Our research team published the Guide to the world of AFL fuzzers habr.com/en/company/dse…

chromacity: Escaping the VM with newlines. My write-up of the challenge by Niklas B. theofficialflow.github.io/2019/04/26/chr…

Nice writeup+(0x41414141) PoC for Mozilla Firefox HTML5 Stream Parsing Use-after-free Vulnerability (CVE-2018-18500) by Yaniv Frank from SophosLabs: news.sophos.com/en-us/2019/04/…

It's my honor to present at #BHUSA again! meh and I will show our research and disclose pre-auth RCEs on at least 3 leading SSL VPN vendors! blackhat.com/us-19/briefing… Black Hat

Achievement unlocked! Got RCE and the highest bounty on Twitter bug bounty program XD hackerone.com/orange

Is it possible to install IDA Pro without owning installation password? Sure, why not? devco.re/blog/2019/06/2…

Here is my challenge in WCTF 2019. github.com/scwuaptx/LazyF… Hope everyone can learn more windows heap from this challenge. About windows 10 NT heap slideshare.net/AngelBoy1/wind… I only write Chinese version slide, I will release an English version soon.

meh and I will present at #RomHack2019 this year! See you there :P

Appetizer for our #BHUSA and #DEFCON talk ! meh and I will cover more hard-core exploitations, crazy bugs chains and SSL VPN 0days in our incoming presentation! Please look forward to it :P blog.orange.tw/2019/07/attack…

Oh my god! Best server side bug of Pwnie Awards 2019, with our CTF and DEVCORE pwning queen meh

See you in DEFCON

Just drop the RCEs, slides(Black Hat will fix soon) and blog of meh and me's #BHUSA and #DEFCON talk - Infiltrating Corporate Intranet Like NSA: Pre-auth RCE on Leading SSL VPNs! Please check that and let us know if you have any questions! blog.orange.tw/2019/08/attack…

Twitter disclosed a bug submitted by orange: hackerone.com/reports/591295 - Bounty: $20,160 #hackerone #bugbounty

The last part of our Attacking SSL VPN series is out - The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study! blog.orange.tw/2019/09/attack… "If you have a nuclear level weapon, when is it ready for public disclosure?"

Getting Arbitrary Code Execution from fopen's 2nd Argument hugeh0ge.github.io/2019/11/04/Get…

New writeup, one of my favorite bugs 🤠 - Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty samcurry.net/filling-in-the… Featuring... d0nut 🦀 André Baptista Fisher José Luís Sousa Yassine Aboukir 🐐 ramsexy

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM (slides inside) blog.orange.tw/2020/09/how-i-… #HITCON

Confirmed! The DEVCORE team of Orange Tsai 🍊, Angelboy and meh used an elegant heap overflow to get code execution on the #Synology NAS during their 2nd attempt. They earn themselves $20,000 and 2 Master of Pwn points.

I know there are lots of people waiting for the recent Microsoft Exchange pre-auth RCE on our side. This is a short advisory and detailed timeline. proxylogon.com #proxylogon

A #Pwn2Own #AfterDark success! The #Devcore team used a code injection bug to take over the Lexmark MC3224i printer. They win $20,000 and 2 Master of Pwn points. They now trail Synacktiv by only 1 point. #P2OAustin #MasterOfPwn