Finally, I can use the skills I studied so hard 13 years ago!

Hi folks, So, anyone has any idea how to make direct contact with the CTFTime team (maybe they’re on holiday) ? Our TetCTF2023 will start in the next 9-10 days but the CTF event is still not listed on CTFTime :'(. (1/2)

My Twitter Interaction Circle Generate yours at funaroundy.click/twittercircle ⠀

#microsoft #exchange #RCE #tabshell #owassrf #PowerShell #tabexpansion #bugbountytips #viral #xuhuớng

This might be the best compilation of critical issues/exploits from 2022, with explanations. If you want to do good as an auditor make sure you understand how those attacks work. Thanks patrickd this is golden🫡 ventral.digital/posts/2022/12/…

Oracle EBS Unauth RCE #CVE-2022-21587 analysis from our researchers vudq16 Q5Ca Nguyen Xuan Hoang blog.viettelcybersecurity.com/cve-2022-21587…

Good works 👍 BlockSec successfully blocked an attack to rescue 2,906 ETH. etherscan.io/tx/0xe3f0d14cf… Then the attacker left a message: etherscan.io/tx/0x8eb65ef10…

Now we are back with 2 entries. Come on! zerodayinitiative.com/blog/2023/3/21…

Success! Janggggg of starlabs was able to execute a 2-bug chain on Microsoft SharePoint. They earn $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OVancouver

Success! Nguyen Xuan Hoang, Pham Khanh, and Q5Ca from Team Viettel (VCSLab) used a 2-bug chain in their attempt against Microsoft Teams. They earn $75,000 and 8 Master of Pwn points.

Success! dungdm (piers) of Team Viettel (VCSLab) used an uninitialized variable and a UAF bug to exploit Oracle VirtualBox. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own #P2OVancouver

PeckShieldAlert PeckShield Inc. SlowMist BlockSec CZ 🔶 BNB and BLVCK pointed out the exploit block 26864890 has only one transaction. We need some explanation from Ankr ?

* People ask LLMs to write code * LLMs recommend imports that don't actually exist * Attackers work out what these imports' names are, and create & upload them with malicious payloads * People using LLM-written code then auto-add malware themselves vulcan.io/blog/ai-halluc…

Nice play. #Pwn2Own #Xiaomi13Pro

That's a wrap on #Pwn2Own Toronto 2023! We awarded $1,038,250 for 58 unique 0-days during the event. Congratulations to Team Viettel (VCSLab) for winning Master of Pwn with $180K and 30 points. We'll see you at Pwn2Own Automotive in Tokyo next January.

Congrats Khoa Dinh! You did the thing I thought was impossible. Hard work pays off 💪

Just a quick reminder: Copilot on microsoft365.com (m365.cloud.microsoft/chat) is not on scope for bounty 🥲 duongq5ca.substack.com/p/another-micr…

Ước 🥹