@ga1ois Ouch.. that sucks. A series of unfortunate events, but it doesnt take anything away from the research put into it. Not even 1 bit, nor that 1 bit ❤️🩹
English
yongchuank
381 posts
yongchuank
@yongchuank
Security researcher @pixiepointsec | @yongchuank.bsky.social
Katılım Ekim 2014
273 Takip Edilen611 Takipçiler
[4]and our competition was scheduled as the first one in the morning right after Ascension Day so we can’t buy mbp to confirm right before the competition. All these occasional randoms must be accurately met in the same time to lead us fail. But it happened.God throw dice really?
Tao Yan@ga1ois
[3] The real life exploit is consist of a bunch of really occasional randoms: hardware changed the fixed software offset; receiving the hardware specification from p2o in the airport leading us can’t buy it at home; arriving at Berlin on Ascension Day and nowhere sell MacBook;
English
@SudoR00tMe @offensive_con Why? Its a painkiller! Speedy recovery, mate
English
@SudoR00tMe @offensive_con Ouch.. stay safe! Psst.. i hear beer and bratwurst helps in recovering 😉
English
Got into a minor accident with 18 stitches in Berlin. But thanks to good host @offensive_con and good friends, I feel better 👍
English
If u’re still on the fence, @Cloudlldb and team is awesome to work with!
English
This team never rest... :) And yes, 2026 will be great too bc @Cloudlldb is already all set for Lunar New Year (#0day债不过年)
PixiePoint Security@pixiepointsec
9% into 2026 and look what @cloudlldb already have... :)
English
All I want for x'mas is to read more awesome blog posts... Oh wait, x'mas came early; @flyingpassword doing a RCA on CVE-2025-29970!
PixiePoint Security@pixiepointsec
What better way to get into x'mas vibes than @flyingpassword dropping a BFS n-day (CVE-2025-29970) blog post! (Santa would approve :)) Merry X-mas! pixiepointsecurity.com/blog/nday-cve-…
English
Can't help being impressed when @voix44er casually says he found some bugs, and shortly after, "ok, i've got stable rce... let's go for it" 😂
PixiePoint Security@pixiepointsec
And... hot on the heels will be @voix44er attempting the Philips Hue Bridge this week! All the best and have fun!
English
When you asked if printing and pasting @pixiepointsec stickers randomly is a good marketing stunt, @voix44er says "waaaiiit a min, i have other (easier!) ideas on Wolfbox EV charger....." :) Personally I really enjoyed this post. Great work!
x.com/pixiepointsec/…
PixiePoint Security@pixiepointsec
If u think that Windows research is all we do, think again! In our first IOT blog, @voix44er details the Wolfbox EV charger setup, attack surface, his #Pwn2Own Automotive 2025 bug, exploitation, and best of all, displaying our name on it (in styleee...)! pixiepointsecurity.com/blog/pwn2own-2…
English
yongchuank retweetledi
My next training will be at POC later this year @POC_Crew
An opportunity to become an exploit developer ⚒️ 💻🔥
x.com/POC_Crew/statu…
POC_Crew@POC_Crew
🧠 [POC2025] TRAINING Windows Kernel Exploitation: Becoming an "Advanced" Exploit Developer by Cedric Halbronn (@saidelike) 📅 Nov 10-12 (3 days) 📍 Four Seasons Hotel Seoul, South Korea 🔗 More info #training" target="_blank" rel="nofollow noopener">powerofcommunity.net/#training
#POC2025 English
yongchuank retweetledi
📣 Exciting opportunity in our iOS team for a Senior Vulnerability Researcher with experience in Apple platforms.
Remote or office based.
jobs.gohire.io/interrupt-labs…
English
yongchuank retweetledi
Happy Friday! Our intern, @__neverm0r_ , discovered and reported a NPD due to race-condition in afd.sys. Wasn’t assigned a cve doesn’t mean it’s less interesting, right!?
pixiepointsecurity.com/blog/advisory-…
English
What better way to unwind for the week than to read about a afd.sys bug!? (Ok, maybe a cold beer is a close 2nd ;)) Good find, @__neverm0r_ !
PixiePoint Security@pixiepointsec
Happy Friday! Our intern, @__neverm0r_ , discovered and reported a NPD due to race-condition in afd.sys. Wasn’t assigned a cve doesn’t mean it’s less interesting, right!? pixiepointsecurity.com/blog/advisory-…
English
yongchuank retweetledi
The video for my talk at @offensive_con with @saidelike is out! It was an absolute pleasure working with Cedric on this dream of mine!
youtu.be/goEb7eKj660
YouTube
offensivecon@offensive_con
#OffensiveCon25 videos are now up! youtube.com/playlist?list=…
English
Very nice to come back again to Pwn2Own this year at Berlin, great job @le_douds. Time to get some rest : )
TrendAI Zero Day Initiative@thezdi
Excellent! Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) from Palo Alto Networks used an Out-of-Bounds Write to exploit #Mozilla Firefox. They earn $50,000 and 5 Master of Pwn points. #Pwn2Own #P2OBerlin
English
English
Our talk "Dark Corners: How a Failed Patch Left VMware ESXi VM Escapes Open for Two Years" has been accepted by BlackHat USA 2025!
Super excited to present this work with @0x140ce and @ezrak1e. See you at #BHUSA! @BlackHatEvents
#dark-corners-how-a-failed-patch-left-vmware-esxi-vm-escapes-open-for-two-years-45785" target="_blank" rel="nofollow noopener">blackhat.com/us-25/briefing…
English
Being co-worker with @_jaelkoh means I had a sneak peak to his part of the topic. Besides the technical details, there is also the emotional journey that lead to finding these bugs that most offensive security researchers could relate to. Definitely, imho, an interesting talk!
PixiePoint Security@pixiepointsec
Proud to see @_jaelkoh (with @saidelike) talking about undocumented internals of KTM, the bugs and exploits in 'Hunting for Overlooked Cookies in Windows 11 KTM and Baking Exploits for Them'. No ovens required for this recipe!
English
yongchuank retweetledi
Unfortunate, but still a good showing! 🫡
TrendAI Zero Day Initiative@thezdi
Confirmed (with a collision)! Rafal Goryl of PixiePoint Security used a 2 bug chain to exploit the WOLFBOX Level 2 EV Charger, but one of the bugs was previously known. He earns himself $18,750 and 3.75 Master of Pwn points. #P2OAuto
English
Congrats @voix44er ! And its true; winning entries often make it look easy, but what is not displayed is the time and effort, often outside work-hrs, to research. So to all who attempted, no matter winning or not, well done!
PixiePoint Security@pixiepointsec
Annnddd... the odds ARE in your favor! Congrats @voix44er ! This result is just the cherry on the cake. Regardless of what it may be, what we don't see is the dedication and hard work put into the research.. 💪💪💪
English