Lan Vu 🇻🇳

100 posts

Lan Vu 🇻🇳

@lanleft_

she/her | coffee delivery at Qrious Secure @qriousec |

Vietnam شامل ہوئے Eylül 2019

459 فالونگ1.4K فالوورز

Lan Vu 🇻🇳 ری ٹویٹ کیا

Qrious Secure@qriousec·6d

One Repo x Codex/Claude Code/Cursor! by @trichimtrich

Português

8.6K

Lan Vu 🇻🇳@lanleft_·16 Ara

Ye, I just turned a new age 😊

English

1.6K

Lan Vu 🇻🇳 ری ٹویٹ کیا

Toan Pham@__suto·10 Ara

Not a single LLM can correctly explain the root cause even given the crash poc of this bug, let alone talk about how to write the exploit code. Kudo @lanleft_ for her great works! We may publish writeup when it no longer hot.

Qrious Secure@qriousec

@lanleft_ has convinced firefox GC to give her a shell 🤪

English

9.3K

Lan Vu 🇻🇳@lanleft_·10 Ara

ah ha, I made it ☺️

Qrious Secure@qriousec

@lanleft_ has convinced firefox GC to give her a shell 🤪

English

2.9K

Lan Vu 🇻🇳 ری ٹویٹ کیا

pr0cf5@pr0cf51·5 Ara

Last month, I gave a talk at @POC_Crew about ATLANTIS and the tech behind our #AIxCC win. We dove into competition details, using LLMs for deep bug discovery, and what's next for AI in security. github.com/pr0cf5/talks/b…

English

6.5K

Lan Vu 🇻🇳 ری ٹویٹ کیا

cts🌸@gf_256·1 Ara

crazy find at the huawei store

English

131

388

540.5K

Lan Vu 🇻🇳 ری ٹویٹ کیا

Years Progress@YearsProgress·28 Kas

2025 is 91% complete.

English

737

3.7K

107.9K

Lan Vu 🇻🇳 ری ٹویٹ کیا

Toan Pham@__suto·24 Kas

A quick review theses Chrome libAngle issues found by Big Sleep likely from fuzzer output more than AI reasoning, 1 or 2 issues even not exploitable because of libc++ mitigation enabled by default in Chrome. issuetracker.google.com/issues?q=%20co… The fuzzer still producing many crashes: issues.chromium.org/issues?q=angle…

English

3.7K

Lan Vu 🇻🇳@lanleft_·10 Eyl

Can not get a cve from this vulnerability, it’s quite sad 😞 By the way, I’d like to give a huge thanks to my mentor @__suto 😊

Qrious Secure@qriousec

Check out our newest blog about how we took advantage of a WebGPU feature to turn an integer underflow bug into an arbitrary read in Chrome’s WebGPU. This bug was fixed by Google long ago, but our ticket is still restricted. qriousec.github.io/post/oob-angle/ by @lanleft_ + @__suto

English

5.5K

Lan Vu 🇻🇳 ری ٹویٹ کیا

stephen@_tsuro·10 Ağu

If you like Chrome IPC shenanigans like this, you might also enjoy my talk from black hat 25: youtu.be/qhhJCLy0YBA?si…

YouTube

xvonfers@xvonfers

Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… #comment11" target="_blank" rel="nofollow noopener">issues.chromium.org/issues/4125787…

English

225

37.4K

Lan Vu 🇻🇳 ری ٹویٹ کیا

Samuel Groß@5aelo·1 Ağu

We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojectz… It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!

English

294

24.1K

Lan Vu 🇻🇳 ری ٹویٹ کیا

Off-By-One Conference@offbyoneconf·8 May

Singapore - shout it out for Yuki Chen 🤩 !!! Bringing Day 1 of @offbyoneconf 2025 to a explosive end with 𝐀 𝐉𝐨𝐮𝐫𝐧𝐞𝐲 𝐢𝐧𝐭𝐨 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐒𝐮𝐩𝐩𝐨𝐫𝐭 𝐏𝐫𝐨𝐯𝐢𝐝𝐞𝐫 𝐈𝐧𝐭𝐞𝐫𝐟𝐚𝐜𝐞. 🙇🙇🙇

English

11.8K

Lan Vu 🇻🇳 ری ٹویٹ کیا

Qrious Secure@qriousec·9 Oca

A brief JavascriptCore RCE story by @lanleft_ and An Nguyễn qriousec.github.io/post/jsc-unini…

224

20K

Lan Vu 🇻🇳@lanleft_·30 Ara

@bienpnn tysm 🥰

Svenska

130

Bien 🇻🇳@bienpnn·30 Ara

@lanleft_ @tacbliw the point is the book is about exploitation, i'm not talking about finding vuln so please don't downplay yourself. exploiting is an art by itself already

English

194

LiveOverflow 🔴@LiveOverflow·29 Ara

skill issue

solst/ICE of Astarte@IceSolst

This book must be the sole reason millions of people were permanently turned away from the field because of how ridiculously dry it is. Couldn’t get through half a page without passing out in a concussion coma. Almost convinced me to change careers. Beginners: avoid this.

English

1.2K

83.2K

Lan Vu 🇻🇳@lanleft_·30 Ara

@bienpnn @tacbliw no no no, not completely, I've only worked on the exploitation part so far, haven't found any vulnerability by myself yet, might be lack of this fundamenetal knowledge :D

English

139

Bien 🇻🇳@bienpnn·30 Ara

@lanleft_ @tacbliw but now u pwn chrome 👀

English

117

Lan Vu 🇻🇳@lanleft_·30 Ara

@tacbliw My friend gave me this book, I ended up quickly after first chapter and never picked it up again. It still sits untouched on my bookshelf xD

English

115

wildcat@tacbliw·29 Ara

@LiveOverflow For me it was the opposite. I read the first chapter, didn’t understand shit. Encouraged to learn more. Now I do binary exploit for a living, this book is still on my pc desktop to remind me to keep learing more 👀

English

1.1K

Lan Vu 🇻🇳 ری ٹویٹ کیا

Qrious Secure@qriousec·19 Kas