31 Photos and videos
k0shl retweeted
Update to the Windows Insider Preview bounty program: General Awards for Elevation of Privilege and Information Disclosure are now split by finishing privilege, with award ranges increasing to $1,000ā$8,000.
This change is designed to better align rewards with the impact of reported vulnerabilities.
Learn more on the Windows Insider Preview bounty page: msft.it/6018v3QZI
ALT Windows Insider Preview Bounty Update
1
8
26
6,005
Have a lovely night connecting with MSRC team and MVRs, thanks @msftsecresponse for inviting me to attend Black Hat Asia and MSRC Researcher Celebrationšātrust me, we all love MSRCā ā via Yuki Chen
Thank you to everyone who joined us for the MSRC Researcher Celebration at Black Hat Asia. It was great to connect with so many in the community and spend time sharing ideas and conversations.
We appreciate the collaboration that drives this work forward and look forward to what weāll build together next.
1
3
28
6,739
Today is my last day at Cyber Kunlun. Iāve gained many valuable experiences and unforgettable memories with this amazing team. Thanks all my awesome teammates! Becoming an independent security researcher will be a new challenge for me in 2026. Keep on keeping on!
3
2
103
7,898
This month MSRC fixed my Windows Defender info leak vulnerability CVE-2025-62468, but all acknowledgments are incorrect. First, I provided a working exploit, so itās not āexploitable unlikely.āš
msrc.microsoft.com/update-guā¦
4
16
173
16,677
And then, the vulnerability requires no specific user group or configuration ā any normal user in a default environment can trigger it. Finally, it is an out-of-bounds read that leaks about 64 pages from the .data section, not the heap memory. It's simple and easy to exploit.š¤£
1
2
22
3,018
I found a stack overflow bug in a win component that, unlike a typical stack overflow, reliably writes into the PAGE_GUARD region before the start of stack. Root cause is new to me, Iāve never seen this kind of crash before. Itās an interesting case, and I might share more soonš
3
3
64
6,576
Our slide is online: i.blackhat.com/BH-USA-25/Preā¦
Glad to share our pre-auth DoS & RCE bug hunting research at #BHUSA! Thanks @BlackHatEvents for the pre-recording, as we couldnāt attend in person this time for personal reasons. Questions? DM us @vv474172261 @XiaoWei___ @edwardzpeng
7
57
180
21,191
k0shl retweeted
1 Aug 2025
We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojectzeroā¦
It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!
2
72
293
24,719
Well. Happy to be on the MVRs annual list again and again ā twice in a year š! Ended up #11. Thanks @msftsecresponse and congrats all!
17 Jul 2025
Our previously published Most Valuable Researchers (MVR) leaderboard contained inaccuracies due to technical issues on our end. We apologize for the error and have since resolved the issue. Weāre now sharing a fully refreshed and accurate leaderboard.
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers by discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.
We are excited to recognize this yearās Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report. Please join us in celebrating this yearās MVRs, including our top 10:
1. š„wkai
2. š„VictorV (@vv474172261)
3. š„Suresh Chelladurai
4. Anonymous
5. Brad Schlintz (@nmdhkr )
6. @0x140ce
7. Anonymous
8. Dhiral Patel (@dhiralpatel94)
9. Nan Wang (@eternalsakura13) and Ziling Chen
10. Adnan (@adnanthekhan)
See the full list of this yearās MVRs, in addition to our Azure, Office, Windows, and Dynamics 365 leaderboards: msft.it/6019sBjyU
#bugbounty
ALT MVR
2
20
2,811
k0shl retweeted
16 Jul 2025
During #BHUSA Briefing "Diving into Windows HTTP: Unveiling Hidden Preauth Vulnerabilities in Windows HTTP Services," we will discuss the different architectures of Windows HTTP services and share multiple previously undisclosed vulnerability cases and attacks. We will also summarize these new vulnerability patterns and provide a comprehensive interpretation of the security threats within the realm of Windows HTTP services. Register now >> bit.ly/3GvK9rr
1
14
5,272
Happy to make list again! Thank you @msftsecresponse and congrats all!
15 Jul 2025
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers by discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.
Today, we are excited to recognize this yearās 100 Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report. Please join us in celebrating this yearās MVRs, including our top 10:
1. š„ VictorV (@vv474172261)
2. š„ wkai
3. š„ Suresh Chelladurai
4. Anonymous
5. Adnan (@adnanthekhan)
6. Dhiral Patel (@dhiralpatel94)
7. Nan Wang (@eternalsakura13) and Ziling Chen
8. Anonymous
9. @0x140ce
10. Azure Yang (@4zure9)
See the full list of this yearās 100 MVRs, in addition to our Azure, Office, Windows, and Dynamics 365 leaderboards: msft.it/6011s6KxU
#bugbounty
ALT MVR 2025 annual leaderboard
1
1
22
3,313
k0shl retweeted
11 May 2025
In #BHUSA Briefings "Diving into Windows HTTP: Unveiling Hidden Preauth Vulnerabilities in Windows HTTP Services" where the speakers will discuss the different architectures of Windows HTTP services and share multiple previously undisclosed vulnerability cases and attacks. They will also summarize these new vulnerability patterns and provide a comprehensive interpretation of the security threats within the realm of Windows HTTP services. Learn more here >> bit.ly/3EWB3mI
3
9
5,503
Excited to announce our talk has been accepted by
@BlackHatEvents #BHUSA!š„³š„³š„³
In my part of presentation, Iāll cover logic-based pre-auth remote vulnerabilities uncovered via novel abuse of Windows native HTTP API.
Can't wait to see y'all in Las Vegas!
blackhat.com/us-25/briefingsā¦
10
18
151
19,955
k0shl retweeted
16 Apr 2025
[Official Announcement]: deepsec.cc 2025 IS COMING!!!
This is a community-driven, non-profit information security closed-door symposium, where technology speaks loudest.
š deepsec.cc
š
June 16, 2025
š Shanghai, China
š§ x@deepsec.cc
11
35
19,324
k0shl retweeted
18 Feb 2025
I'm unable to join the conference Insomniāhack 2025, so I write a part of content into a blog, hope you enjoy my blog. v-v.space/2025/02/18/Azure-bā¦
7
36
125
18,972
k0shl retweeted
25 Jan 2025
We are publishing less here now. But here is a recent post by @Tuan_Linh_98 & lots of guidance by @cplearns2h4ck
starlabs.sg/blog/2025/cve-20ā¦
2
42
117
14,317
k0shl retweeted
31 Dec 2024
Think youāve got what it takes to pop shells and snag your ticket to... @REverseConf and @offbyoneconf ? š
github.com/star-sg/challengeā¦
1
45
136
42,467
Received my MVR swag box at the last day of 2024, thank you @msftsecresponse ! And happy new year you all!
2
1
25
2,493