Olivia
Online
evan
@stargravy
hacking stuff - pwn2own ☘️{25}, 🏎️ {25,26} - MSRC MVR {23,25}
Deep Space 9
Joined July 2015
1.1K Following
412 Followers
235 Posts
RCEliteLLM - Chaining an Environment Variable Leak with Jinja2 SSTI for Remote Code Execution
https://t.co/ak9bOVRG0N
A hefty root cause analysis of #Cisco Secure Firewall Management Center (FMC) RCE CVE-2026-20079 out now from our exploit dev team. The bug's a CVSS 10, but there are significant prerequisites for exploitation that limit real-world exploitability https://t.co/tc8ua0VibV
"Advanced .NET Exploitation" will be back with more deserializations and logic bugs at REcon @reconmtl
(Early bird tickets) https://t.co/s3NRKDB942
Today we are disclosing CVE-2026-2329, a critical unauthenticated stack-based buffer overflow vulnerability affecting the Grandstream GXP1600 series of VoIP phones. Check out our disclosure over on the @rapid7 blog, including technical details for unauthenticated RCE, and accompanying @metasploit modules: https://t.co/BqIcxVKv7x
Who to follow
Danny Jones Podcast 
@KONCRETE
Exploring the boundaries of free thinking. Weekly podcast with @jonesdanny
Pham Khanh
@rskvp93
Security Engineer at @calif_io. Winner of Pwn2own Vancouver 2021, Torento 2022, Vancouver 2023. MSRC top 100 2019, 2020, 2021.
mandatory.bsky.social
@IAmMandatory
Red Teamer @OpenAI, meme archivist, XSS Hunter author, DNS/TLD/web security researcher.
We just published our @rapid7 analysis of CVE-2026-1731, a critical command injection affecting BeyondTrust Privileged Remote Access (PRA) & Remote Support (RS). Unauthenticated RCE, with a root cause due to Bash arithmetic evaluation. Analysis/PoC here: https://t.co/TexLowi4Lk
Someone knows Bash disgustingly well, and we love it.
Here's our analysis of the Ivanti EPMM Pre-Auth RCE vulnerabilities - CVE-2026-1281 & CVE-2026-1340.
This research fuels our technology, enabling our clients to accurately determine their exposure.
https://t.co/BT9c78uuh5
Today we are disclosing the details of CVE-2025-40551, an unauth deserialization vuln leading to remote code execution affecting SolarWinds WebHelpDesk.
Find the technical details, indicators of compromise, and proof-of-concept exploit in the blog.
https://t.co/s4Sf3AoNlc
Collision! @stargravy targeted the Grizzl-E Smart 40A with the Charging Connector Protocol/Signal Manipulation add-on, hitting two bug collisions, still earning $15,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto
Today we are disclosing the details of CVE-2025-64155, an unauth argument injection leading to root remote code execution affecting the Fortinet FortiSIEM.
Find the technical details, indicators of compromise, and proof-of-concept exploit in the blog.
https://t.co/b6kzNUYlJF
MediaTek? More like Media-REKT!
https://t.co/61N1UO2Mg4
We just published our AttackerKB @rapid7 analysis of CVE-2025-12480. Disclosed yesterday, but patch back in July, its an access control bypass affecting not only Gladinet Triofox, but as we show, also Gladinet CentreStack. Analysis & RCE details here: https://t.co/OFuISM4fHn
Talk: https://t.co/xisgF8f6PJ
Blog: https://t.co/ObRFSvkehx
In a @BSidesDublin talk on my 0-click token theft attack in Teams meetings (reported in 2024) I suggested it would still be possible with an XSS in a valid domain
A recent @msftsecresponse blog proved it is indeed still possible and offers some mitigations
talk/blog links below
📢Video Upload📢
Happy to announce that #BsidesDublin2025 talk recordings are now live on our YouTube https://t.co/TVkDGthzpe
We have another collision. Evan Grant (@stargravy) used a single bug to exploit the QNAP TS-453E, but, unfortunately, it had been used earlier in the contest. He still earns $10,000 and 2 Master of Pwn points. #Pwn2Own
The story of how I almost pwned the Lexmark Postscript stack for Pwn2Own 2025... And I would have gotten away with it too, if it hadn't been for those meddling firmware updates!
https://t.co/yn9SSqfHmO
🛜 What happens when the convenience of network-edge NAS devices goes terribly wrong?
Read on via 'DisguiseDelimit', @the_emmons' main-stage #DEFCON33 talk-turned-whitepaper on his discovery of a critical Synology NAS vulnerability: https://t.co/ajfEHRjhfX
📢Presentations📢
We are thrilled to announce that the presentations from #BsidesDublin2025 have now been uploaded to https://t.co/8E3pqN3xAQ
Thank you again to all our speakers
[ZDI-25-799|CVE-2025-8651] (0Day) (Pwn2Own) Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability (CVSS 6.8; Credit: Evan Grant) https://t.co/KFhzsNnfjP
Last Seen Users on Sotwe
คู่บ้านๆ #รับรีทวิตจร้า
Seen from Thailand
ชอบเย็ดสาวใหญ่แม่หม้ายสาวอวบ
Seen from Thailand
مجهووول
CHUDAI CHANNEL
Seen from Indonesia
John
Seen from United States
SUKA YANG TUA
Seen from Singapore
เย็ดสาวรุ่นใหญ่
Seen from Thailand
Aylin yilmaz
Seen from Turkey
Yanti
Seen from Indonesia
KLVN
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers