Confirmed! Verichains Cyber Force chained two unique bugs - including an auth bypass - to exploit the Synology DS925+ and run code as root. Their work earns them $20,000 and 4 Master of Pwn points. #Pwn2Own
📦 Storage unlocked! Le Trong Phuc & Cao Ngoc Quy of Verichains Cyber Force just cracked the @Synology DS925+ at #Pwn2Own. A brief DNS issues delayed them, but they couldn't be stopped. They're off to the disclosure room to explain what they did. #P2OIreland
Verichains is glad to have helped unveil the root cause behind the largest Web3 hack—$1.4 billion on @Bybit_Official’s Multisig @Safe Wallet!
This hack is a strong wake-up call as Web3 security isn’t just about on-chain transactions or smart contracts — it also relies on traditional Web2 components like private keys, frontends, backends, oracle data, etc — which are prone to exploitation & manipulation.
Verichains has released a new security advisory VSA-2022-120, exposing a key extraction vulnerability in Multichain's fastMPC. Kudos to @MultichainOrg for the swift response and bug bounty.
Keep an eye out for upcoming advisories on critical attacks targeting popular MPC implementations.
https://t.co/Ip1wdyjcAK
We're really happy to share our improvements and some experiments for the CookieMonster tool.
Weaponizing Monster for Cookies Attacks: https://t.co/zUlvGEHTkr
Also include burp-extender plugin for burp suite. Hope you guys enjoy it.
~Cheers,
VSRC
Ladies and Gentlemen: The new Dojo opens to welcome black belt Hackers to fight for honor!!! #VSRC
Liferay revisited: A tale of 20k$. https://t.co/Opa58lorMO
Hope you guys enjoy it and stay tuned for more technique writeups / blogs / exploits ... will come.
~Cheers,
VSRC