🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

wiki.openstack.org/wiki/OSSN/OSSN…

writeup for #OpenStack Admin Account Takeover due to Unsafe Environment Handling in MuranoPL sites.google.com/site/zhiniangp…

2 Preauth RCE we reported on Nvidia Triton Inference Server patched this month, The current security state of AI infrastructure is fragile. nvidia.custhelp.com/app/answers/de…

Two different bugs happened in different RPC call, different function, different class, but with similar pattern Merged by MSRC. I am not satisfied with the reason at all.

Had a nice time at #HITBxPHDays in Bangkok

Preauth RCE on NVIDIA Triton Server, the current security state of AI infrastructure is fragile sites.google.com/site/zhiniangp…

Here is our slides for Zer0con 2024, Escaping the Sandbox (Chrome and Adobe Pdf Reader) on Windows sites.google.com/site/zhiniangp…

our jumpserver preauth RCE is nominated for Pwnie Award this year

I spent some time this week studying some talk of a recent top conference in cybersecurity (I won’t mention its name), which was a lot of nonsense.🤖

See you at #TheSAS2024

#TheSAS2024 My first time at SAS. It's one of the best security conferences I ever experienced. Highly recommended! TheSAS2025

Sharing our slides for #Blackhat EU 2024: Diving into Spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer Driver github.com/edwardzpeng/pr…

Sharing slides for another #blackhat EU 2024 talk of us: (Enhancing Automatic Vulnerability Discovery for Windows RPC/COM in New Ways) github.com/edwardzpeng/pr…

For years, there were no memory corruption exploitation in #Office. I once thought it was extremely difficult to achieve. But after recent research on Office, I believe it's feasible to write exploits for Office memory corruption bugs.

Checked out #BlackHat Asia 2025's talks. Surprised to see so many academic presentations - feels like some of them just pasted papers onto slides. This is not my vibe. Did the security research community change?

Sharing our slides for Blackhat Asia 2025 and NDSS 2025: github.com/edwardzpeng/pr…

New blog: Be careful of Your UDP Service: Preauth DoS on Windows Deployment Service (remote, 0-click) sites.google.com/site/zhiniangp…

Excited to announce our talk has been accepted by Black Hat #BHUSA!🥳🥳🥳 In my part of presentation, I’ll cover logic-based pre-auth remote vulnerabilities uncovered via novel abuse of Windows native HTTP API. Can't wait to see y'all in Las Vegas! blackhat.com/us-25/briefing…

CVE-2025-29957 is actually another bug we reported to Microsoft. The bug I blog about have the same impact, but Microsoft still didn't fix it, and will not fix it. sites.google.com/site/zhiniangp…