🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Remember CVE-2024-4577, the PHP-CGI RCE bypass? Actually, the Best-Fit 'feature' also impacts non-CJK codepages such as locales in the Americas, Western Europe, Oceania, and more! splitline 👁️🐈‍⬛ and I will share these cool findings at Black Hat! 🔥 Let's make argument

We’ve released Part II of our Windows Kernel Streaming series!

Tips for Pwn2Own player: pick a target that no one care, then you got no collision. Shout out to my colleague: HexRabbit We manage to bypass all the hardware protection together 🎉

I love CRLF Injection 😜

Dropped my slide for POC2024 on Linux kernel exploitation, including a journal from Pwn2Own Vancouver earlier this year. Enjoy 🙂. u1f383.github.io/slides/talks/2…

./ splitline 👁️🐈‍⬛ and I will be in London for Black Hat Europe next week. Let's see how many calcs we will pop! 😉 #BHEU Black Hat blackhat.com/eu-24/briefing…

Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit for early access and the slides! Huge thanks to Black Hat and my awesome co-presenter splitline 👁️🐈‍⬛! 🐈‍

Squirrels in London are really cute!

The detailed version of our #WorstFit attack is available now! 🔥 Check it out! 👉 blog.orange.tw/posts/2025-01-… cc: splitline 👁️🐈‍⬛

Voting for the Top 10 Web Hacking Techniques of 2024 is live! Two of my research are nominated — Give them a vote! 🔥 > Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! > WorstFit: Unveiling Hidden Transformers in Windows ANSI!

The results are in! We're proud to announce the Top ten web hacking techniques of 2024! portswigger.net/research/top-1…

This is absolutely the greatest recognition for a researcher. Thank you all!

The blog post is the full version of my talk at 38c3. It's about some vulnerabilities we found in libarchive and some interesting behaviors of libarchive that you don't want to miss. My favorite part is it only took us 56 seconds to trigger a crash by AFL++.

Come join us at the Ask A Security Expert session at Black Hat Asia on April 4th! I'll be there with Orange Tsai 🍊, @ryan_flores, and Marina Krotofil 🇺🇦🌻 answering your cybersecurity questions. Submit your topics in advance using the form on the event page. Looking forward to seeing you!

Another day, another bug of mine got listed in CISA's KEV. Why does everyone love my bugs (sigh...)? BTW, great article by SinSinology again!

Thrilled to share our latest deep dive into Windows Kernel Streaming! Just presented this research at offensivecon. Check it out: devco.re/blog/2025/05/1…

I don't have OSCP—instead, I have OSEE! 🎉