goabout2 @goabout21 - Twitter Profile

8 months ago

Several interesting zero-day attack cases analyzed previously，The link to the English version of the article is in the reply.

RedDrip Team @RedDrip7

8 months ago

#APT Since the disclosure of the #ZipperDown vulnerability in 2018, this is the first observed case of its in-the-wild exploitation by APT groups. Northeast Asian threat actors used it to target Android devices of individuals in North Korea and Northeast China.

1

32

12

17

29K

0

85

goabout2 @goabout21

8 months ago

@mistymntncop 👍👍

1

0

130

goabout2 @goabout21

9 months ago

My analysis of Windows CLFS #EoP vuln (#CVE-2025-29824) in-the-wild exploitation sample and root cause,It should have been released earlier, but was delayed until now due to various reasons.

RedDrip Team @RedDrip7

9 months ago

Analysis of Windows CLFS #EoP vuln (#CVE-2025-29824) in-the-wild exploitation sample and root cause Report: https://t.co/DTXak2WHqC ITW sample: https://t.co/ORwLV6dkJW

RedDrip7's tweet photo. Analysis of Windows CLFS #EoP vuln (#CVE-2025-29824) in-the-wild exploitation sample and root cause

Report: https://t.co/DTXak2WHqC

ITW sample: https://t.co/ORwLV6dkJW https://t.co/IVncEH7Vqx

6

150

47

76

13K

0

1

0

1

199

goabout2 @goabout21

11 months ago

My brief Analysis of Chrome's 0day CVE-2025-6554 in the Wild,it's really insterating,thanks sharing of @DarkNavyOrg,@mistymntncop before.

goabout21's tweet photo. My brief Analysis of Chrome's 0day CVE-2025-6554 in the Wild,it's really insterating,thanks sharing of @DarkNavyOrg,@mistymntncop before. https://t.co/yZmLhmZHdZ

RedDrip Team @RedDrip7

11 months ago

Brief analysis of Chrome vuln #CVE-2025-6554, which was exploited in the wild. https://t.co/s0ru9dawua

1

62

30

36

13K

2

33

8

22

3K

Who to follow

jq0904

@jq0904

BlackHat ASIA/USA Speaker, MSRC MVR 2020~2022 & 2024~2025

hungtt28

@hungtt28

Independent bug hunter

about 1 year ago

we find a 0day of foxmail used by APT-Q-12，now,everything is ok.

RedDrip Team @RedDrip7

about 1 year ago

#APT #APT-Q-12 APT-Q-12 has exploited a #0day existing in the Foxmail Windows client in recent campaign and we reported it to Tencent immediately. Now the vuln has been fixed and Windows users are suggested updating to latest version 7.2.25 (2025-03-28). https://t.co/62NhGHAb3u

RedDrip7's tweet photo. #APT #APT-Q-12
APT-Q-12 has exploited a #0day existing in the Foxmail Windows client in recent campaign and we reported it to Tencent immediately. Now the vuln has been fixed and Windows users are suggested updating to latest version 7.2.25 (2025-03-28).

https://t.co/62NhGHAb3u https://t.co/OuG4bocpRw

0

32

18

14

5K

0

2

0

192

goabout2 @goabout21

over 1 year ago

@dnpushme it's cup？

1

0

43

goabout2 @goabout21

over 1 year ago

@ClearskySec The directory is set as the ActiveX cache folder file name through the guid in desktop.ini. Its attribute is a system hidden read-only directory. You can see this directory by unchecking the option to hide protected operating system files.

goabout21's tweet photo. @ClearskySec The directory is set as the ActiveX cache folder file name through the guid in desktop.ini. Its attribute is a system hidden read-only directory. You can see this directory by unchecking the option to hide protected operating system files. https://t.co/43fLwzh1Ly

0

5

1

3

771

goabout2 @goabout21

over 1 year ago

New year, new research, a wild nday privilege escalation vulnerability reasearch I discovered some time ago, this time there is no ascii flow，Thanks to the intelligence from Clément Lecigne of Google Just now, the github project of this vul is as follows https://t.co/tlANSCOHPT

RedDrip Team @RedDrip7

over 1 year ago

Threats from ALPC -- Root cause research of an unknown Windows Nday #EoP vulnerability in the wild, which was fixed in August 2024. Report: https://t.co/rcMKidXby6 ITW sample: https://t.co/tyfIz1z5BG

RedDrip7's tweet photo. Threats from ALPC -- Root cause research of an unknown Windows Nday #EoP vulnerability in the wild, which was fixed in August 2024.

Report: https://t.co/rcMKidXby6

ITW sample: https://t.co/tyfIz1z5BG https://t.co/bnUwdShJKm

3

35

16

19

6K

0

3

1

0

216

goabout2 @goabout21

over 1 year ago

@kevin_backhouse I also encountered this error

1

0

55

goabout2 @goabout21

over 1 year ago

@HaifeiLi for me，your flash research is my security analyze star，now thinking back, that was many years ago.

0

64

goabout2 @goabout21

almost 2 years ago

@jq0904 yes，you are right，privilege limitations of the dwm process is the main reason，But it does cause some trouble for security software detection，I forgot to edit it, thanks for pointing this out，tks，bro！！

0

46

goabout2 @goabout21

almost 2 years ago

my analyze about CVE-2024-30051,i realy like this ascii flow

RedDrip Team @RedDrip7

almost 2 years ago

Analysis of Windows DWM #EoP vuln (#CVE-2024-30051) in-the-wild exploitation sample and root cause https://t.co/xUMTGuhnQD

0

53

22

36

14K

1

22

2

3

988

goabout2 @goabout21

almost 2 years ago

@jq0904 @Mas0nShi cool，finally waited for this https://t.co/WTxQ8yRTkg🙃🙂🙃🙂

0

136

goabout2 @goabout21

over 2 years ago

amazeing！！

Boris Larin @oct0xor

over 2 years ago

We're revealing details of an obscure debugging feature in the Apple A12-A16 SoC’s that bypasses all of the hard-to-hack hardware-based memory protections on new iPhones. Its not used by the firmware and we don't know how the attackers found out about it. https://t.co/hsQo6JIPMJ

25

913

240

189

316K

0

165

goabout2 @goabout21

almost 3 years ago

@wdormann Besides, have you tested it in wrod? When I tested it in word, when redir_obj.htm called 1111.htm, it stopped loading the subsequent chm, but the same It is work under ie.

0

22

goabout2 @goabout21

almost 3 years ago

@wdormann hello， Is **_file001.zip a directory or a compressed path when you test? In my test, if it is a compressed package, it seems that it cannot be executed.

0

56

goabout2 @goabout21

about 3 years ago

Writing reports is a pain and I have to spend more time doing them than debugging��

RedDrip Team @RedDrip7

about 3 years ago

Windows CLFS #EoP #CVE-2023-28252 Analysis of in-the-wild exp sample and vuln root cause Check out the report for more details: https://t.co/cuFstpbizn

RedDrip7's tweet photo. Windows CLFS #EoP #CVE-2023-28252
Analysis of in-the-wild exp sample and vuln root cause

Check out the report for more details: https://t.co/cuFstpbizn https://t.co/sD75wtWQlv

0

87

32

23

17K

1

0

426

goabout2 @goabout21

about 3 years ago

@jq0904 i miss it,shit 🤣🤣🤣🤣

0

1

0

166

goabout2 @goabout21

over 4 years ago

I have to say the exploit technique of CVE-2021-31956 this attack is indeed very insterting

RedDrip Team @RedDrip7

over 4 years ago

#PuzzleMaker We found a complete exploit chain which involves #Chrome #RCE vuln #CVE-2021-21224 and Windows EoP vuln #CVE-2021-31956 in the wild. This exploit chain allows attackers to escape Chrome sandbox and execute code with Windows system privileges. https://t.co/W3sPCNtR2G

2

170

66

19

0

1

0

goabout21 retweeted

RedDrip Team @RedDrip7

over 4 years ago

#PuzzleMaker We found a complete exploit chain which involves #Chrome #RCE vuln #CVE-2021-21224 and Windows EoP vuln #CVE-2021-31956 in the wild. This exploit chain allows attackers to escape Chrome sandbox and execute code with Windows system privileges. https://t.co/W3sPCNtR2G

2

170

66

19

0

goabout2

@goabout21

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users