#POC2024 kicks off this week! 🚀 Catch Pumpkin (Pumpkin 🎃)’s debut talk on his breakthrough exploitation technique from #Pwn2OwnVancouver2024: "How I use a novel approach to exploit a limited OOB on Ubuntu at Pwn2Own Vancouver 2024". #VulnerabilityResearch #Ubuntu #CyberSecurity

Angelboy (Angelboy) takes the CODE BLUE stage in Japan with his latest insights into Windows Kernel vulnerabilities. Don’t miss it! #MSRC #VulnerabilityResearch #codeblue_jp

This month, Orange Tsai 🍊 and splitline 👁️🐈‍⬛ revealed a new attack surface at #BHEU, uncovering Windows's deepest Unicode Transformer with wide impacts on well-known applications and OSS projects. Explore the pre-release site while we prepare the full blog: worst.fit

Congrats to NiNi on his debut at the 38th Chaos Communication Congress (CCC)! He’ll be presenting “From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11,” diving into several vulnerabilities in libarchive—including a RCE exploit.#38c3

🤘Congrats Orange(Orange Tsai 🍊) and Splitline(splitline 👁️🐈‍⬛) on making it to 2024 Top 10 Web Hacking Techniques! Check out their groundbreaking research: portswigger.net/research/top-1…

Our latest deep dive explores libarchive vulnerabilities under recent Windows 11 updates. 🔍🔓 Check out NiNi's (NiNi) technical write-up for key insights and security implications. Read more here: devco.re/blog/2025/02/1… #VulnerabilityResearch #Cybersecurity

DEVCORE CONFERENCE 2025 wrapped, from red team assessment roots to now featuring satellite security, PhaaS, cloud security, exploit hunting and more. Huge thanks to our guest speakers Echo, John, Ashley, GD, and Vic Huang for sharing their cutting-edge research! #cybersecurity

Based on last year’s talk at #DEVCORECONFERENCE, our Red Team expert XY breaks it all down in a new blog. over 50% of organizations still have risky AD CS setups—and yes, full domain takeover is still happening. Read more: devco.re/blog/2025/04/1… #CyberSecurity #RedTeam #ADCS

Big congrats to NiNi on earning Taiwan’s First OffSec OSEE Certification 🙌 After completing Taiwan’s first OffSec Live Training EXP-401 in August last year, NiNi from our research team has officially passed the OSEE exam! #OffSec

Angelboy (Angelboy) will give a talk at #OffensiveCon this week! Following his deep dive into Kernel Streaming vulnerabilities, this week, Angelboy will unveil a new set of bug classes discovered through his research on one of the most common input sources – webcam frames.

Our first confirmation of #Pwn2Own Berlin! Pumpkin (Pumpkin 🎃) from DEVCORE Research Team used an integer overflow to escalate privs on Red Hat Linux. He earns $20,000 and 2 Master of Pwn points. #P2OBerlin

We have another collision. Although Angelboy (Angelboy) from DEVCORE Research Team successfully demonstrated their privilege escalation on Windows 11, 1 of the 2 bugs he used was known to the vendor. He still wins $11,250 and 2.25 Master of Pwn points. #Pwn2Own

Our latest deep dive explores research on Windows Kernel Streaming. Check out Angelboy’s (Angelboy) write-up for key insights and analysis. Read more here: devco.re/blog/2025/05/1… #VulnerabilityResearch #Cybersecurity #WindowsKernel #OffensiveCon

Check out Nini's (NiNi) blog on his experience with the #OffSec EXP-401 course and #OSEE certification exam! devco.re/blog/2025/05/2… We'll be hosting EXP-401 again in Taipei, alongside PEN-300 and WEB-300. Don’t miss out! training.devco.re/2025

#Ubuntu’s new AppArmor-based sandbox aimed to limit untrusted access to user namespaces & io_uring. But it wasn’t foolproof. Pumpkin (Pumpkin 🎃)’s latest blog shows how he bypassed it—covering the issue, technical details & reporting process. devco.re/blog/2025/06/2… #Linux

How tough is the OffSec #OSEE exam? Orange (Orange Tsai 🍊) lays out his exam-prep journey, personal reflections, and the key lessons from the EXP-401 (AWE) course. Explore the full story (TC) here: devco.re/blog/2025/07/0…

Thanks PortSwigger and Bug Bounty Village for this awesome event — and also to my DEVCORE buddies for standing on stage to collect the trophy for me! A little follow-up article on this research is coming soon... stay tuned! 🤘

Congrats to Orange (Orange Tsai 🍊) for making PortSwigger’s Top 10 Web Hacking Techniques again — and to splitline (splitline 👁️🐈‍⬛) for the debut. #1 Confusion Attacks — Apache HTTP Server devco.re/blog/2024/08/0… #4 WorstFit — Windows ANSI devco.re/blog/2025/01/0… #DEFCON