strellic

We've had a renderer RCE -> UXSS exploit on Samsung phones since last November, in collaboration with @cor_ctf. Full writeup coming next week.

@fl0ct0 happy birthday!!

🎉

We finished 1st place at DiceCTF 2026 Quals! Looking forward to seeing everyone (and hopefully a big steak) in New York. 🗽🥩

Devin testing has been a huge unlock. Here's a full uncut video of Devin testing a new banner it made in Windsurf. It did the full testing flow on its own - Built local Windsurf - Opening the developer console - Modifying local storage - Validating the alert is triggered upon refresh Of course, there's still rough edges (Devin fumbled around to open the developer tools), but the future may be closer than we think!

Introducing Devin 2.2 – the autonomous agent that can test with computer use, self-verify, and auto-fix its work. Try it for free! We’ve also overhauled Devin from the ground up: - 3x faster startup - fully redesigned interface - computer use + virtual desktop ...and hundreds more UX and functionality improvements.

@RenwaX23 congrats!!

Renwa 🎓 MSc. Information Security

Meet Devin Review: a reimagined interface for understanding complex PRs. Code review tools today don’t actually make it easier to read code. Devin Review builds your comprehension and helps you stop slop. Try without an account: devinreview.com More below 👇

@MaitaiThe @SinSinology lmaooo

@SinSinology @strellic is this funnylogin?

stay truthy.

A POC for CVE-2025-55182 gist.github.com/maple3142/48bc…

We are announcing the results of ICC TOKYO 2025! The overall rankings are: 1st place - TEAM EUROPE, 2nd place - TEAM ASIA, and 3rd place - US CYBER TEAM! The winner of Jeopardy was TEAM EUROPE, and the winner of A&D was EUROPE! #icctokyo2025

US Cyber Team has already solved the first challenge — and their character just made an appearance on screen! At this year’s competition, we’re visualizing the challenges under the theme of “an experience everyone can enjoy intuitively.” Check it out here: icctokyo2025.nisc.go.jp/en/ctf/

こちらはUSサイバーチームです。 画面に釘付けとなり、集中力はMAXです！ #icctokyo2025

@sahuang97 Happy birthday!! 🎉

10/10 (Still working though)🎂

🍰 :))

Bad auditors miss obvious bugs. We built an AI tool that finds them. Introducing V12: the only autonomous Solidity auditor that actually finds Highs and Criticals. We'll be releasing it for free. V12 finds Crits in Zellic audits, High/Mediums in Cantina, and a bug in Pendle.

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) willsroot.io/2025/09/ksmbd-… Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration!

corCTF 2025 begins in an hour! Come register at 2025.cor.team 😎 We have everything from easy challenges to an AMD uarch attack, a web service 0-day, and an Android LPE exploit👀

On your marks, set, pwn in 24 hours!🚩 Come register for corCTF 2025 at 2025.cor.team 😎, our prize pool is over 10k USD🤑

You’re probably using WebViews wrong. There are a million ways to use a WebView wrong. Properly securing a WebView is hard. In this thread, we’ll cover common vulnerabilities in wallet WebView implementations and the ways to properly secure WebViews.