xchym

Confirmed! Verichains Cyber Force chained two unique bugs - including an auth bypass - to exploit the Synology DS925+ and run code as root. Their work earns them $20,000 and 4 Master of Pwn points. #Pwn2Own

📦 Storage unlocked! Le Trong Phuc & Cao Ngoc Quy of Verichains Cyber Force just cracked the @Synology DS925+ at #Pwn2Own. A brief DNS issues delayed them, but they couldn't be stopped. They're off to the disclosure room to explain what they did. #P2OIreland

Verichains is glad to have helped unveil the root cause behind the largest Web3 hack—$1.4 billion on @Bybit_Official’s Multisig @Safe Wallet! This hack is a strong wake-up call as Web3 security isn’t just about on-chain transactions or smart contracts — it also relies on traditional Web2 components like private keys, frontends, backends, oracle data, etc — which are prone to exploitation & manipulation.

Verichains has released a new security advisory VSA-2022-120, exposing a key extraction vulnerability in Multichain's fastMPC. Kudos to @MultichainOrg for the swift response and bug bounty. Keep an eye out for upcoming advisories on critical attacks targeting popular MPC implementations. blog.verichains.io/p/vsa-2022-120…

We're really happy to share our improvements and some experiments for the CookieMonster tool. Weaponizing Monster for Cookies Attacks: vsrc.vng.com.vn/blog/weaponizi… Also include burp-extender plugin for burp suite. Hope you guys enjoy it. ~Cheers, VSRC

\o/

@snyff use-after-free =]]

You’re on a first date with someone, and they tell you the name of their favorite security bug. You immediately leave. What’s the security bug?

@peternguyen14 super LOL

#OWASP subdomain Web Cache Poisoning Attacks lead to stored XSS :) youtu.be/pkCOsO9o-L4 This site is now closed ?!?

My old presentation from Tradahacking7 Conference - bit.ly/2AiXmyl #26082018 #PracticalSubdomainTakeover #MerryXXXMas #DoggyNewYear

@disclosedh1 @Black2Fan I guess this issue is "web cache poisoning attacks", not a "cache deception attacks" :)

Discourse disclosed a bug submitted by @Black2Fan: hackerone.com/reports/394016 - Bounty: $256 #hackerone #bugbounty

Suddenly, I remembered my old shool hacking trick… maybe it is related to Server-Side RPO ;) #IIS5.x #Over15yearsBug #SSRPO

Fly with #Emirates ;)

#gsec #hitb #2017 #ctf #webblog #thelazyway youtu.be/xlu2rh-5wH4

@phd_phuc lol, not me

Using my oldschool sqlmap tamper script to solve #simplesqlin #0ctf pastebin.com/yCAnv7eu

@mazen160 If you report to DoD, I guess all of them will be marked “dupllicated” =]]

@mazen160 apache struts, I guess =]]

@manhluat93 noob cái nồi :v

Another way to solve #HackNo-Jam web challenge #codegate2016 #Achilles’heel #g4mm4_crawler =]]