Luật Nguyễn

@tuedenn hehe

@l4wio Chúc mừng anh 🥳🔥🙏

Just hit OffSec cert 14/18 today. What a journey - getting to learn across the whole scene: red, blue, purple, each taught me something I didn't know I needed. Would love to take on OSEE next...🙌

Blog for ToolShell Disclaimer: The content of this blog is provided for educational and informational purposes only. blog.viettelcybersecurity.com/sharepoint-too… #SharePoint #ToolShell

@ryotkak @metabugbounty おめでとう 🥂

Got the Most Impact award at the Meta's Bug Bounty Researcher Conference in Tokyo! Thank you so much @metabugbounty team and everyone who attended the event! #MBBRC2025

🚨HTTP Request Smuggling in lua-nginx-module!🚨 This affects major proxies like Kong GW, OpenResty, Apache APISIX and many more👀 Check it out: benasin.space/2025/03/18/Ope… Big thanks to @albinowax for his awesome research and for answering all my questions! #bugbounty #bugbountytips

@Benasin3 zui vậy Khang

This is my first time attending AWC and I'm so grateful to be able to surround myself with talented and amazing hackers!

How we escalated a DOM XSS to a 1-click ATO for $8000 thefrogsec.github.io/2024/04/06/How… We finally have the permission to publish this blog post. Hope you guys will enjoy reading it! 😄 @Benasin3 @LongShrimp0812 #bugbountytips #FrogSecTeam #BugBounty @Hacker0x01 #TogetherWeHitHarder

I can't believe so many people are sleeping on this research: code-white.com/blog/leaking-o… Code White again smashes it out of the park with their meticulous knowledge of software stacks. I have so much respect for them publishing this. Nice work, @mwulftange!

I published an article about the DOM-based race condition, which was the solution for the challenge that I posted 3 weeks ago. blog.ryotak.net/post/dom-based…

Fuzzilli (github.com/googleprojectz…), the great coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language built by @5aelo, is finally documented in a paper. You can find the paper at ndss-symposium.org/ndss-paper/fuz…

it might be useful

@shhnjk good luck senpai

Today was my last day at Microsoft. Learned a lot of stuff from great folks! Off to a new challenge next week!

The slide of my talk today `The Hidden RCE Surfaces That Control the Droids` is now available at speakerdeck.com/flankerhqd/the… and relevant pocs/fuzzing harness/scripts has been uploaded to github: github.com/flankerhqd/ven… #BHASIA @BlackHatEvents

1/10 - I've been doing offensive security source code review for a long time now, and along the way I've learnt a lot of lessons that can make you more effective. Some of them include:

Great blog post looking at attacking MMIO ranges to turn out-of-bounds reads into something more than DOS. We'd love to see other research in this area as well! msrc-blog.microsoft.com/2022/03/22/exp…

me: can we have a %n? mom: we have %n at home %n at home: ${jdni:ldap://127.0.0.1}

I published an article about vulnerability in Deno's registry that could allow tampering of Deno modules including Deno's install scripts. blog.ryotak.me/post/deno-regi…

@0vercl0k good luck senpai

In the hands of the demo gods 😬

An attack vector in xmlsec and exploiting it on PingFederate. blog.tint0.com/2021/09/pingin…