker command and API tokens

204

4K

573

5K

600K

d4sherCap0 retweeted

Hugging Models

@HuggingModels

4 months ago

Meet VulnLLM-R-7B: a specialized AI that reads code like a security expert. It's trained to spot vulnerabilities before they become breaches. This isn't just another chatbot, it's a digital security guard for your codebase. The community is buzzing because it makes security accessible.

HuggingModels's tweet photo. Meet VulnLLM-R-7B: a specialized AI that reads code like a security expert. It's trained to spot vulnerabilities before they become breaches. This isn't just another chatbot, it's a digital security guard for your codebase. The community is buzzing because it makes security accessible.

24

2K

267

2K

120K

d4sherCap0 retweeted

0xor0ne

@0xor0ne

6 months ago

Beginners intro to Linux kernel fuzzing and vulnerability research (2024) Part 1: https://t.co/b61r4je69j Part 2: https://t.co/DQ8j6YfN2C Part 3: https://t.co/Myjt0BpsPy Credits @slava_moskvin_ #Linux #cybersecurity

0xor0ne's tweet photo. Beginners intro to Linux kernel fuzzing and vulnerability research (2024)

Part 1: https://t.co/b61r4je69j
Part 2: https://t.co/DQ8j6YfN2C
Part 3: https://t.co/Myjt0BpsPy

Credits @slava_moskvin_

#Linux #cybersecurity https://t.co/uNKC1xpgjb

1

498

102

447

23K

d4sherCap0 retweeted

0xor0ne

@0xor0ne

6 months ago

TP-Link (Tapo) C210 cloud camera: bootloader vulnerability and firmware decryption https://t.co/jUb9a1NTpd Credits @Watchful_IP #embedded #infosec

0xor0ne's tweet photo. TP-Link (Tapo) C210 cloud camera: bootloader vulnerability and firmware decryption

https://t.co/jUb9a1NTpd

Credits @Watchful_IP

#embedded #infosec https://t.co/qcSorojSml

1

387

65

213

26K

d4sherCap0 retweeted

OccupytheWeb

@three_cube

6 months ago

Mobile Forensics: Extracting Data from WhatsApp Your chats aren't as private as you think: https://t.co/jJbqatmuyA

20

1K

268

1K

78K

d4sherCap0 retweeted

0xdf @0xdf_

7 months ago

If you're using writeups to learn how to hack on HackTheBox (or other CTFs), use AI as a tutor. In this video I'll show a free prompt to use, as well as a Claude Skill I developed. https://t.co/5PfEhDNPrb

5

466

82

462

86K

d4sherCap0 retweeted

Csaba Kissi

@csaba_kissi

8 months ago

FREE hosting: 🟣 Sevalla․com 🐙 GitHub Pages 🚀 Netlify ⚡ Vercel ☁️ Cloudflare Pages 🦊 GitLab Pages 🔥 Firebase Hosting 🧭 AWS Amplify 🛠️ Render 🌊 Surge 🌟 Gatsby Cloud 🏝️ Neocities․org 🧩 Carrd 📦 FreeHosting ♾ InfinityFree 0️⃣ Static․run 🏆 AwardSpace 🧵 Byet Host 🧭 Bitbucket

93

3K

395

4K

152K

Dbad

@d4sherCap0

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users