2 bug no dupe. Finally I can sleep now😴

If you enjoy sailing the sea, beware! Major_Tom has found a critical security vulnerability in Raft™, allowing 0-click RCE on any online player. The vendor has remained silent for 5 months, so here are the details: synacktiv.com/sites/default/…

This was really a cool 2-bug chain which lead to RCE on Microsoft Exchange Server: - msrc.microsoft.com/update-guide/v… - msrc.microsoft.com/update-guide/e… We also rced Exchange Online. Great work from Pham Khanh <3 Follow him for upcoming blogs #tabshell

apk.sh: makes reverse engineering Android apps easier securityonline.info/apk-sh-makes-r…

A long day with so many emotions. Nearly failed in the morning. Found the solution at noon. Another vendor problem in the afternoon. Fix it at night. Finally success. Keep trying util the last minute. Thanks for our team 👍👍👍

Sometimes bug disclosures go smoothly. Then there are other times. The Dustin Childs discusses some of the adventures in vulnerability disclosure in his latest blog. zerodayinitiative.com/blog/2023/6/7/…

Success! Team Viettel (Nguyen Xuan Hoang, vudq16, Nguyễn Đình Biển, Q5Ca from VCSLab) were able to execute a single-bug attack against the Xiaomi 13 Pro. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own

Nice play. #Pwn2Own #Xiaomi13Pro

First entry end well. Hope the SOHO too.

Collision – ANHTUD was able to execute a 2-bug chain against the TP-Link Omada Gigabit Router and the Canon imageCLASS MF753Cdw for the SOHO Smashup. However, one of the bugs he used was previously known. He still earns $31,250 and 6.25 Master of Pwn points. #Pwn2Own

One of the must-attend talks this year is from Ken Gannon (伊藤 剣). They will be sharing how Xiaomi became the most secure mobile phone company on the planet. 🤩

First time onsite with a funny bug. what a memorable day in Ireland. #P2OIreland

Thanks you and good luck.

Confirmed! We were definitely thrilled to see Công Thành Nguyễn and greengrass of ANHTUD use a command injection bug to exploit the Alpine IVI and leave us a special message. Their round 2 win earns them $10,000 and 2 Master of Pwn points. #P2OAuto

🧵 Mega thread on RF, SDR, ham radio, and signal hacking: I've been writing educational posts and threads on these topics. To help finding them easier, I will put all the links here. And I will link the new threads to the bottom of this meta thread every time I write one. 0/n

Blog for ToolShell Disclaimer: The content of this blog is provided for educational and informational purposes only. blog.viettelcybersecurity.com/sharepoint-too… #SharePoint #ToolShell

Confirmed! ChatGPT helped Team ANHTUD as they used 3 bugs - 1 collision, 1 unique SSRF and 1 cleartext storage of sensitive information - to exploit Home Automation Green. They finished with just 45 seconds remaining. Their work earns them $16,750 and 3.75 Master of Pwn points.

😂 rip 10k. More careful next time.