Olivia
Online
YingMuo
@YingMuo
Rookie Security Researcher. Focus on IoT and learning macOS Security.
Joined July 2019
206 Following
247 Followers
11 Posts
@soaphornseuo I will.
Although I have participated in Pwn2Own Ireland/Toronto three times before, this was my first time applying for Pwn2Own Berlin. Unfortunately, I cannot show my macOS LPE at this year’s event. Rooting for my teammate this time.
Although I was the Master of Pwn at Pwn2Own Toronto 2022, this is my first time participating in #Pwn2Own in person.
It’s a shame that I can’t demonstrate the Safari exploit developed by me and @h3xr4bb1t this time nor the other exploits polished by my colleagues at DEVCORE.
We initially submitted 15 entries, including an amazing macOS LPE by @YingMuo.
https://t.co/DLooYnvQDC
The slide from my Pwn2Own QNAP NAS talk at AVTOKYO2025 was published on 11/26. But Ryuokyo Canyon was so beautiful that I completely forgot to post about it on X 😅.
You can find the slide on the AVTOKYO website:
https://t.co/R8hCyV2Sdl]
My first English presentation. 😊
Returned to QNAP TS-464 at Pwn2Own and Pwned It Again! by Jian-Lin Peng #avtokyo
Confirmed! All that's old is new again as the @DEVCOREteam used multiple injections and a format string bug(!) to exploit the QNAP TS-453E. Their unique bugs earn them $40,000 and 4 Master of Pwn points.
Boom! YingMuo (@YingMuo), HexRabbit (@h3xr4bb1t), LJP (@ljp_tw) from DEVCORE Research Team and nella17 (@nella17tw) from the DEVCORE Intern Program needed little time to exploit the QNAP TS-453E NAS device. They head off to the disclosure room to provide details. #Pwn2Own
[ZDI-25-309|CVE-2025-2146] (Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: YingMuo (@YingMuo) working with DEVCORE Internship Program.) https://t.co/wTWiT9VzJu
Confirmed! YingMuo (@YingMuo) working with DEVCORE Internship Program used an argument injection and a SQL injection to get their root shell on the QNAP TS-464 NAS. Their third-round victory gets them $20,000 and 4 Master of Pwn points. #Pwn2Own #P2OIreland
Unfortunately, YingMuo (@YingMuo) of the DEVCORE Internship Program could not get his exploit of the Canon imageCLASS MF656Cdw working within the time allotted.
I created a Linux Kernel challenge “Halloween” for the HITCON CTF Qual 2024 :). Below are the official writeup for “Halloween” and the unofficial writeups for "v8sbx" and "reEscape". Enjoy it!
Halloween & v8sbx: https://t.co/gfvtUAPq3R
reEscape: https://t.co/lcVRh9fUXa
Success! A DEVCORE Intern was able to execute a stack overflow attack against the TP-Link Omada Gigabit Router and exploit two bugs in the QNAP TS-464 for the SOHO Smashup. They earn $50,000 and 10 Master of Pwn points. #Pwn2Own
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers