Sideway

I like Schelling, Heidegger and binary exploitation

about 3 years ago

Day 2 wraps up with another success! Tanguy Dubroca (@SidewayRE) from Synacktiv (@Synacktiv) used an incorrect pointer scaling leading to privilege escalation on Ubuntu Desktop. They earn $30,000 and 3 Master of Pwn points. #P2OVancouver #Pwn2Own

thezdi's tweet photo. Day 2 wraps up with another success! Tanguy Dubroca (@SidewayRE) from Synacktiv (@Synacktiv) used an incorrect pointer scaling leading to privilege escalation on Ubuntu Desktop. They earn $30,000 and 3 Master of Pwn points. #P2OVancouver #Pwn2Own https://t.co/rtX7tZWqzS

0

90

29

3

35K

6

81

7

1

11K

SidewayRE retweeted

Hexacon @hexacon_fr

2 days ago

🔥 Excited to announce our keynote! We are thrilled to welcome Bruce Dang (@brucedang) and Thai Duong (@XorNinja) from @calif_io! With all their recent AI buzz, we had to check they aren't just LLMs in a trench coat. 🤖🧥 🎟️ Ticketing opens this Thursday at 2:00 PM CEST ⏰

hexacon_fr's tweet photo. 🔥 Excited to announce our keynote!

We are thrilled to welcome Bruce Dang (@brucedang) and Thai Duong (@XorNinja) from @calif_io! With all their recent AI buzz, we had to check they aren't just LLMs in a trench coat. 🤖🧥

🎟️ Ticketing opens this Thursday at 2:00 PM CEST ⏰ https://t.co/Wbwr3f6CuR

1

76

27

5

7K

SidewayRE retweeted

Orange Tsai 🍊

@orange_8361

21 days ago

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

112

3K

367

359

209K

SidewayRE retweeted

Xint

@xint_official

about 1 month ago

Patch your Linux boxes! https://t.co/VWOUDbLAn2 is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below https://t.co/9f6T96PvPX

24

966

362

456

249K

Who to follow

Hack'n Speak

@hacknspeak

Podcast francophone Hack'n Speak animé par @mpgn_x64

SidewayRE retweeted

V4bel

@v4bel

2 months ago

I discovered a race-based vulnerability class in the Linux kernel: "Out-of-Cancel" A structural flaw where cancel_work_sync() is used as a barrier for object lifetime management, causing UAF across multiple networking subsystems. I wrote an exploit for CVE-2026-23239 (espintcp). It interleaves Delayed ACK timers, NET_RX softirqs, timerfd hardirqs, workqueue scheduling, and CFS scheduler manipulation to hit a ~Xµs race window. Blog: https://t.co/980Iv9t4wE This is the race scenario diagram 😁:

v4bel's tweet photo. I discovered a race-based vulnerability class in the Linux kernel: "Out-of-Cancel"

A structural flaw where cancel_work_sync() is used as a barrier for object lifetime management, causing UAF across multiple networking subsystems.

I wrote an exploit for CVE-2026-23239 (espintcp). It interleaves Delayed ACK timers, NET_RX softirqs, timerfd hardirqs, workqueue scheduling, and CFS scheduler manipulation to hit a ~Xµs race window.

Blog: https://t.co/980Iv9t4wE

This is the race scenario diagram 😁:

6

376

67

233

42K

SidewayRE retweeted

3 months ago

Deep dive into the provisionning an on-prem low-privileged #LLM stack, with air-gapped networking and GPU-isolation, hardened down to kernel modules. What could possibly go wrong? Read the full article here: https://t.co/OS4clOUn2N

0

64

23

45

6K

SidewayRE retweeted

4 months ago

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 Full technical write-up 👇 https://t.co/R0E5Uqql1E

4

531

150

238

50K

SidewayRE retweeted

Thalium Team @thalium_team

4 months ago

The a highlight from Day 2 of #Pwn2Own Automotive, the team from @synacktiv is at it again. This time, they leverage NFC(!) to exploit the #Autel MaxiCharger with a stack-based buffer overflow. Amazing! We've never seen an NFC exploit like this one before.

0

33

7

2

6K

SidewayRE retweeted

6 months ago

How was a single heap overflow in an Audible parser enough to compromise an Amazon account? Find out in our latest blog post, in which we break down the Kindle vulnerabilities we reported earlier this year. https://t.co/v524qgdJca

0

51

17

18

4K

SidewayRE retweeted

Alexander Popov @a13xp0p0v

9 months ago

A technical look at @GrapheneOS Hardened Malloc, a memory allocator designed to mitigate heap corruption vulnerabilities (UAF, overflows) and break common exploit primitives. Deep dive for security researchers & exploit developers by @iksocin https://t.co/99v99YQTdO

1

315

77

138

37K

SidewayRE retweeted

9 months ago

My new article: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel"⚡️ I tell a bug collision story and introduce my pet project kernel-hack-drill, which helped me to exploit the hard bug that received @PwnieAwards 2025 https://t.co/0DJzCJYEfm

a13xp0p0v's tweet photo. My new article: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel"⚡️

I tell a bug collision story and introduce my pet project kernel-hack-drill, which helped me to exploit the hard bug that received @PwnieAwards 2025

https://t.co/0DJzCJYEfm https://t.co/MEqmzt9euV

4

258

85

152

35K

SidewayRE retweeted

Altin (tin-z) @kzalloc1

9 months ago

Exploit for CVE-2025-27363 on Chrome 113 chrome. This is not a new vulnerability, it was patched in March 2023. This PoC targets only chrome headless mode and i wrote a lot, so i don't know if that it's interesting, the poc is not affected by js sandbox https://t.co/5ntlzkhtZf

2

126

30

58

10K

SidewayRE retweeted

h0mbre @h0mbre_

10 months ago

Linux kernel: a new feature has landed in this release Jann Horn:

2

87

11

5

6K

SidewayRE retweeted

10 months ago

The latest Synacktiv Summer Challenge was in 2019, and after 6 years, it's back! Send us your solution before the end of August, there are skills to learn and prizes to win 🎁 https://t.co/iHwFjcNSk0

0

32

10

7

3K

SidewayRE retweeted

vic @v1csec

12 months ago

Userland iOS aficionados, I released a simple IDA plugin that should improve your Objective-C experience. For now it removes ARC function calls in decompiled code (eg objc_retain) and helps listing candidate callers to a method. Check it out at https://t.co/SvvIOWarRb

0

25

3

6

1K

SidewayRE retweeted

about 1 year ago

Confirmed! Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) used a heap-based buffer overflow to exploit #VMware Workstation. They earn $80,000 and 8 Master of Pwn points - sending the contest to over $1,000,000 total! #Pwn2Own

thezdi's tweet photo. Confirmed! Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) used a heap-based buffer overflow to exploit #VMware Workstation. They earn $80,000 and 8 Master of Pwn points - sending the contest to over $1,000,000 total! #Pwn2Own https://t.co/T10SJgLsv7

0

124

21

8

13K

SidewayRE retweeted

about 1 year ago

A successful collision! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics used 2 bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 & 11.5 Master of Pwn points. #Pwn2Own

thezdi's tweet photo. A successful collision! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics used 2 bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 & 11.5 Master of Pwn points. #Pwn2Own https://t.co/W9z991d1Vc

1

63

6

3

7K

SidewayRE retweeted