SummoningTeam

[ZDI-26-202|CVE-2025-59389] (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability (CVSS 8.0; Credit: Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)) zerodayinitiative.com/advisories/ZDI…

[ZDI-26-201|CVE-2025-59388] (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability (CVSS 6.3; Credit: Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)) zerodayinitiative.com/advisories/ZDI…

24 hours ago, Veeam released a new version. Naturally - idle hands. inquisitive minds… Disclosure has gone to Veeam, so you can expect details/memes/bad humor in the future 🫡

RomHack Training registration is officially open. Join us in Rome from September 28 to October 1 for six intensive technical tracks led by industry experts: Full details and registration: romhack.training #RomHack2026 #RomHackTraining

REcon Montreal - June 15 to 18 2026 summoning.team

"Advanced .NET Exploitation" will be back with more deserializations and logic bugs at REcon @reconmtl (Early bird tickets) #trainingAdvancedDotNETExploitation" target="_blank" rel="nofollow noopener">recon.cx/2026/en/traini…

🪲 Registration is Open NOW! (@reconmtl) #trainingAdvancedDotNETExploitatio" target="_blank" rel="nofollow noopener">recon.cx/2026/en/traini…

If you like VPN exploits as much as us, you're going to love this course Zeroshi is bringing to @_ringzer0! Marco will walk students into opening up edge devices for research, mapping their attack surface, finding vulns and building full exploit chains. ringzer0.training/countermeasure…

From the bottom of my heart, congrats to the fuzzware.io trio (@ScepticCtf, @diff_fusion, @SeTcbPrivilege) for getting the "Master of Pwn". just so you know, These chaps are God Tier

Verified! @SinSinology of @SummoningTeam targeted the Alpine iLX-F511, exploiting two unique vulnerabilities to gain root access, earning $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

Confirmed! @SinSinology of @SummoningTeam targeted the ChargePoint Home Flex (CPH50-K) with the Charging Connector Protocol/Signal Manipulation add-on, exploiting two bugs to earn $30,000 USD and 5 Master of Pwn points. #Pwn2Own #P2OAuto

Confirmed! @SinSinology of @SummoningTeam targeted the Kenwood DNR1007XR in Round 6, exploiting a command injection vulnerability to earn $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

once again, we've been summoned @SummoningTeam

‼️ Feb edition of "Advanced .NET Exploitation" training is now open for 5 students, this will be in Manchester UK 🇬🇧 signup here: summoning.team

I'm just grateful to continue participating in Pwn2Own - big thanks to @thezdi for me to pursue the independent research 🔥 I'm honored to place 4th as a two-member team among such talented teams - special thanks to my mate @freddo_1337, and congrats to all the other teams🎉 #teamDDOS

For the past 3 years, participating in #Pwn2Own had been a dream for me. I could have never asked for a better debut! All of that would not have been possible without my teammate -and buddy - @kiddo_pwn. His work throughout this time has been outstanding! A huge thanks to all of the organizers and the team of @thezdi and @TrendMicro that put so much effort in every event. You guys are amazing ❤️ Congratulations to all of the the teams and participants, being amongst you has been truly an honor. I would humbly like to say that this has been just the beginning for Team DDOS 🚀 ps: We knew we were gonna succeed in the SOHO Smashup as soon as we checked in our hotel (room: QHora-322) 😬 #teamDDOS

First and foremost, Thank you God for all of this. Second, our eternal respect to the amazing teams @thezdi and @TrendMicro for making this competition possible! Third, thank you to the film crew (blackrabbitint) working with zdi to make all of those great videos of us! Finally, we have prepared a message from all of us @SummoningTeam (@_mccaulay, @Yogehi, @Ch0pin, @hyprdude, and myself).

@TrendMicro thank you to all the folks making and posting these, we love em so much ❤️‍🔥

This is how we imagine @SummoningTeam woke up this morning as the new Masters of Pwn 🏆 If you missed it, here are the 2025 #Pwn2Own Ireland final results: zerodayinitiative.com/blog/2025/10/2…

Confirmed! Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) used a hard-coded cred and an injection to take over the QNAP TS-453E. These unique bugs earn him $20,000 and 4 Master of Pwn points. #Pwn2Own