Share cho người em

After many bypass attempts and creating several gadgets for RCE on Apple, and after a looooooooong wait… we finally got it! Khoa Dinh #BugBounty

Write-up cho bài đăng của anh tuo4n8. Chuyện đã lâu rồi có nhiều thứ mình không còn nhớ. - No outbound Gadgets for CVE-2019-16891. - New JDBC attack chain. For English speakers, please use Google Translate. l0gg.substack.com/p/journey-into…

Confirmed!! Dinh Ho Anh Khoa (Khoa Dinh) of Viettel Cyber Security combined an auth bypass and an insecure deserialization bug to exploit #Microsoft SharePoint. He earns $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OBerlin

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by Khoa Dinh to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to Markus Wulftange

While waiting for the Pwn2Own chain, you might want to read this. Disclaimer: This is a bug I discovered by accident, and already been resolved. I’m not sure which CVE or patch this maps to. If you know any information, please feel free to leave a comment blog.viettelcybersecurity.com/sharepoint_pro…

The bug in my previous blog is CVE-2024-38018 of Piotr Bazydło 🫡. Really want to update the blog & tweet but I can't 😅 zerodayinitiative.com/advisories/ZDI…

Nice Khang Phan 🎉🎉

Viettel Cyber Security Press Release for Customer alert, Latest research and Recommendations. Blog is comming viettelsecurity.com/microsoft-shar… #SharePoint #ToolShell

🚨 Shocking impact from the SharePoint vulnerability we found at Pwn2Own! 😱 Despite our efforts to patch it 🤝, many systems are still at risk ⚠️. Secure yours now! 🔒 Details: blog.viettelcybersecurity.com/toolshell-a-cr…