kiddo
@kiddo_pwn
Independent Security Researcher | Pwn2Own (24🇮🇪 / 25🏎️)
You might like
First H1 report! CVE-2025-27212: Pre-auth RCE affecting 6 Ubiquiti Doorcam series is now public (CVSS 9.8 ^_^) Shoutout to my friend @da2Rim for making this research possible and owning a 5-digit bounty 😁 community.ui.com/releases/Secur…
Today @rapid7 is disclosing 8 new printer vulnerabilities affecting 742 models across 4 vendors. After 13 months of coordinated disclosure with Brother Industries, Ltd, we're detailing all issues including a critical auth bypass. Full details here: rapid7.com/blog/post/mult…
A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/06/…
[ZDI-25-377|CVE-2025-23119] (Pwn2Own) Ubiquiti Networks AI Bullet Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability (CVSS 7.5; Credit: @kiddo_pwn, @d0now, @insp3ct0r_x, @D0b6y, @leeju_04, @ju_cheda, @nang__lam, @slyfizz3) zerodayinitiative.com/advisories/ZDI…
[ZDI-25-376|CVE-2025-23118] (Pwn2Own) Ubiquiti Networks AI Bullet Improper Certificate Validation Authentication Bypass Vulnerability (CVSS 7.5; Credit: @kiddo_pwn, @d0now, @insp3ct0r_x, @D0b6y, @leeju_04, @ju_cheda, @nang__lam, @slyfizz3 of STEALIEN Inc.) zerodayinitiative.com/advisories/ZDI…
What does it take to hack a @Sonos Era 300 for Pwn2Own? Take a look at our process of adapting existing research, establishing a foothold, and exploiting media parsers for unauthenticated RCE over the network🔥👇 blog.ret2.io/2025/06/11/pwn…
After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to @st424204, @n0psledbyte, @Peterpan980927 & @rainbowpigeon_ CVE-2025-23095 to CVE-2025-23107 📍 semiconductor.samsung.com/support/qualit…
This year's @typhooncon was the best! I was grateful to make new friends and learn so much from them 🥰 If you’re looking to use Binary Ninja more efficiently, I'd highly recommend @ElykDeer's upcoming training! (2nd pic) In my experience, he’s one of the top who can help us…
🌪️ TyphoonCon 2025 has officially wrapped up and it was an incredible experience, all thanks to YOU! Shoutout to our attendees, crew, and sponsors for bringing the energy and making it an unforgettable event! ❗️ Stay tuned... TyphoonCon 2026 is already in the works, and we can't…
It seems like the @midnightbluelab guys successfully demonstrated again their IVI exploit! Happy to meet @rdjgr & Carlo at #TyphoonCon25
🌪️ Kicking things off with our keynote by @theflow0 sharing how console hacking sparked his journey into cybersecurity.
🌪️ Tapping into the past @typhooncon with @rdjgr & Carlo Meijer’s RCE via Fax Machine!
🌪️ Back from lunch just in time to escape VirtualBox and unchaining objects in the Windows Kernel with Corentin Bayet
"Advanced .NET Exploitation" June edition at @reconmtl is confirmed! We've hit 10 registered students, so the class is happening for sure. If you’ve been thinking about joining, there’s 5 more space to learn some deserialization Magic! summoning.team
Thanks to @typhooncon and sponsor’s support, I'm able to attend again this year 🥰 Looking forward to learning a lot and meeting amazing people at the conference!
2025년 TyphoonCon 스폰서 중 한 곳에서 대한민국 거주자를 대상으로 무료 참가권 2매를 제공하기로 했습니다! 포함 내용: ✅ 2025년 5월 2628일 중 원하는 트레이닝 세션 1개 [무료 참여] (15명 정원, 실습 중심) ✅ 5월 2930일 TyphoonCon 메인 컨퍼런스 [무료 참가권] ✅ 트레이닝 수료 시…
😅 Exploit chain: CVE-2024-12053 + 361862752(rce + v8sbx escape), exploited ITW issues.chromium.org/issues/3790091… issues.chromium.org/issues/3618627…
(CVE-2024-12053)[379009132][$8000][wasm]Type Confusion is now open with PoC(crashes when calling toString() on a WASM function's return value in JS): issues.chromium.org/issues/3790091…
My writeup for CVE-2024-7971. Just a POC. Let me know if u have any questions. github.com/mistymntncop/C…
[#Zer0Con2025] 🎙️ SPEAKER Highlight: @matteomalvica "Breaking Chrome's V8: Type Confusion, WASM JIT-Spraying and Heap Sandbox Evasion" 💥
![POC_Crew's tweet image. [#Zer0Con2025]
🎙️ SPEAKER Highlight: @matteomalvica
"Breaking Chrome's V8: Type Confusion, WASM JIT-Spraying and Heap Sandbox Evasion" 💥](https://pbs.twimg.com/media/GoO_f6LbYAAxqCs.jpg)
United States Trends
- 1. Branch 37.6K posts
- 2. Chiefs 112K posts
- 3. Red Cross 55.7K posts
- 4. #njkopw 9,309 posts
- 5. Lions 89.9K posts
- 6. Exceeded 5,878 posts
- 7. Binance DEX 5,171 posts
- 8. rod wave 1,697 posts
- 9. Mahomes 34.9K posts
- 10. Air Force One 58.8K posts
- 11. Eitan Mor 18.3K posts
- 12. #LaGranjaVIP 83.8K posts
- 13. #LoveCabin 1,397 posts
- 14. Ziv Berman 21.4K posts
- 15. #TNABoundForGlory 60.2K posts
- 16. Knesset 16.1K posts
- 17. Alon Ohel 18.8K posts
- 18. Tel Aviv 60.7K posts
- 19. Matan Angrest 16.8K posts
- 20. Omri Miran 16.8K posts
You might like
-
PKSecurity
@pksecurity_io -
ipwning
@ipwning -
st4rlight
@st4rlight_exp -
Sujal Samai
@SujalSamai -
Jinheon Lee
@howdays1 -
Marf Dev
@marfisdev -
zh1x1an1221
@zh1x1an1221 -
Ann@Pl0
@AnnaPlohotnich1 -
bc0d3
@bc0d3 -
Nipun gupta
@psy4n0n -
Divyosmi Goswami
@DivyosmiGoswami -
Soyeon Park
@_runiel -
The Saint
@St_Norbz -
Walter ☕️
@WLensinas
Something went wrong.
Something went wrong.