An Pham

92 posts

An Pham

@D0ct3rStr

Push harder everyday

Vietnam Katılım Nisan 2018

176 Takip Edilen89 Takipçiler

An Pham@D0ct3rStr·2d

@desckimh I can only land rce lm studio, i stucked on Ollama

English

805

kimh@desckimh·2d

@D0ct3rStr Found some 0-day RCEs in Ollama and LM Studio and submitted my entries for Pwn2Own. Both are still unpatched, so I’m gutted I won’t be making it this time 😢 I’ll be posting the full analysis once the fixes are out :)

English

2.8K

kimh@desckimh·2d

Missed out on Pwn2Own2026 Berlin because it was way too crowded this time. 🥲 Well, here’s the Ollama RCE that I was going to bring. Still unpatched and working (v0.22.1 in the video, but still working)

English

471

50.9K

An Pham@D0ct3rStr·2d

@_mccaulay haha same

Filipino

589

McCaulay@_mccaulay·2d

ZXX

249

13.9K

An Pham@D0ct3rStr·2d

Okay let's go home guys @thezdi

English

7.4K

An Pham@D0ct3rStr·2d

@__suto @j3ssie @thezdi hic em submit bug từ 21/4 lận cơ

Tiếng Việt

144

Toan Pham@__suto·2d

@j3ssie @D0ct3rStr @thezdi Em gửi email trễ + submissions của em quá nhiều đội đăng kí trước đó, tụi anh gửi ngày cuối nhưng chỉ được nhận 2/7 như trên đó, nên anh đoán vậy.

Tiếng Việt

117

An Pham@D0ct3rStr·3d

@thezdi do I really need a Token Assigned for competing Pwn2own ? I've received the invitation letter for Visa before but the process is so vague

Qrious Secure@qriousec

5 folks x 2months x 26 0days : found - fixed - found new - ready to fight 😎 ( We requesting zdi to swap Esxi with LM studio 🙏 )

English

An Pham@D0ct3rStr·2d

@__suto @thezdi ơ thật à anh 💀💀💀

Tiếng Việt

181

Toan Pham@__suto·3d

@D0ct3rStr @thezdi ko có token thì không có slot thi nha e, chắc bọn nó quên gửi email no slot cho team em.

Tiếng Việt

172

An Pham@D0ct3rStr·2 May

@bunjavascript crazy work, thank you for all your work

English

245

Bun@bunjavascript·2 May

`Bun.Image` also has a `.placeholder()` method to generate a low quality image placeholder for an image, suitable for inlining into static HTML to quickly display a placeholder while the content loads.

English

242

25.2K

Bun@bunjavascript·2 May

In the next version of Bun `Bun.Image` - fast builtin multi-format image processing library

English

202

303

5.3K

1.7M

An Pham@D0ct3rStr·19 Nis

@PinkDraconian wait wtf thats cool

English

309

PinkDraconian@PinkDraconian·19 Nis

This bug being laughed is one I reported to Google. It was a small side-issue found during my research. But definitely still a security boundary being crossed. If I perform actions on a site, then I don't want that site being able to steal files I've uploaded on another site

English

164

19.6K

An Pham@D0ct3rStr·16 Nis

@thezdi hello @thezdi can you please be faster on replying to my mail towards invitation letter for my Germany Visa process ? (phvietan)

English

146

TrendAI Zero Day Initiative@thezdi·12 Mar

Announcing #Pwn2Own Berlin 2026! We've got 10 categories for targets, including an expanded #AI target list. We have 4 AI categories - including coding agents (looking at you #Claude). More than $1,000,000 in cash & prizes available. Read the details at zerodayinitiative.com/blog/2026/3/11…

English

172

43.7K

An Pham@D0ct3rStr·21 Şub

Late good bye to LINE Corp, it was a great experience working as Security Engineer. Thank you my boss @jz__ and my friend @03sunf , I appreciate all the things we did. Here are some recap blog.drstra.in/posts/new-life/

English

312

An Pham@D0ct3rStr·21 Şub

@YShahinzadeh @samm0uda I think it's quite easy if you already solved the Amir's chall

English

161

YS@YShahinzadeh·19 Şub

Yousef (@samm0uda) gave me a challenge few days ago, it's a redesign of Amir's recent challenge, the solution is quite interesting, I was able to solve it in 10 minutes as I'd previously debugged QS library it, I highly RECOMMEND it, the source code: gist.github.com/samm0uda/91efe…

YS@YShahinzadeh

this is the best challenge of 2026 so far. the idea is crazy. BIG shout out to him for the creatinvity. I think it's very practical due to the inconsistency between layers that happens in daily hunting, HIGHLY recommended =]

English

231

26.7K

An Pham@D0ct3rStr·20 Şub

@Zackary_Chapple @honojs yea nestjs so bloated with templates

English

761

Zack Chapple@Zackary_Chapple·20 Şub

And with this PR 2 years with of NestJS code is gone and we're officially on @honojs

English

704

68.2K

An Pham@D0ct3rStr·10 Şub

@AmirMSafari nvm solved it

English

509

An Pham@D0ct3rStr·10 Şub

@AmirMSafari any hint please ? I found out some character in qs.parse with allowPrototypes true causes the parsed value different with URLSearchParams but URLSearchParams is so simple that any character is not stripped or anything so have to use the "redirect_uri" anyway, which cannot bypass

English

2.8K

AmirMohammad Safari@AmirMSafari·8 Şub

Can you spot the XSS vulnerability? 👀 Test it out live at: pwnbox.xyz

English

331

153.6K

An Pham@D0ct3rStr·5 Şub

@TheGracia_here that's great article

English

120

Strace@straceX·4 Şub

x.com/i/article/2018…

ZXX

654

56.5K

An Pham@D0ct3rStr·20 Eki

@goldleo01 yes I created it haha

English

goldleo1@goldleo01·20 Eki

@D0ct3rStr oh, did you wrote the level-up chall?

English

goldleo1@goldleo01·19 Eki

Level-Up was very fun. And I also writeup for this chall. If you interested in line ctf's chall, I recommend you to read the writeup below. goldleo1.github.io/posts/line-ctf…

Plain@0xp1ain

Finished LINE CTF in 10th place with hypersonic team due to overlap with another ctf, I only solved one web chall (level-up) (@goldleo01 thanks for your contribution) + advancing to finals with 2nd place in whitehat conteest : )

English

740

An Pham@D0ct3rStr·19 Eki

@yusukebe omg i love Hono

English

130

Yusuke Wada@yusukebe·19 Eki

When I started writing Hono 4 years ago, I was alone. Now, Hono has 26K starts, 9M/mo downloads, 687 contributors. Yesterday. We did Hono Conference. 184 came in person. 184? Who was expecting this? 184 people were there for my software, which I wrote alone. Tomorrow never knows