Lays (@_l4ys) 's Twitter Profile
Lays

@_l4ys

Co-Founder @TrapaSecurity & @pwnabletw/ MSRC Top 100 2019&2020 /
Mobile & Windows Security

ID: 2991327068

linkhttp://blog.l4ys.tw calendar_today20-01-2015 15:12:28

2,2K Tweet

3,3K Followers

1,1K Following

Haifei Li (@haifeili) 's Twitter Profile Photo

I’m so proposing a public policy for critical internet-facing device vendors. This is Friday night, right?😅 All vendors must reward each pre-auth bug 100k USD. Bugs can be reported to gov agency or third party for independent verification. Such policy could encourage the

Lays (@_l4ys) 's Twitter Profile Photo

We should propose a new CVE standard: Calculator-Verified-Exploit Only vulnerabilities that pop calc are eligible for a CVE number

Sundar Pichai (@sundarpichai) 's Twitter Profile Photo

Just announced new versions of Gemma 3 – the most capable model to run just one H100 GPU – can now run on just one *desktop* GPU! Our Quantization-Aware Training (QAT) method drastically brings down memory use while maintaining high quality. Excited to make Gemma 3 even more

Just announced new versions of Gemma 3 – the most capable model to run just one H100 GPU – can now run on just one *desktop* GPU!

Our Quantization-Aware Training (QAT) method drastically brings down memory use while maintaining high quality. Excited to make Gemma 3 even more
Epsilon (@epsilon_sec) 's Twitter Profile Photo

About to celebrate Easter with your family but don't know what to talk about at the table? Then don't lose time and read our new article about RPAC! blog.epsilon-sec.com/cve-2025-31201…

About to celebrate Easter with your family but don't know what to talk about at the table?
Then don't lose time and read our new article about RPAC!
blog.epsilon-sec.com/cve-2025-31201…
David Weston (DWIZZZLE) (@dwizzzlemsft) 's Twitter Profile Photo

"Microsoft's David Weston describes the new feature as the most significant architectural Windows security change in a generation." Great article from Dark Reading darkreading.com/endpoint-secur…

zhiniang peng (@edwardzpeng) 's Twitter Profile Photo

New blog: Be careful of Your UDP Service: Preauth DoS on Windows Deployment Service (remote, 0-click) sites.google.com/site/zhiniangp…

Dillon Franke (@dillon_franke) 's Twitter Profile Photo

Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS. I'll talk about this and the exploitation process next week offensivecon! googleprojectzero.blogspot.com/2025/05/breaki…

DEVCORE (@d3vc0r3) 's Twitter Profile Photo

Angelboy (Angelboy) will give a talk at #OffensiveCon this week! Following his deep dive into Kernel Streaming vulnerabilities, this week, Angelboy will unveil a new set of bug classes discovered through his research on one of the most common input sources – webcam frames.

Angelboy (<a href="/scwuaptx/">Angelboy</a>) will give a talk at #OffensiveCon this week!

Following his deep dive into Kernel Streaming vulnerabilities, this week, Angelboy will unveil a new set of bug classes discovered through his research on one of the most common input sources – webcam frames.
asymmetric research (@asymmetric_re) 's Twitter Profile Photo

New blog post: An Intro to Differential Fuzzing in Rust, by .nl_gripto & Anthony Tsuei. It walks through building a pure-Rust JSON fuzzer from scratch, then extending it into a differential fuzzing harness capable of surfacing consensus bugs. blog.asymmetric.re/finding-fractu…

Angelboy (@scwuaptx) 's Twitter Profile Photo

Thrilled to share our latest deep dive into Windows Kernel Streaming! Just presented this research at offensivecon. Check it out: devco.re/blog/2025/05/1…

Lays (@_l4ys) 's Twitter Profile Photo

Just got my OSEE certification, was easier than expected but still enjoyable. Also thanks to DEVCORE for bringing this course to Taiwan!

Just got my OSEE certification, was easier than expected but still enjoyable. 
Also thanks to <a href="/d3vc0r3/">DEVCORE</a>  for bringing this course to Taiwan!
Back Engineering Labs (@backengineerlab) 's Twitter Profile Photo

Given the recent events with VMPSoft DMCA'ing educational YouTube videos demonstrating how to unpack malware protected with VMProtect, we have decided to release a free to use unpacker which works for all versions of VMP 3.x including the most recent version. Simply sign

Given the recent events with VMPSoft DMCA'ing educational YouTube videos demonstrating how to unpack malware protected with VMProtect, we have decided to release a free to use unpacker which works for all versions of VMP 3.x including the most recent version.

Simply sign
Anatomist (@th3anatomist) 's Twitter Profile Photo

🥇 first place at the @Ethereum Attackathon! huge shoutout to Immunefi and everyone who made this comp legendary. we’ll be breaking down some of our most interesting findings next. Stay tuned👀

InfoGuard Labs (@infoguard_labs) 's Twitter Profile Photo

New blog post: Fuzzing Microsoft Defender's mpengine.dll using snapshot fuzzing (WTF, kAFL/NYX). We uncovered several out-of-bounds read & null dereference bugs that can crash the main Defender process on a file scan. Details -> labs.infoguard.ch/posts/attackin…

DARKNAVY (@darknavyorg) 's Twitter Profile Photo

Meet our new buddy, Argusee — an AI-powered, automated vulnerability hunter that has already discovered 15+ vulnerabilities across projects, including a previously unknown Linux kernel flaw (CVE-2025-37891) enabling LPE. Demo and details: darknavy.org/blog/argusee_a…

NiNi (@terrynini38514) 's Twitter Profile Photo

"For anyone who dares to call themselves a researcher, this exam should be easy enough to make you laugh." blog.terrynini.tw/en/2025-OSEE-E… My new blog post shares my thoughts on OSEE. Where is the learning path? Where is the value of the course? Is the course still relevant today? Will