U-uwawa uwa
Joined March 2016
- Tweets 174
- Following 284
- Followers 448
- Likes 2,074
8 Photos and videos
Chai Yichen retweeted
May 21
More frontier model vulnerability research news.
May 21
Tomorrow, I will drop Chrome exploit code showing how an attacker can execute arbitrary Javascript within the context of a domain they control.
6
51
13,730
Chai Yichen retweeted
King must NOT bow to someone🔥🔥🔥
10
1,502
8,821
91,428
Chai Yichen retweeted
Today we're releasing hpke-ng: a clean-slate Rust implementation of HPKE (RFC 9180) and a drop-in replacement for Cryspen's hpke-rs, the subject of our critical nonce reuse vulnerability discovered in February.
Faster, smaller and more hardened than hpke-rs across every metric.
1
7
20
1,654
May 1
Advanced LLMs have really made plenty of fools look smart. Emphasis on "look smart", it's not too hard to see through it
3
273
Chai Yichen retweeted
May 1
With @Hacker_Chai we just published our second blog post on Samsung security research! This one is about a local arbitrary APK install in Galaxy Store, combining a few vulns like a broken signature check, a file write, etc. Check it out here: bugscale.ch/blog/here-we-go-…
1
3
5
528
Apr 30
Our second blog post is out here: bugscale.ch/blog/here-we-go-… ! We managed to install arbitrary APKs on the Samsung Galaxy S25 from an app without install permissions. For this, @SachaKozma did most of the work, but it was great looking into Samsung's cloud gaming component with him
1
28
98
13,814
Apr 30
From the looks of it, cloud gaming (i.e. games running on the cloud, streamed to your phone) may be coming in future for Samsung phones 👀. Idk what it's like now, but more stuff is being added
1
5
943
Apr 30
To those interested, I mainly focus on the memory corruption side of vulnerability research / exploit dev, but after this Samsung stuff I also have a bit of experience with Android (i.e. Java, JNI, binder etc.)
4
269
Apr 23
Credit where credit is due. freebsd.org/security/advisor… and freebsd.org/security/advisor… look much more interesting
2
3
856
Apr 22
Revising this UAF I found a while back in FreeBSD's pf firewall: cgit.freebsd.org/src/commit/… . Unlike some who find bugs in components nobody has touched for years with Claude and parade them around like they've found the bug of the century, we find bugs in code people actually use
3
2
24
2,759
Apr 22
Sadly, this one's probably unexploitable; couldn't find a way to extend the gap between free and realloc, and FreeBSD's UMA allocator is not a fan of zone crossing, which means we most likely can only replaced the dangling mbuf ptr with another mbuf
1
1
3
498
Apr 23
*free and pointer discarding. The dangling pointer exists for a fleeting moment during packet processing before it's gone. You'd think that's a memory leak then, but the ptr if not freed then is freed somewhere else, iirc. mbufs are kinda cool and my memory's hazy
198
Apr 22
I know these stuff are old news, but I just recalled some of the minor bugs I found in FreeBSD in the past. If I had a PR team, each of these could be an "impressive find in a highly secure OS"
1
2
261
Apr 22
Did I mention I still have a remote kernel panic against all FreeBSD Wi-Fi users (again probably quite little). You're connected to Wi-Fi, receive my wireless frame, bam, panic. Marked duplicate (the previous guy barely had a PoC), not fixed
2
232
Apr 4
Sure hope money in banks are safe with the FCA's wonderful talents
1
241
Mar 22
Check out my GOAT Sacha at @SachaKozma and go follow him! His blog is at blog.cdthoughts.ch !
1
1
3
381
If you missed the talk at @1ns0mn1h4ck , our latest blog post is now available for you to explore.
In this post, researchers @Hacker_Chai and @SachaKozma detail their journey to a 1-click RCE exploit on the Samsung S25 phone.
Check it out here: bugscale.ch/blog/shoot-for-t…
1
33
100
10,462