P1umer

64 posts

P1umer

@p1umer

🌐 Security Researcher | 🤖 AI Enthusiast | 🎙️ BlackHat ASIA/EU/USA. 𝕏s are my own.

Katılım Kasım 2018

418 Takip Edilen851 Takipçiler

Sabitlenmiş Tweet

P1umer@p1umer·13 Ağu

Our #BHUSA talk — Tool Part 1/3: Instead of fighting QL syntax, we let LLMs relax official queries by removing conservative pruning. github.com/P1umer/QL-Relax

English

1.6K

P1umer retweetledi

Samuel Groß@5aelo·24 Kas

I've uploaded the slides of my recent talk "JS Engine Security in 2025": saelo.github.io/presentations/…. I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides). Thanks for the fantastic conference @POC_Crew!

English

223

19.8K

P1umer retweetledi

Team Atlanta@TeamAtlanta24·20 Ağu

🔎 How do sink-aware fuzzing + LLMs uncover Java vulns under pressure? See how Atlantis-Java did it. 👉 team-atlanta.github.io/blog/post-crs-… #AIxCC #Cybersecurity #CTF #AI #LLM #GenAI #AICyberChallenge #DARPA #DEFCON #Security #Vulnerability

English

2.1K

P1umer retweetledi

Caleb Gross@noperator·13 Ağu

icymi: CodeQL can now scan C/C++ without needing to build 🙌 github.blog/changelog/2025…

English

2.6K

P1umer retweetledi

Team Atlanta@TeamAtlanta24·14 Ağu

New blog out now! We’re answering the top questions from the DEFCON audience and sharing the behind-the-scenes story of our victory. team-atlanta.github.io/blog/post-afc/ #AIxCC

English

5.8K

P1umer retweetledi

Leandro Barragan@lean0x2f·13 Ağu

"AI Agents for Offsec with Zero False Positives" by @moyix, a journey on how we managed to get 0 FPs with XBOW. You can find the slides for his BH talk here: cdn.prod.website-files.com/686c11d5bee015…

English

247

24.2K

P1umer@p1umer·1 Nis

@darkfloyd1014 innie only need to work

English

Mr. Anthony 安東尼@darkfloyd1014·1 Nis

@p1umer Probably we are victims 🥂

English

Mr. Anthony 安東尼@darkfloyd1014·1 Nis

Acknowledged by Apple without CVE and bounty @wwkenwong

English

760

P1umer@p1umer·1 Nis

@darkfloyd1014 enjoying the same ‘nobounty’ WiFi🤣

English

Mr. Anthony 安東尼@darkfloyd1014·1 Nis

@p1umer we are neighbour lol

English

223

P1umer retweetledi

Sebastian Lekies@slekies·18 Oca

Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT security.googleblog.com/2025/01/osv-sc…

English

210

14.8K

P1umer@p1umer·6 Kas

@xvonfers 🍻

QME

216

xvonfers@xvonfers·6 Kas

Some of the best presentations about browsers, great talk about WASM/WASM-To-JS internals, bug hunting and exploitation. Many thanks to all the speakers, I recommend them to study!

P4nda@P4nda20371774

Our slides about WASM bugs in browsers are now available. Thanks to everyone who helped with the talk.🫡 Hope we can do better next time. 1. BH USA 2024: i.blackhat.com/BH-US-24/Prese… 2. GeekCon Shanghai 2024: geekcon.top/js/pdfjs/web/v… cc my partners (@p1umer @xmzyshypnc1 @q1iqF)

English

7.1K

P1umer retweetledi

P4nda@P4nda20371774·5 Kas

P4nda@P4nda20371774

My Chrome RCE bug(CVE-2024-1939) mentioned in our BlackHat USA 2024 talk was public now. More information not mentioned in the issue will be included in our coming soon slide.🧐 So regret unable to attend Blackhat USA and BugSWAT Vegas in person due to some personal reason.😶

English

241

35.9K

P1umer@p1umer·22 Eki

Thanks to @mitchzks for the insight

English

305

P1umer@p1umer·22 Eki

A simple patch could fix it, but maybe afl need to clear up what the post process really means.

English

352

P1umer@p1umer·22 Eki

Maybe there's a potential hiccup with AFL's custom mutator post process design. If the post process happens in `write_to_testcase` and saves the sample afterward, it seems to go against the "before executing the target" guideline in the docs.

English

539

P1umer@p1umer·24 Eyl

@l33d0hyun Good luck

English

285

P1umer retweetledi

Black Hat@BlackHatEvents·12 Haz

During #BHUSA Briefing "Achilles' Heel of JS Engines: Exploiting Modern Browsers During WASM Execution" we will discuss some of the interesting vulnerabilities we found on attack surface of WebAssembly and demonstrate how to exploit them >> bit.ly/3yXSpfD

English

P1umer retweetledi

Samuel Groß@5aelo·7 Haz

Thanks to events like Pwn2Own or our V8CTF (~= exploit bounty program), we now have more data about the types of bugs exploited in V8. Based on that, we've gathered some basic statistics: docs.google.com/document/d/1nj…

English

235

38.6K

P1umer@p1umer·2 Haz

Since returning from BH Asia last year, we have made further progress in the exploiting and eagerly anticipate sharing it with you all #BHUSA #BlackHatEvents

GIF

P4nda@P4nda20371774

Luck enough that our submission was accepted by Black Hat USA 2024 last week. We (@p1umer @xmzyshypnc1 @q1iqF) will share our bug hunting trip in WASM of Modern Browsers. [⛳️] Unlocked BlackHat Asia/USA/Europe and DEFCON during one year finally. #BHUSA @BlackHatEvents

English

2.5K

P1umer retweetledi

DEF CON@defcon·7 May

Thanks to the fine folks at @nautilusinstitute the #defcon32 #ctf quals are in the books - you can read all about it at quals.2024.nautilus.institute. There's also a veritable feast of JSON dumps for the curious. Congrats to the winners, thank you to everyone who suited up and we'll see you in Las Vegas! #defcon

English

15.7K

Keşfet

@POC_Crew @moyix @darkfloyd1014 @wwkenwong @xvonfers @xmzyshypnc1 @q1iqF @l33d0hyun