Olivia
Online
Simon
@sim0nsecurity
2025 Microsoft MVR-2024 Q1/2/3/4/MVR | 2023 H1-4420. Vulnerability researcher @msftsecresponse,@Hacker0x01 and @intigriti,I like pwning,together we hit harder
Joined May 2022
191 Following
392 Followers
112 Posts
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously.
To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate.
We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them.
Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow.
The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.
@XenonOracle @martenmickos Hey bro...as Martin Luther King Jr. said, "We must accept finite disappointment, but never lose infinite hope." don't blame dreams for poor expectations.
@martenmickos Shoutout to you and HackerOne! So many researchers have succeeded and had their lives changed. Truly amazing!
[POC2025] SPEAKER UPDATE
👥 Bocheng Xiang(@crispr_x) & HeeChan Kim(@heegong123) - "Follow the Link: Building Full-Chain Local Privilege Escalation on Windows"
#POC2025
![POC_Crew's tweet photo. [POC2025] SPEAKER UPDATE
👥 Bocheng Xiang(@crispr_x) & HeeChan Kim(@heegong123) - "Follow the Link: Building Full-Chain Local Privilege Escalation on Windows"
#POC2025 https://t.co/bd1Sb1A5zC](https://pbs.twimg.com/media/G3NYRD9aIAA_Dzw.jpg)
Who to follow
mhmd berro (badcracker) 
@badcrack3r
23 Years old. Researcher at hackerone. Known as badcracker. Listed at more than 100 companies hacker's hall of fame.
Muhammad Aamir 🇵🇰
@Muhammad__Aamir
CISSP | Cybersecurity | Applications' bug hunter | Info sec researcher | Father | Aiming for more travel and peace!
arthur aires
@arthurair_es
Bug Hunter at HackerOne
ex-Medical Student at the Federal University of Amapá
[email protected]
I'm very happy to receive this gift from MSRC @msftsecresponse. Although vulnerability research can be challenging, if you stay passionate, work hard, and persevere, your efforts will always be rewarded. Good luck to all!
Grateful for his trust, inspired by his legacy — forever remembered. 🌹🕊️
Peace out world. Best wishes to all. ALS has won this battle, but hopefully not the war!
@Hack_All_Things RIP. Roy you'll be deeply missed 🙏. Thank you for everything you did for us.
@steventseeley @edwardzpeng Yuki is an excellent researcher who has achieved great success at MSRC. I imagine he's very grateful to the MSRC team.
@edwardzpeng Consider the situation from MSRC's perspective for a moment. Is it possible that their conclusion is justified?
Good Morning! Just published a blog post diving into Windows Kernel LFH exploitation in the latest Windows 24h2 build, Focusing on controlled allocations to achieve arbitrary read/write in the kernel.
https://t.co/ZAGDKCNZOp
Proud to be ranked 42nd on the MSRC 2025 Most Valuable Security Researchers list! Thank you so much @msftsecresponse
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers by discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.
Today, we are excited to recognize this year’s 100 Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report. Please join us in celebrating this year’s MVRs, including our top 10:
1. 🥇 VictorV (@vv474172261)
2. 🥈 wkai
3. 🥉 Suresh Chelladurai
4. Anonymous
5. Adnan (@adnanthekhan)
6. Dhiral Patel (@dhiralpatel94)
7. Nan Wang (@eternalsakura13) and Ziling Chen
8. Anonymous
9. @0x140ce
10. Azure Yang (@4zure9)
See the full list of this year’s 100 MVRs, in addition to our Azure, Office, Windows, and Dynamics 365 leaderboards: https://t.co/8vhDhDpr3E
#bugbounty
Two of my previously reported vulnerabilities were fixed in Microsoft's July Patch Tuesday.
And left a mark on the MSRC Q2 leaderboard. Thank you! @msftsecresponse
Shoutout to the other incredible researchers who made this quarter’s leaderboard. Your work and partnership is deeply appreciated!
@scwuaptx @niraj1mahajan @4zure9 @eternalsakura1 @Xtytia0922 @scianto05 @0xSombra @shhnjk @c0d3nh4ck @sim0nsecurity @hexnomad @AnupamAS01 @guilhermesgi
@osipov_ar Great find! Congrats! Do these qualify for a bounty?
cool to be tagged and truly honored
Shoutout to the other incredible researchers who made this quarter’s leaderboard. Your work and partnership is deeply appreciated! @dhiralpatel94 @dnpushme @HaifeiLi @sim0nsecurity @KeyZ3r0 @xtytia0922 @longgregc @hpy_insu @nevul37 @nvk0x @ashketchum_16 @niraj1mahajan @fatnass1f1ras @thisis0xczar @martin_jw @AnupamAs01 @scwuaptx @_dirkjan @ImanGurung13 @guilhermesgi
An analysis of CVE-2024-44236 - an RCE in macOS due to the lack of proper validation of “lutAToBType” and “lutBToAType” tag types. Read the details, see the source code review, and get detection guidance at https://t.co/w9r8RPClRD
@tunadv Thank you!
CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy. The Trend Research Team dives deep into this bug to look at the root cause and complexities of exploitation. They also provide detection guidance. Read the details at https://t.co/ErOqGP9VZO
@Sakana_Walnut Apologies here, but due to policy restrictions, I am unable to disclose information about this vulnerability.
This is my first time pwning Microsoft Edge. https://t.co/UjNzX1Olbb
Last Seen Users on Sotwe
Straight Gay Boy
Seen from Thailand
BIGOLIVEHOT
Seen from Indonesia
Vero Flex
Seen from Netherlands
ANDRI pijat
Seen from Indonesia
♠️♥️♦️♣️P | U | N | I | S | H | E | R 🗡🔫☠☣
Seen from Malaysia
pasutri
Seen from Indonesia
21muda
Seen from Indonesia
salsa aprilia
Seen from Indonesia
Quốc Bảo⚜️
Seen from Vietnam
Tobrut
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
61.9M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers