Resery

@minamikazecafe tql

I've written a new post outlining the general Android app installation process based on AOSP, not specific to Samsung or the reported vulnerability, highlighting key aspects that enable silent app installation. konata.github.io/posts/android-…

konata.github.io/posts/samsung-… Samsung’s ISVP: Betraying the Trust of Security Researchers @SamsungMobile

@0xp0kerface 刚看第一秒愣了一下，我寻思哪个国际友人得了😂

Thanks for Mr. Lei Jun's recognition. I was selected into Xiaomi's Young Engineer Program.

@ele7enxxh @Hacker0x01 tql

Proud to share my 2024 journey on @Hacker0x01! 21 vulnerabilities reported, specializing in Out-of-bounds Write issues. July was my power month with 9 new findings! Special thanks to the amazing #h1community for all the support. #BugBounty #HackerOne

@chain00x 又要发了

开始学习区块链安全 web3 bug bounty I'm coming!

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit googleprojectzero.blogspot.com/2024/12/qualco…

My first vuln about the Bootloader.

@eternalsakura13 @btiszka @__R0ng @gzobqq @pwn_expoit 恭迎

@btiszka @__R0ng @gzobqq @pwn_expoit Just had a new idea. Let me try it. :)

@Y1nKoc Cool

I'm so glad that our paper has been officially accepted by CCS2024. It’s a long journey. Through this paper, I have received complete research training from proposing research ideas to writing paper. I am so grateful for my collaborators and advisor. I learned a lot from them!

@candyyyy1080091 @AabyssZG 典😅

@AabyssZG windows开机登录密码很好破，用U盘启动PE找个工具就行了

【情报】搜狗输入法简单绕过Windows锁屏机制🚨 搜狗输入法可绕过Window是锁屏，根据内部群群友反馈，该方法目前仍然有效，且Win11复现成功😆 部分群友反馈，有些输入法存在“游戏中心”，有些输入法不存在，应该是版本问题🧐 但不需要太担心，该漏洞利用场景有限😂

CVE-2024-31317: execute arbitrary code as any app on a device rtx.meta.security/exploitation/2… Technical blog post by Tom Hebb #android #cybersecurity

@OriginalSicksec @Hacker0x01 Nice notion template

Here are the stats in @Hacker0x01 for this month. Hoping for improvement in August. Happy hacking, everyone!

@Y1nKoc 牛逼

It's my first CVE in Apple!

@limeSec_ no one but you

Who can find 7-8 vulnerabilities a week?

@cjybyjk 恭喜，哪个部门

好耶~

@0xsithi Cool

permanent denial-of-service vulnerability on android 15 beta (already reported and confirmed, will share more info + PoC when it's fixed!)

@Ch0pin Cool

we are rolling...

@1ce0ear Cool

Arb R/W, thanks to signalfd again XD

@5unKn0wn Congrats! I want to know the vuln locate which part of the bootloader?

I've reported several bootloader vulnerabilities to Samsung, and these were patched last June

@Yogehi @defcon @040xZx Cool

Yay @defcon Talk Yay with @040xZx about our Xiaomi #pwn2own "experience" #DEFCON32 #DEFCON

When I wanted to test ATF, I found that I couldn't find any convenient tutorials, so I shared my tutorial. ioo0s.art/2024/05/03/ATF…