splitline 👁️🐈‍⬛

346 posts

splitline 👁️🐈‍⬛

@_splitline_

友民党 / CTF with ${cYsTiCk} / @D3VC0R3 / Tâi-gí, zh-TW, en-US, es-PY / 🐈‍⬛

Tsu-lô-Kuān, Formosa Katılım Temmuz 2019

599 Takip Edilen1.8K Takipçiler

splitline 👁️🐈‍⬛ retweetledi

TrendAI Zero Day Initiative@thezdi·1d

That's a wrap on Pwn2Own Berlin 2026! 🏆 $1,298,250 awarded. 47 unique 0-days. 3 days of absolute chaos. And talk about main character energy - congrats to DEVCORE for claiming Master of Pwn with 50.5 points and $505,000 - they never slowed down. See you next year! #Pwn2Own #P2OBerlin

English

624

43.5K

splitline 👁️🐈‍⬛@_splitline_·1d

TrendAI Zero Day Initiative@thezdi

Booyah it's been confirmed! 🎉 splitline (@_splitline_) of DEVCORE Research Team chained 2 bugs to exploit Microsoft SharePoint, earning $100,000 and 10 Master of Pwn points. Massive aura farming this year at #P2OBerlin. Full win! #Pwn2Own

ZXX

152

13.4K

splitline 👁️🐈‍⬛@_splitline_·4d

pure logic bug chain to pwn browser no memory corruption found without AI assistance 🍊 is built different omg

TrendAI Zero Day Initiative@thezdi

Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin

English

7.2K

splitline 👁️🐈‍⬛ retweetledi

HexRabbit@h3xr4bb1t·8 May

Honestly, with a little LLM help, I found variants, built a working PoC, and sent a polished patch to maintainer on the same day CopyFail dropped. So I’m curious why Xint didn’t find those variants before disclosure, assuming AI tools are used heavily in their workflow👀 Disclaimer: I’m an independent reporter and the patch author of the xfrm-ESP vulnerability, unrelated to the Dirty Frag post.

V4bel@v4bel

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io

English

111

26K

splitline 👁️🐈‍⬛@_splitline_·8 May

@_L4ys escape the matrix

Español

554

L4ys@_L4ys·7 May

0days doesn't seem cool enough anymore. what should real hackers be doing now?

English

131

43.1K

splitline 👁️🐈‍⬛@_splitline_·28 Nis

is there any cool non-frontend web ctf challenges this year that aren't llm-solvable 👀

English

692

splitline 👁️🐈‍⬛@_splitline_·12 Nis

@yuzhinok Three hundred and three

English

172

Yuzhin 🇸🇬@yuzhinok·11 Nis

WHAT IS THAT WHAT THE HELL IS THAT

惜云 ☁️@tokkibaery

me when trying to read a storybook in chinese: just opened page one and already lost. they said this is for children. so if i don't understand a thing… what does that make me? a very confused toddler? 🥲

English

425

42K

splitline 👁️🐈‍⬛@_splitline_·28 Mar

@guttapercha80 @MeeRebus11 @danieleskay However the traditional international name for this island is Formosa, while the ethnic name used by Hokkien-speaking ppl on the island is Taiwan. Yes, even in many Indigenous langs. For example, Amis, which you mentioned we are also called taywan Historical issue is complicated

English

145

GP size 80@guttapercha80·28 Mar

@MeeRebus11 @danieleskay This is why even I don’t agree that they call Hokkien as ‘Taiwanese language’ It should had always been the aboriginal languages (Paiwan, Rukai, Amis etc)

English

2.6K

Cerlong Paceroh@MeeRebus11·28 Mar

Taiwan is an example of settler colonialism not by europeans but by asians themselves.

Ted@ted_huang

"Because of the overwhelming dominance of Mandarin Chinese since 1949, nearly all Formosan (Austronesian) languages are currently experiencing a decline in the number of proficient speakers, a loss of language skills and the erosion of linguistic structures."

English

218

1.9K

59.7K

splitline 👁️🐈‍⬛ retweetledi

slonser@slonser_·9 Mar

And this makes sense given how many CTFs are held per year. However, the ideal CTF challenge, in my opinion, should follow this formula: "The author conducted a mini-research project and instead of publishing it, turned it into a challenge."

English

127

14.1K

splitline 👁️🐈‍⬛ retweetledi

LiveOverflow 🔴@LiveOverflow·2 Mar

What I’ve always found amazing about CTFs is that "flag is flag". Whether you found an unintentional solve or pwned the browser with n-day for a XSS challenge, it didn't matter. I totally get the frustration of AI, but there is no solution other than accepting the change.

siunam@siunam321

I started playing CTFs in 2022, and LLMs definitely changed the **competitive** CTF scene a lot, especially since mid-2025. I also started using LLMs in late 2025. Yes, those models did one-shot many challenges, but what's the fun of slopping them? I learned absolutely nothing 🥲

English

446

69.3K

splitline 👁️🐈‍⬛ retweetledi

dimden@dimden·28 Oca

ZXX

781

7.3K

269.3K

splitline 👁️🐈‍⬛ retweetledi

maple3142@maple3142·5 Ara

A POC for CVE-2025-55182 gist.github.com/maple3142/48bc…

English

430

549.2K

splitline 👁️🐈‍⬛ retweetledi

Pumpkin 🎃@u1f383·26 Haz

A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/06/…

English

110

387

40.5K

splitline 👁️🐈‍⬛ retweetledi

NiNi@terrynini38514·12 Şub

The blog post is the full version of my talk at 38c3. It's about some vulnerabilities we found in libarchive and some interesting behaviors of libarchive that you don't want to miss. My favorite part is it only took us 56 seconds to trigger a crash by AFL++.

DEVCORE@d3vc0r3

Our latest deep dive explores libarchive vulnerabilities under recent Windows 11 updates. 🔍🔓 Check out NiNi's (@terrynini38514) technical write-up for key insights and security implications. Read more here: devco.re/blog/2025/02/1… #VulnerabilityResearch #Cybersecurity

English

14.1K

splitline 👁️🐈‍⬛ retweetledi

Renwa@RenwaX23·11 Şub

@dicegangctf @strellic This is just a rumor to make themselves feel better, CTFers doesn't have life and probably all single

English

2.1K

splitline 👁️🐈‍⬛ retweetledi

DEVCORE@d3vc0r3·5 Şub

🤘Congrats Orange(@orange_8361) and Splitline(@_splitline_) on making it to 2024 Top 10 Web Hacking Techniques! Check out their groundbreaking research: portswigger.net/research/top-1…

English

2.6K

splitline 👁️🐈‍⬛@_splitline_·26 Ara

I will drop one web challenge there 🐈‍⬛

ASIS-CTF@ASIS_CTF

🚨 Brace yourselves, hackers! 🚨 The #ASIS #CTF Finals 2024 are coming on December 28th! 💥 24 hours of non-stop hacking with mind-bending challenges that will push your limits. 🧠 Prepare for a thrilling ride - this is gonna be epic! #ASISCTF #CTF #Hacking

English

splitline 👁️🐈‍⬛@_splitline_·18 Ara

@TalBeerySec @orange_8361 @BlackHatEvents I read that before, it was quite interesting! You’re right. Unicode normalization has always been a security concern, but I wouldn’t call it the core issue here. For me the root cause is still “Best-fit”. Unicode normalization is more of a broad bug category, like “injection”

English

229

Tal Be'ery@TalBeerySec·18 Ara

@orange_8361 @BlackHatEvents @_splitline_ Do you know this work presented by Microsoft's Jonathan Birch @BlackHatEvents 2019? i.blackhat.com/USA-19/Thursda… Seems like the same(?) core issue applied to a different attack surface

English

981

Orange Tsai 🍊@orange_8361·11 Ara

Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit for early access and the slides! Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! 🐈‍

English

221

781

170.9K

splitline 👁️🐈‍⬛@_splitline_·18 Ara

🍊 pumped my followers to 1k

English

1.7K

splitline 👁️🐈‍⬛@_splitline_·11 Ara

Our hackathon for that website Worst.Fit was done successfully 🥰

Orange Tsai 🍊@orange_8361

English

3.6K

Keşfet

@_L4ys @yuzhinok @guttapercha80 @MeeRebus11 @danieleskay @dicegangctf @strellic @orange_8361