Rick de Jager

I'm happy to announce that I just wrote my first tethered jailbreak! ... for a VTech phone. I'm still counting it as a win 🙃

Meet our #DCTF26 speaker Rick de Jager (@rdjgr )! He will present "𝐙𝐞𝐫𝐨 𝐭𝐨 𝐑𝐂𝐄 𝐢𝐧 𝐚 𝐖𝐞𝐞𝐤𝐞𝐧𝐝: 𝐅𝐮𝐳𝐳𝐢𝐧𝐠 𝐎𝐥𝐝 𝐆𝐚𝐦𝐞𝐬 𝐟𝐨𝐫 𝐌𝐞𝐦𝐨𝐫𝐲 𝐂𝐨𝐫𝐫𝐮𝐩𝐭𝐢𝐨𝐧." Mid-2000s videogames are a great target for finding RCE exploits. In this talk we'll pick a classic 2000's game, go over the process of fuzzing the game's server with a very fancy snapshot fuzzer, and fuzzing the client with the dumbest possible bit-flipper I could write in an hour. Both of these approaches lead to bugs that we'll exploit for remote code execution. Free registration: events.dragonsec.si/dctf26/

@LiveOverflow @_mixy1 If FIFA allowed robot players, and 99% of accomplished soccer players said "we hate this, this ruins our sport", would we all go "this is just what the the word 'soccer' means now"? The community gets some say in what the word "CTF" means. And nearly noone there enjoys AI v. AI.

@rdjgr @DistrictCon Can confirm we have never seen RCT played like that before!

Some stuff that we ended up scrapping for time: - We were initially going to run the slides in RCT. We actually had working code for this, but dropped it in favor of the Doom demo. - The fuzzer actually had a screenshot mode to generate a timelapse of all the maps it's generating

We (@arctic0x78 and I) ended up winning best meme target for this! Many thanks to the Junkyard crew for running the competition. It's such a cool concept and I really enjoyed all the unhinged exploits people came up with!

May I present to you; a full copy of doom, running inside of a Rollercoaster Tycoon 1 save game exploit ✨ Thanks for everyone that came to check out our @DistrictCon Junkyard talk! We had a lot of fun putting it together. (check the thread for slides / exploit)

Collision! PHP Hooligans / @midnightbluelab targeted the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add-on, hitting a full collision on a two-bug chain, earning $20,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto

@bl4sty Any time boss 🫡, just don't tell @vectors2final

I asked @rdjgr to forge a signature for me and this is what he came up with smh

We are announcing the results of ICC TOKYO 2025! The overall rankings are: 1st place - TEAM EUROPE, 2nd place - TEAM ASIA, and 3rd place - US CYBER TEAM! The winner of Jeopardy was TEAM EUROPE, and the winner of A&D was EUROPE! #icctokyo2025

We have another collision. The PHP Hooligans did exploit the QNAP TS-453E, but the bug they used was previously seen in the contest. They still earn $10,000 and 2 Master of Pwn points. #Pwn2Own

We have another collision. The PHP Hooligans used a buffer overflow to exploit the Phillips Hue Bridge, but the bug had been previously seen in the contest. They still earn $10,000 and 2 Master of Pwn points. #Pwn2Own

Confirmed! The PHP Hooligans used an OOB Write bug to exploit the Canon imageCLASS MF654Cdw printer. Their fifth round win earns them $10,000 and 2 Master of Pwn points. #Pwn2Own

Writing an exploit? 3 days. Getting a hold of a security contact? 50 days and counting. Dropping a PoC in a random support ticket to meet the Junkyard deadline? Priceless. ✨

[ZDI-25-711|CVE-2025-8320] (Pwn2Own) Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability (CVSS 8.8; Credit: PHP Hooligans) zerodayinitiative.com/advisories/ZDI…

🌪️ Tapping into the past @typhooncon with @rdjgr & Carlo Meijer’s RCE via Fax Machine!

We'd like to thank the speaker who will be presenting at BSides Tokyo 2025! Speaker: Rick de Jager & Carlo Meijer Title: Dialing into the Past: RCE via the Fax Machine – Because Why Not?

... and the podium for m0leCon Finals CTF! Congratulations! 🚩

We’re delighted to welcome @rdjgr & Carlo Meijer to #TyphoonCon2025! 🎤🔥 Be sure to join us in Seoul on May 29-30 for their amazing talk! 🔗 typhooncon.com/agenda

@h0mbre_ yeah I hope they either expand the attack surface to include userspace privesc or significantly increase payouts. $10-20K for a non-userns kernel bug feels pretty low compared to IoT and automotive bounties.

the Ubuntu unprivileged namespaces restrictions will surely make Pwn2Own more difficult this year, right? thats a large attack surface reduction.