Jerold Camacho

🏴‍☠️ I can finally share a VMware 0day I discovered that led to CVE-2026-41702 (LPE as root). Funny enough, I found the bug in my hotel room after the second day of attending Csaba Fitzl (@theevilbit) & Gergely Kalman (@gergely_kalman) training at Zer0con. therealcoiffeur.com/c111000.html

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

I spoke about hacking meeting room hardware at the DEF CON Singapore C517 Village! Full blogpost: spaceraccoon.dev/discovering-vu…

I found a remote code execution on the latest TP-Link Tapo webcam models! The path to code execution wasn't direct and involved an interesting chain (3 CVEs). Check out my blogpost for more details! spaceraccoon.dev/getting-shell-…

Congratulations to Fuzzware.io, the Master of Pwn 2026, and to all researchers who turned innovation into impact. #P2OAuto #Pwn2OwnAutomotive2026 @ScepticCtf @diff_fusion @SeTcbPrivilege

Big giveaway. - (x3) Certified Red Team Expert (CRTE) - (x3) Certified by Altered Security Red Team Professional for Azure (CARTP) - (x10) Malware Analysis for Hedgehogs Bundle CTRE and CARTP sponsored by @nikhil_mitt Malware Analysis sponsored by @struppigel Leave a comment below on what you'd like. Winners chosen in 24 hours.

@vxunderground @nikhil_mitt @struppigel CRTE

@vxunderground @cyberwarfarelab i heard weapon

Hello. I have partnered with @cyberwarfarelab to give away FOUR HUNDRED (400) vouchers to their Infinity Learning Pro Plan. This is worth $119,600. - 130+ hands-on labs, including advanced attack chains - Unlimited challenge time - Monthly new challenges & scenario updates - Leaderboards for nerds - ??? This is a massive giveaway. How to enter: 1. You NEED a Gmail account. IF YOU ARE SELECTED AS A WINNER authentication is performed via Gmail. It does NOT have to be your real Gmail. It can be a disposable email. However, if you DO NOT have a Gmail you WILL NOT be able to authenticate. 2. This is a pit of doom. You're all fighting. Leave a comment below with an IMAGE of your SILLIEST weapon of choice. 3. This giveaway will be active for the next 48 hours (unless I get bored). It is November 30th, 2025. If you comment AFTER December 2nd, 2025 then you're a big stinky nerd. You have missed the pit of doom. 4. Winners will notified by me commenting your comment. If you do not respond to the DM within 24 hours (if you're selected) you forfeit your win and someone else is chosen. PAY ATTENTION. Good luck in the pit of doom. Have fun. I expect lots of laughs from the silliness. Cheers,

@vxunderground @cyberwarfarelab cats

Giveaway time. Our friends at @cyberwarfarelab have gifted us AIO (All In One) Access to ALL of their courses for TWO PEOPLE You'll have access to the following courses (including labs). It is a lot. You're not expected to complete everything. This is valued at over $11,000. If you're gifted this you're expected to actually do something and not be a bum. This is a life changing giveaway. If you win this giveaway, bucked up, and lock in, you could be big brain real fast. Don't squander this. How to enter: - Leave a comment - ??? - I like cats Red Teaming: - Web Red Team Analyst [Web-RTA] - Active Directory Red Team Specialist [AD-RTS] - Enterprise Lateral Movement Specialist [CELMS] - Red Team Analyst [CRTA] - Red Team Specialist [CRTS V2] - Red Team Infra Dev [CRT-ID] - Stealth Cyber Operator [CSCO] Blue Teaming: - Blue Team Fundamentals [BTF] - Cyber Defence Analyst [CCDA] Purple Teaming: - Purple Teaming Fundamentals-C-Edition - Process Injection Analyst [CPIA] - Purple Team Analyst [CPTA V2] Cloud Security: - Multi-Cloud Red Team Analyst [MCRTA] - Hybrid Multi-Cloud Red Team Specialist [CHMRTS] - Google Cloud Red Team Specialist [CGRTS] - AWS Cloud Red Team Specialist [CARTS] - Multi-Cloud Blue Team Analyst [MCBTA] Ethical Hacking (Introduction courses): - Cyber Security Analyst [C3SA] - Certified Cyber Security Engineer [CCSE] Evasion & Exploitation: - Red Team – CredOps Infiltrator [CRT-COI] - Enterprise Sec. Controls Attack Specialist [CESC-AS] - Windows Internals Red Team Operator [CWI-RTO] - Certified Exploit Development Professional [CEDP] DevOps: - Certified DevOps Red Team Analyst (DO-RTA) Kubernetes Security: - K8s Red Team Analyst (K8s-RTA)

@NahamSec @_JohnHammond @BuildHackSecure @hackinghub_io 🥳

Final giveaway for Black Friday! I'll pick two hackers to gift free access to all of our courses by @_JohnHammond, myself and @BuildHackSecure on @hackinghub_io! - Drop a comment & RT to enter You can also purchase them here: The Hackers Arsenal: hhub.io/ArsenalBundle2… Bug Bounty Essentials: hhub.io/BugBountyBundl…

Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer by Nguyên Đăng Nguyên & Manzel Seet & Amos Ng starlabs.sg/blog/2025/11-b…

At #Pwn2Own2025, our experts @Tek_7987 & @_Anyfun remotely compromised a Synology Beestation Plus via a pre-auth exploit, leading to full system takeover. The vuln is now tracked as CVE-2025-12686 🔍 🔗 Full write-up: synacktiv.com/en/publication…

Black Friday Giveaway & Exclusive Discounts Win FREE access to: • 1 CRTE seat • 1 CETP seat How to participate: 1️⃣ Like this post 2️⃣ Comment which course you’re interested in and why 3️⃣ Repost Winners will be randomly selected and announced on December 2, 2025. Those who’ve already availed the Black Friday offer are still eligible! Black Friday Sale is LIVE: • Up to 25% OFF Red Team Labs & Bootcamps • Up to 15% OFF AltSecCON 2025 tickets Grab your offer today: alteredsecurity.com/online-labs #BlackFriday #Giveaway #RedTeam #CyberSecurity #CRTE #CETP #AlteredSecurity

@AlteredSecurity CRTE because I already have the CRTP certification, and I want to continue learning about AD, better understand the threats, and practice attacks against modern Windows infrastructure.

ALWAYS GET ASKED: How do I get started in IoT pentesting? My main suggestion: pick a cheap device, open it up, and explore. You can just hack stuff! I'm doing a FREE mini course on IoT pentesting basics. First up: device teardowns & debug interface hunting brownfinesecurity.com/blog/iot-pente…

✅ #SPIRITCYBER25 has come to a successful close!   👏 Big shoutout to everyone who participated and congrats to our Top 6 teams once again - your findings have helped advanced Singapore’s cyber resilience. 1️⃣ zamny zamn zamn: @elma_ios, @sunsh1nefact0ry, @junr0n 2️⃣ NullIoT: @bytehx343 @0xakm, @mgthura404 3️⃣ Obsidian Ghost Protocol: @spaceraccoonsec, Zhong Liang, Azer 4️⃣ Peenoise: @shipcod3, @jeroldcamacho, @japzdivino 5️⃣ saltedeggchicken: @Sn0rkY, Cher Boon Sim, @nbuzydebat  6️⃣ Testalways: @testalways

🇸🇬 Big week for @yeswehack at #SICW2025! The #SPIRITCYBER25 Hackathon will see 6 elite teams competing live on 22–23 Oct to strengthen Singapore’s critical #IoT systems. 🏆 From 30+ teams which participated in the 4-week qualifiers, these top hunters have earned their spot in the finals: 🔹zamny zamn zamn: @elma_ios, @sunsh1nefact0ry, @junr0n 🔹Obsidian Ghost Protocol: @spaceraccoonsec, Zhong Liang Ou-Yang, Azer WHR 🔹Peenoise: @shipcod3, @jeroldcamacho, @japzdivino 🔹Testalways: @testalways 🔹NullIoT: @bytehx343 @0xakm, @mgthura404 🔹saltedeggchicken: @Sn0rkY, Cher Boon Sim, @nbuzydebat

Team "Peenoise" with @shipcod3 @jeroldcamacho We just got a reward for a high vulnerability submitted on @yeswehack -- OS Command Injection (CWE-78). yeswehack.com/hunters/japzdi… #YesWeRHackers #SPIRITCYBER25 #CSA

Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984) dgl.cx/2025/10/bash-a…

I have released the first half of "Binary Exploitation 101", a beginner-friendly guide to binary exploitation. You can learn from classic buffer overflow to ret2dlresolve through CTF-like challenges. I am working on the second half now. Stay tuned🔥 r1ru.github.io/categories/bin…