freeman @_2freeman
Learn and practice. Joined July 2016-
Tweets312
-
Followers355
-
Following312
-
Likes279
Attacks always get better. Here's a new nginx RCE that bypasses ASLR, tested on the latest nginx 1.30 and 1.31. This still requires a non-default config, but unlike some previous bugs, it does not depend on any additional vulnerabilities or external helpers to get to RCE. We reported the bug on May 15. F5 has confirmed it, and hopefully a patch will land soon. This is getting ridiculous 😅. We have enough nginx bugs to do an entire week of MAD Bugs on it. Who could have thought nginx is starting to feel like the new Linux kernel? This is the funniest time in computer hacking. And yet the world is completely unprepared for this new reality.
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy. ▪️ AI surfaces a massive wave of 0-day RCEs. ▪️ Submissions overwhelm ZDI past max capacity. ▪️ Slots run out. Researchers with working chains get rejected. ▪️ "Revenge disclosures" begin. ← we are here. Confirmed casualties so far: ▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land. ▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla. ▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere. ▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel. ▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected. ▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected. Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in. ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
Linux Kernel Hardening: Ten Years Deep Talk by @kees_cook about the relevance of various Linux kernel vulnerability classes and the mitigations that address them. Video: youtube.com/watch?v=c_NxzS… Slides: static.sched.com/hosted_files/l…
USB提权之旅 vul.360.net/archives/745
I decided to build a Transformer from Scratch...but on a GPU. No PyTorch or TensorFlow. Just CUDA, Python and Numba. Just finished building the full Encoder Block - here's a thread on my progress so far:
This year, our team did a lot of important industry REsearch work. But this BMC research shows literally how poor product security practices are in critical data center infrastructure components. The bugs we found should not exist in 2023 in any environment.
🚨New REsearch: "Old But Gold: The Underestimated Potency of Decades-Old Attacks on BMC Security" ⛓️Our team demonstrates critical security risks affecting the BMC FW supply chain ecosystem that could lead to full remote control of the server system. binarly.io/posts/Old_But_…
An RFC patch series by @tehjh and @_MatteoRizzo for mitigating cross-cache use-after-free attacks. The performance impact is still questionable, but functionality-wise, this would be an exciting change if merged 😃 lore.kernel.org/all/2023091510…
Here is the writeup for CVE-2023-3389, a Use-After-Free on an hrtimer in io_uring, which I exploited for the kCTF VRP qyn.app/posts/CVE-2023…
Yay! My writeup on finding (half) Spectre-v1 gadgets in the Linux kernel using #CodeQL is finally live 😁😁 github.com/google/securit…
RISC-V (@risc_v) Control Flow Integrity (CFI) is coming and I'm proud to be one of the contributors to this important security extension. Full spec is available here: github.com/riscv/riscv-cf…
[Zer0con2023] Jun Luo(De4dcr0w) & Yanfeng Wang giving their talk on Busy2Nice : A New Way to Win the Race for Tiny Windows in the Linux #Zer0con2023
Pixel 7 has KVM on by default, and I finally got a chance with play with it. Here's a Linux VM running *without root*
If anyone who's around in Paris for @hexacon_fr wants to acquire a USB-Cereal adapter — hit me up. This adapter is a convenient replacement for the Android Debug Cable. Essentially splits the USB port into two: one with UART with kernel logs, the other is a pass-through for ADB.
A technical analysis of Pegasus for Android – Part 1 cybergeeks.tech/a-technical-an…
Linux: munmap() race with pagemap_read() leads to page UAF bugs.chromium.org/p/project-zero…
Exchange 0day exploit in wild. #APT gteltsc.vn/blog/canh-bao-…
Pack arbitrary shellcode into an executable that always has the same MD5 hash: github.com/DavidBuchanan3…
Wrote another @solana pwnable for @paradigm_ctf -- this time based off of a real bug ;) ctf.paradigm.xyz/challenges/ott…
sakura @eternalsakura13
9K Followers 206 Following Lead Security Researcher @zellic_io. Top 3 Chrome VRP. Top 2 Facebook Whitehat. MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con & OffensiveCon speaker.
Jr @__R0ng
750 Followers 173 Following
rthhh @rthhh17
2K Followers 673 Following Hyper-V Security Researcher. Black Hat USA 2021/2022 Speaker. MSRC MVR 2019/2020/2022/2024.
POC_Crew @POC_Crew
8K Followers 690 Following Organizer of Zer0Con, MOSEC and #POC2026 (https://t.co/6pIiBKhgxm)
codecolorist@infosec.... @CodeColorist
6K Followers 1K Following
pwn0rz @pwn0rz
617 Followers 560 Following mount /dev/brain. Feel free to DM or email to “me at pwnorz dot com”
HackSys Team @HackSysTeam
10K Followers 635 Following Vulnerability Research, Kernel Exploitation, Reverse Engineering, Exploit Development, Program Analysis, Malware Research, Web, Machine Learning
Andrey Konovalov @andreyknvl
7K Followers 859 Following Security engineer at https://t.co/027VXUlgOx. Focusing on the Linux kernel. Maintaining @linkersec. Trainings at https://t.co/D5MrxmYimS.
Camelia 🦢 @jean90978694
36 Followers 635 Following too soft for this world but still showing up 🌷 she/her
test domain @User2Micro
703 Followers 5K Following
Bridget Sharp @BridgetSha17736
2 Followers 173 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/MCzlok7Vmn
tejas krishna @tejaskrshna
12 Followers 2K Following
Milad Kahsari Alhadi @0cdefender0
150 Followers 375 Following Founder / CEO of Ai000 Cybernetics QLab. Interested in Mathematics, History, Cybersecurity, and Military.
tonghuaroot @tonghuaroot
470 Followers 4K Following Staff Security Engineer. Cyber Security enthusiast, not Hacker. Focus on Application Security, Penetration testing. #OSCP #OSEP #MSCS #RedTeam #AppSec #WebSec
Elvis - MSc Computer ... @elviscybersec
26 Followers 788 Following Cybersecurity, Cyber Threat Intelligence Manager / Pen Testing / Web Security / Internet Governance / Domain Registry System Engineering Lead
︎ @0xocdsec
4K Followers 8K Following ︎ 🏴☠️ 🇪🇺 💚 🇺🇦 | computers & features | 💚 🏴☠️ party | 603,628 km² https://t.co/F5dgX7AEoL
kangel @J_kangel
759 Followers 316 Following Retired CTF player at team AAA & katzebin |Binary security |Virtualization security |speaker of HITB, HexaCon, NoHat, POC
pidifn voidgh @pidifn
0 Followers 311 Following
misaki @tdatwja
3K Followers 4K Following Cyber Security|APT|Attribution|Geopolitics|infoOps... 避難用アカウント: @_tdatwja
carlos benitez @carlosb09397112
43 Followers 1K Following
d3vmzw5n @d3vmzw5n
24 Followers 898 Following Focus on android and linux vulnerability.All opinions are my own.
Klep @kleptonomic
0 Followers 1K Following
ddme @ret2ddme
29 Followers 295 Following
Lewis @LewisLee53
306 Followers 386 Following
zuichangdedianying @zuichangdedia
0 Followers 4 Following
Lewei Qu(曲乐炜) @sanpangzi321
82 Followers 161 Following Security Researcher of Android Ecosystem.Finding 500+ CVEs past years. Google 2022 top bughunter. BlackHat 2021 Europe/2022 Aisa/2022 USA Speaker.
slipper🩴 | Offside... @0xslipper
818 Followers 174 Following Hack🥷everything you see and you like⚠️🩴🪨 Founder & CEO @Offside_Labs
Eugenio Benincasa @eubenincasa
880 Followers 1K Following Cyber Defense Researcher | China Focus @CSS_ETHZurich. Previous Italian govt, @PacificForum and @NYPD1Pct. @UniLUISS & @ColumbiaSIPA alum.
صيفان سعيد @sifan9sifan9
418 Followers 563 Following شيء جميل أن نستطيع الالتفات للوراء دون حنين .. ودون ندم.. ودون حقد أيضاً ..!
blue_binary @blue_exploit
2 Followers 115 Following
Hacker7dead @hacker7dead
54 Followers 3K Following
蓝羊 @B111ueSheep
4 Followers 199 Following
Packet Phantom @NtAlexio2
126 Followers 1K Following Offensive Developer | Cyber Security Enthusiast | Network Protocols Researcher | @Metasploit contributor | Enjoy breaking things and remaking them!
7dr @aosihsjsvsv458
1 Followers 1K Following
0xaeced @dec_eax
1K Followers 642 Following
Project Zero Bugs @ProjectZeroBugs
37K Followers 0 Following A bot that posts the latest blog posts and disclosures from Google's Project Zero
simo @_simo36
7K Followers 126 Following
Samuel Groß @5aelo
25K Followers 524 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
Chromium Disclosed Se... @BugsChromium
8K Followers 0 Following Tweets publicly disclosed bugs in Chromium. Not an official Google product. Run by @SecurityMB. Mastodon: @[email protected]
starlabs @starlabs_sg
10K Followers 18 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
offensivecon @offensive_con
28K Followers 1 Following OffensiveCon Berlin is a technical international security conference focused on offensive security only. Organised by @Binary_Gecko. Stay tuned #OffensiveCon26.
Ivan Fratric 💙💛 @ifsecure
19K Followers 209 Following Tech lead and security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
ϻг_ϻε @steventseeley
23K Followers 557 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
Alex Plaskett @alexjplaskett
14K Followers 585 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
TrendAI Zero Day Init... @thezdi
89K Followers 16 Following TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Haifei Li @HaifeiLi
9K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
cts🌸 @gf_256
67K Followers 984 Following founder and hacker @zellic_io @v12sec @pb_ctf yt https://t.co/nlNai6iQCn
Jr @__R0ng
750 Followers 173 Following
Ian Beer @i41nbeer
47K Followers 147 Following
stephen @_tsuro
10K Followers 526 Following @v8js security, CTFs and CPU vulnz. LCHL. @[email protected]
Open Source Security ... @oss_security
5K Followers 9 Following @Openwall oss-security mailing list thread summaries, currently maintained by @solardiz. Originally setup and maintained as an automated feed by @eugeneteo.
Alisa Esage Шевч�... @alisaesage
41K Followers 99 Following Independent hacker and researcher, owner of Zero Day Engineering @zerodayalpha
Devon Maloney @plailect
1K Followers 138 Following Security Engineering and Architecture at @Apple. Vulnerability research. Embedded systems in @SwiftLang. Alumnus @RPISEC. Previously @ReSwitchedTeam. 🏳️🌈
Iskuri @Iskuri1
972 Followers 477 Following
[email protected]... @daviddiaul
1K Followers 3K Following Security Guy. All posts are my own and do not represent the opinions of my employer etc. @[email protected]
Crowdfense @crowdfense
3K Followers 1K Following Crowdfense is the world-leading research hub and acquisition platform for zero-day exploits and vulnerability research. We offer the highest bounties
Baptiste Robert @fs0c131y
253K Followers 5K Following CEO @PredictaLabOff | French Security Researcher, Ethical Hacking, OSINT
OS Dev @OSdev_
3K Followers 790 Following Senior Engineer @Qualcomm - Performance Engineering | Windows kernel | C/C++ | ARM64 | CPU & Memory Microarchitectures | SoC's
Thach Nguyen Hoang �... @hi_im_d4rkn3ss
4K Followers 350 Following Security Researcher @starlabs_sg. Pwn2Own Mobile 2020, 2021, 2022, 2023. Pwn2Own Vancouver 2022, 2023, 2024, 2025.
Maher Azzouzi @maherazz2
1K Followers 413 Following
Pedro Ribeiro @pedrib1337
9K Followers 352 Following Reverse Engineer | Director @ https://t.co/KuU3tiG1Om | Exploit Chef @FlashbackPwn
Off-By-One Conference @offbyoneconf
2K Followers 240 Following A premier gathering of offensive cybersecurity professionals, researchers, thought leaders and innovators from around the region.
nicolas vamous @NVamous
712 Followers 239 Following
iGh0sT @iGh0sT_iOS
7K Followers 203 Following
Seeker | Solana Mobil... @solanamobile
395K Followers 228 Following Seeker, the definitive crypto mobile device. Powered by SKR. Seek and you will find. Order Seeker: https://t.co/GTbxrFaXTN Discord: https://t.co/4Hh5oj1Uo2
1377 High-yield Nukes @buptsb
2K Followers 1K Following
0x140ce @0x140ce
798 Followers 1 Following sleep eat without pwn pwnfest 2016/pwn2own 2017/tianfucup 2019,2020,2021,2023/geekpwn 2022/Pwnie Awards 2023
Lewei Qu(曲乐炜) @sanpangzi321
82 Followers 161 Following Security Researcher of Android Ecosystem.Finding 500+ CVEs past years. Google 2022 top bughunter. BlackHat 2021 Europe/2022 Aisa/2022 USA Speaker.
slipper🩴 | Offside... @0xslipper
818 Followers 174 Following Hack🥷everything you see and you like⚠️🩴🪨 Founder & CEO @Offside_Labs
Lao Bai @Wuhuoqiu
75K Followers 708 Following Advisor @ambergroup_io|ex Investment - OKX_Ventures & @ABCDELabs 买加密美股,用BIT - https://t.co/Ui7n2oz4wi 老白BIT美股讨论群 - https://t.co/Ia0A9pz8iB
pwning.eth | Offside ... @PwningEth
6K Followers 21 Following the newest pwn star on the block(chain)! won $8M+ bounty✨ for protecting $300M+ funds at risk🔥| Whitehat @Immunefi Hall of Fame 🏆| @Offside_Labs CTO
Dedaub @dedaub
10K Followers 105 Following Security audits, static analysis, realtime threat monitoring
Zhiyi @zhiyi___
504 Followers 545 Following 2023 MSRC MVR #3;2022 MSRC MVR #7;2019 2020 MSRC Top 100;Chromium Bug Hunter;Tweets are my own.
Mathias Krause | @min... @_minipli
798 Followers 31 Following
Haotian | CryptoInsig... @tmel0211
49K Followers 3K Following 独立研究员| Advisor @ambergroup_io | 特约研究员 @IOSGVC| 硬核科普 | Previously:@peckshield | DMs for Collab
awxylitol @awxylitol
140 Followers 145 Following Vulnerability Researcher | Reverse Engineering | Binary Exploit
- @dora2ios
10K Followers 341 Following
Imagination Technolog... @ImaginationTech
5K Followers 1K Following Market-leading GPU Semiconductor IP for graphics, edge AI and compute. Efficient, programmable, and optimised to be your solution.
Pierre H. 🔥🌸 @pedantcoder
4K Followers 181 Following present: security (zalloc, kalloc_type, IPC, VM, …) | past: GCD, synchro, objc_direct, perf… | timeless: 🇫🇷 snark | @[email protected]
keenjoy95 @keenjoy95
642 Followers 140 Following
Mobile Security @mobilesecurity_
31K Followers 1K Following Mobile Security ✌🏻 #MobileSecurity #AndroidSecurity #iOSsecurity
Andrey Konovalov @andreyknvl
7K Followers 859 Following Security engineer at https://t.co/027VXUlgOx. Focusing on the Linux kernel. Maintaining @linkersec. Trainings at https://t.co/D5MrxmYimS.
FuzzingLabs @FuzzingLabs
9K Followers 4K Following Research-oriented Cybersecurity startup specializing in #fuzzing, Vulnerability Research & Offensive security on Mobile, Browser, AI/LLM, Network & Blockchain.
Taszk Security Labs @TaszkSecLabs
2K Followers 4 Following Security consulting and vulnerability research services for a mobile connected world. | We find needles in your software haystack.
Billy @st424204
1K Followers 95 Following Security Researcher @starlabs_sg Pwn2Own Vancouver 2024,2023,2022,2021 Pwn2Own Austin 2023,2021 Pwn2Own Berlin 2025,2026
Richard Johnson @richinseattle
19K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH
Zhenpeng (Leo) Lin @Markak_
3K Followers 394 Following AI x Security @depthfirstlabs, Ph.D., CTF player @Nu1L_team, now @StrawHat_CTF. #Pwn2Own winner. Author of #DirtyCred #BadiouringTrends for United States
You might like
