hackyboiz (@hackyboiz) 's Twitter Profile
hackyboiz

@hackyboiz

Vulnerability Research Team
Blog & Newsletter

ID: 1710910212608348160

linkhttps://linktr.ee/hackyboizteam calendar_today08-10-2023 06:49:31

250 Tweet

1,1K Followers

264 Following

hackyboiz (@hackyboiz) 's Twitter Profile Photo

[1day1line] CVE-2025-54309: Admin Privilege Escalation via AS2 Validation Vulnerability in CrushFTP hackyboiz.github.io/2025/09/03/cla… A vulnerability in CrushFTP caused by improper AS2 validation and a race condition allows attackers to escalate privileges and gain crushadmin access.

hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Research] MCP (Model Context Protocol) Part 2 Hello! This is romi0x. Today, I’m back with Part 2 of the MCP series, following up on the previous post! In this article, I focused on explaining how MCP works internally. Check it out on my blog right now! hackyboiz.github.io/2025/09/02/rom…

[Research] MCP (Model Context Protocol) Part 2

Hello! This is romi0x.

Today, I’m back with Part 2 of the MCP series, following up on the previous post!
In this article, I focused on explaining how MCP works internally.

Check it out on my blog right now!
hackyboiz.github.io/2025/09/02/rom…
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Hacking Tweet 🐥] 🏴‍☠️I've been to this camp! The hacking camp took place over two days and one night from August 30th to August 31st! We've included an introduction to the hacking camp and reviews from participating team members. Check it out now! 👉 maily.so/hackyboiz/post…

[Hacking Tweet 🐥] 🏴‍☠️I've been to this camp!
The hacking camp took place over two days and one night from August 30th to August 31st!
We've included an introduction to the hacking camp and reviews from participating team members.
Check it out now!

👉 maily.so/hackyboiz/post…
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[1day1line] CVE-2025-9074: Windows/macOS Docker Container Escape Vulnerability A container escape vulnerability occurs because the Docker Engine API is exposed inside the container without any authentication or access restrictions. hackyboiz.github.io/2025/09/06/l0c…

hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Research] smart contracts auditing 101 for pwners - PART 1 (EN) hackyboiz.github.io/2025/09/07/d4t… Hello, this is d4tura. In this research post, I summarize the core concepts required to solve the smart contract wargame "Damn Vulnerable DeFi." From the perspective of a 'pwner' more

[Research] smart contracts auditing 101 for pwners - PART 1 (EN)

hackyboiz.github.io/2025/09/07/d4t…

Hello, this is d4tura. In this research post, I summarize the core concepts required to solve the smart contract wargame "Damn Vulnerable DeFi."  
From the perspective of a 'pwner' more
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[1day1line] CVE-2025-54878: NASA CryptoLib Heap Buffer Overflow leading to DoS hackyboiz.github.io/2025/09/10/OUY… Today's 1day-1line features a critical vulnerability in NASA CryptoLib. A heap buffer overflow in the telecommand frame handling logic allows an attacker to corrupt heap

hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Research] LLVM based VMProtect Devirtualization: Part 1 (EN) hackyboiz.github.io/2025/09/11/ban… Hello, this is banda. In this post, I summarize the process of analyzing and devirtualizing VMProtect’s virtualization obfuscation using LLVM-based techniques. I also experimented with

[Research] LLVM based VMProtect Devirtualization: Part 1 (EN)

hackyboiz.github.io/2025/09/11/ban…

Hello, this is banda. In this post, I summarize the process of analyzing and devirtualizing VMProtect’s virtualization obfuscation using LLVM-based techniques. I also experimented with
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Hacking Tweet 🐥] ☠️ Serving Up DEF CON 33! Last August, OUYA77 joined DEF CON 33! From running the Aerospace Village booth to competing in the DEF CON CTF Finals as part of team Sigor J’abson 🎯 Check out the full story from the heart of Las Vegas, where DEF CON heated things

[Hacking Tweet 🐥] ☠️ Serving Up DEF CON 33!

Last August, OUYA77 joined DEF CON 33!
From running the Aerospace Village booth to competing in the DEF CON CTF Finals as part of team Sigor J’abson 🎯
Check out the full story from the heart of Las Vegas, where DEF CON heated things
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Research] CVE-2024-54489 Analysis from Security Updates(EN) Hello, this is ji9umi. This post covers the CVE-2024-54489 vulnerability discovered in macOS's Disk Utility. Based on the published patch information, it details the vulnerability's root cause and the process of

[Research] CVE-2024-54489 Analysis from Security Updates(EN)
Hello, this is ji9umi.
This post covers the CVE-2024-54489 vulnerability discovered in macOS's Disk Utility. Based on the published patch information, it details the vulnerability's root cause and the process of
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Research] Rehosting - Part 1 Hello, this is tobe. In this post, I've summarized Rehosting technology, which enriches hardware emulators, and the HALucinator emulator that utilizes it. For details, please refer to the blog! hackyboiz.github.io/2025/09/14/poo… #embedded #HALucinaotr

[Research] Rehosting - Part 1

Hello, this is tobe.
In this post, I've summarized Rehosting technology, which enriches hardware emulators, and the HALucinator emulator that utilizes it.

For details, please refer to the blog!

hackyboiz.github.io/2025/09/14/poo…

#embedded #HALucinaotr
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[1day1line] CVE-2025-6752: RCE Vulnerability in Linksys WRT1900ACS, EA7200, EA7450, and EA7500 due to Stack-based Buffer Overflow hackyboiz.github.io/2025/09/17/new… Today's briefing covers CVE-2025-6752, a Stack-based Buffer Overflow vulnerability leading to RCE that affects multiple

hackyboiz (@hackyboiz) 's Twitter Profile Photo

Hello! Today’s 1day1line is about CVE-2025-53770 (RCE) & CVE-2025-53771 (Auth bypass) in SharePoint — linked to earlier CVE-2025-49704 & 49706. These vulnerabilities affect on-premises Microsoft SharePoint. Check out the post! hackyboiz.github.io/2025/09/20/bek…

hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Research] Paper Review: “LLMxCPG: Context-Aware Vulnerability Detection Through Code Property Graph-Guided Large Language Models” (EN) hackyboiz.github.io/2025/09/22/l0c… In this research post, I briefly review a paper from USENIX Security '25. It introduces a system that detects

[Research] Paper Review: “LLMxCPG: Context-Aware Vulnerability Detection Through Code Property Graph-Guided Large Language Models” (EN)

hackyboiz.github.io/2025/09/22/l0c…

In this research post, I briefly review a paper from USENIX Security '25. It introduces a system that detects
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[1day1line] CVE-2025-9961: Arbitrary Code Execution Vulnerability Due to Stack Buffer Overflow in CWMP Binary of TP-Link AX10, AX1500 hackyboiz.github.io/2025/09/24/poo… Today's one-line update is about a stack buffer overflow vulnerability discovered in TP-Link routers. This vulnerability

[1day1line] CVE-2025-9961: Arbitrary Code Execution Vulnerability Due to Stack Buffer Overflow in CWMP Binary of TP-Link AX10, AX1500

hackyboiz.github.io/2025/09/24/poo…

Today's one-line update is about a stack buffer overflow vulnerability discovered in TP-Link routers. This vulnerability
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Hacking Tweet🐥] What if an AI did your group project? maily.so/hackyboiz/post… Not long ago, a mysterious user took the #1 spot on the HackerOne U.S. regional leaderboard. It turns out, that user was an AI from XBOW! How could an AI find so many vulnerabilities and climb to

[Hacking Tweet🐥] What if an AI did your group project?

maily.so/hackyboiz/post…

Not long ago, a mysterious user took the #1 spot on the HackerOne U.S. regional leaderboard. It turns out, that user was an AI from XBOW! 
How could an AI find so many vulnerabilities and climb to
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Research] Starting Chrome Exploitation with Type Confusion 101 ^-^☆ Part 3. hackyboiz.github.io/2025/09/26/OUY… Hello — OUYA77 here. While writing my Chrome research post I found there’s more related material than I expected, so I’ve been debating how much to include and how deep to go.

[Research] Starting Chrome Exploitation with Type Confusion 101 ^-^☆ Part 3.
hackyboiz.github.io/2025/09/26/OUY…

Hello — OUYA77 here. While writing my Chrome research post I found there’s more related material than I expected, so I’ve been debating how much to include and how deep to go.
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[1day1line] CVE-2025-48062: HTML Injection via emails sent for Topic invitations in Discourse hackyboiz.github.io/2025/10/01/ji9… Today’s one-liner covers an HTML injection vulnerability found in Discourse’s email sending flow due to insufficient input validation. When invitation emails

[1day1line] CVE-2025-48062: HTML Injection via emails sent for Topic invitations in Discourse

 hackyboiz.github.io/2025/10/01/ji9…

Today’s one-liner covers an HTML injection vulnerability found in Discourse’s email sending flow due to insufficient input validation. When invitation emails
hackyboiz (@hackyboiz) 's Twitter Profile Photo

[Research] Custom Lua Script Decompile (EN) hackyboiz.github.io/2025/10/04/new… Hello! This is newp1ayer48! In this post, I'll covers the analysis of custom Lua scripts and how to patch luadec! For more details, please check out the blog!