Công Thành Nguyễn

38 posts

Công Thành Nguyễn

@ExLuck99

Pwner, gacha player and meme maker.

Hanoi, Vietnam Katılım Kasım 2021

219 Takip Edilen465 Takipçiler

Công Thành Nguyễn retweetledi

Orange Tsai 🍊@orange_8361·2h

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

TrendAI Zero Day Initiative@thezdi

Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin

English

112

767

35.4K

Công Thành Nguyễn@ExLuck99·1d

@yunsu_dev I once got my bug patched before the contest due to someone report it to the vendor and even once got duplicated because some team write down every bug they found even the one that not used or they not exploited it yet 😂 that's the game and you all have to face it.

English

120

Công Thành Nguyễn@ExLuck99·1d

@yunsu_dev There is nothing wrong with report your bug to the vendor or any bug bounty program so you can at least get some reward for your finding. I don't know why people keep saying that "revenge" report like it a bad behaviour.

English

303

Hybirdss@hybirdssss·2d

This frame is not true. I actully asked ZDI first, and they said OK. And that is only natural. The researcher who discovers it first reports it, and my research could also be rejected or deemed a duplicate.

shimotan@shimosec

例のPwn2Ownのリベンジ0day公開のまとめ記事でてた。怖。 awesomeagents.ai/news/pwn2own-b…

English

4.8K

Công Thành Nguyễn@ExLuck99·6d

@terrynini38514 @__suto @thezdi We submit 9 entries, yesterday they said they're reviewing and this morning they reply with out of entry slot 😂

English

172

NiNi@terrynini38514·6d

@ExLuck99 @__suto @thezdi How many entries you told them you’re going to submit ?

English

181

NiNi@terrynini38514·6d

No way, we didn't receive any info about registration from @thezdi , where should we submit our 30+ fresh 0-day exploits now 😭😭😭😭😭

English

5.2K

Công Thành Nguyễn@ExLuck99·6d

@__suto @terrynini38514 @thezdi :c at least you got accepted while we got none. They said out of slot lol

English

183

Toan Pham@__suto·6d

@terrynini38514 @thezdi we submit 8 entries only accepted 2 🤣

English

2.2K

Công Thành Nguyễn@ExLuck99·6d

@SinSinology Did you get any reply from the zdi?

English

515

SinSinology@SinSinology·6d

i shit you not, last night i had a nightmare about the p2o registration, today, it became real 🥀⚰️

English

6.1K

Công Thành Nguyễn retweetledi

TrendAI Zero Day Initiative@thezdi·21 Oca

Confirmed! @ExLuck99 and @gr4ss341 of ANHTUD chained two vulnerabilities (CWE‑125 and CWE‑122) to achieve code execution on the Sony XAV‑9500ES, earning $10,000 USD and 2 Master of Pwn points in Round 3. #Pwn2Own #P2OAuto

English

2.8K

Công Thành Nguyễn@ExLuck99·23 Eki

@bl4sty Just whitepaper stuff. They want more details about the bug.

English

625

blasty@bl4sty·23 Eki

@ExLuck99 what was the rule violation?

English

1.5K

Công Thành Nguyễn@ExLuck99·22 Eki

😂 rip 10k. More careful next time.

TrendAI Zero Day Initiative@thezdi

Verified! Nao and @ExLuck99 from ANHTUD used a heap-based buffer overflow to exploit the Lexmark CX532adwe, but we penalized for a rules violation. The still earn $10,000 and 2 Master of Pwn points. #Pwn2Own

English

10.3K

Công Thành Nguyễn retweetledi

TrendAI Zero Day Initiative@thezdi·22 Eki

Confirmed! ChatGPT helped Team ANHTUD as they used 3 bugs - 1 collision, 1 unique SSRF and 1 cleartext storage of sensitive information - to exploit Home Automation Green. They finished with just 45 seconds remaining. Their work earns them $16,750 and 3.75 Master of Pwn points. #Pwn2Own

English

11.3K

Công Thành Nguyễn retweetledi

Khoa Dinh@_l0gg·24 Tem

Blog for ToolShell Disclaimer: The content of this blog is provided for educational and informational purposes only. blog.viettelcybersecurity.com/sharepoint-too… #SharePoint #ToolShell

English

247

27K

Công Thành Nguyễn@ExLuck99·14 May

ZXX

489

Công Thành Nguyễn@ExLuck99·14 May

Sadly, I can't get to Berlin in time for P2O. So, just stay at home with an <(´= ⩊ =`)> elf in my Triton console. Good luck to all contestants out there.

English

1.4K

Công Thành Nguyễn retweetledi

Mehdi@MehdiHacks·31 Oca

🧵 Mega thread on RF, SDR, ham radio, and signal hacking: I've been writing educational posts and threads on these topics. To help finding them easier, I will put all the links here. And I will link the new threads to the bottom of this meta thread every time I write one. 0/n

English

100

719

112K

Công Thành Nguyễn retweetledi

TrendAI Zero Day Initiative@thezdi·23 Oca

Confirmed! We were definitely thrilled to see @ExLuck99 and @greengrass19000 of ANHTUD use a command injection bug to exploit the Alpine IVI and leave us a special message. Their round 2 win earns them $10,000 and 2 Master of Pwn points. #P2OAuto

English

3.5K

Công Thành Nguyễn@ExLuck99·23 Oca

Thanks you and good luck.

Compass Security@compasssecurity

The #Pwn2Own schedule is out. Compass folks will show off their exploit Thursday, January 23th, 10:00 Swiss time (CET). Also wishing @_moradek_, @moe_hw, @konatabrk, @vcslab, @EQSTLab, @kiddo_pwn, @ExLuck99, @nyanctl, @SinSinology, @SummoningTeam success in pwning the Alpine IVI.

English

523

Công Thành Nguyễn@ExLuck99·23 Eki

First time onsite with a funny bug. what a memorable day in Ireland. #P2OIreland

English

1.8K

Công Thành Nguyễn@ExLuck99·22 Eki

@thezdi @pivik_ :( @pivik_ is my colleague in the Qnap bug not my twitter handle.

English

173

TrendAI Zero Day Initiative@thezdi·22 Eki

Boom! ExLuck (@pivik_) finishes Day One with a successful exploit of the #Ubiquiti AI Bullet camera. He heads off to the final disclosure of the day. #Pwn2Own #P2OIreland

English

3.2K

Công Thành Nguyễn retweetledi

Kevin2600@Kevin2600·8 Ağu

One of the must-attend talks this year is from @Yogehi. They will be sharing how @Xiaomi became the most secure mobile phone company on the planet. 🤩

English

2.8K

Công Thành Nguyễn retweetledi

TrendAI Zero Day Initiative@thezdi·27 Eki

Collision – ANHTUD was able to execute a 2-bug chain against the TP-Link Omada Gigabit Router and the Canon imageCLASS MF753Cdw for the SOHO Smashup. However, one of the bugs he used was previously known. He still earns $31,250 and 6.25 Master of Pwn points. #Pwn2Own

English

6.6K

Keşfet

@yunsu_dev @terrynini38514 @__suto @thezdi @SinSinology @gr4ss341 @bl4sty @elonmusk