Security expert and CTO @Reverse_Tactics
Joined April 2017
- Tweets 410
- Following 403
- Followers 1,702
- Likes 1,447
9 Photos and videos
cbayet retweeted
Jun 10
📢 CALL FOR PAPERS IS OPEN! 📢
Ready to share your latest security research with the community at Hexacon? The stage is yours.
Submit your talks here: hexacon.fr/conference/call-f… 💻✨
22
46
7,311
cbayet retweeted
May 20
Bug Hunting in Hypervisors by Corentin Bayet (@OnlyTheDuck) and @BrunoPujos
📅 Oct 12-15
📍 Espace Vinci or Espace Cléry, Paris 2nd
👉 hexacon.fr/trainer/bug_hunti…
11
29
3,496
Apr 27
Really proud to be a trainer at @hexacon_fr !
We’re proud to bring our" Bug Hunting in Hypervisors" training to @hexacon_fr (October 12th–15th, 2026) !
Designed for security researchers,we will dive into VM escapes, hypervisor attack surfaces, and real-world exploitation.
See you there !
2
14
1,987
cbayet retweeted
Mar 16
[ZDI-26-188|CVE-2025-41237] (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability (CVSS 8.2; Credit: Corentin "@OnlyTheDuck" BAYET from REverse Tactics) zerodayinitiative.com/adviso…
4
19
1,784
Jan 26
Awesome bp on a Workstation escape using a bug I also found in 2024, and never managed to exploit... Found the ESXi vuln I used at the same #Pwn2Own while looking for interesting objects to overwrite with the LFH OOB 😅
Those guys found the bug and exploited it in a few days !
Jan 26
At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller.
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.
🔍 Full technical write-up 👇
synacktiv.com/en/publication…
2
11
1,852
Jan 26
This bug is found and triggered by students of our training 😉
reversetactics.com/trainings…
4
556
Jan 16
Will be at @reconmtl again this year 🥰
Our training "Bug Hunting in Hypervisors" returns at @reconmtl in 2026!
Taught by researchers actively working on real-world hypervisor exploitation #Pwn2Own
Designed for security researchers, we will dive into VM escapes, hypervisor attack surfaces, and real-world exploitation
2
7
2,949
🚨 REcon 2026 is LIVE!
🚀 Call for papers and registration are now open!
Join the world's top reverse engineers & exploit devs in Montreal:
🛠 Trainings: June 15-18 (19 hands-on classes – AI agents, kernel exploits, Rust/Go reversing, fault injection & more!)
📅 Conference: June 19-21
Tickets & early bird now open → recon.cx
Shoutout to the legends teaching: @SinSinology @KyleMartin @MalachiJonesPhD @andreyknvl @mr_phrazer @yarden_shafir @DrCh40s @pulsoid
more elite instructors! See website for all trainers and session info.
Limited spots – see you in MTL! #REcon2026 #ReverseEngineering
49
142
18,989
cbayet retweeted
7 Aug 2025
Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and VM!
Curious? 👇
bughunters.google.com/blog/6…
57
208
67,282
7 Jul 2025
Love the top-bottom approach of this blogpost ! A great way to explain internals in my opinion, and the kind of reference you look when you're trying to exploit a heap bug. Also glad to see that our paper (with @paulfariello) of 2020 is still relevant !
Good morning! Just published a blog post diving into Windows Kernel Pool internals: basics, memory allocation functions, internal structures, and how Segment Heap, LFH, and VS work.
r0keb.github.io/posts/Window…
2
15
2,897
31 May 2025
Jet lag hit hard but still really enjoyed @typhooncon, Seoul and meeting new friends 😁
31 May 2025
@typhooncon is already over, but we enjoyed every minute ! During our talk "Journey To Freedom", we disclosed for the first time the details on the Windows LPE we used at Pwn2Own Vancouver 2024 after escaping from VirtualBox. Slides are already available: reversetactics.com/publicati…
10
1,109
cbayet retweeted
29 May 2025
🌪️ Back from lunch just in time to escape VirtualBox and unchaining objects in the Windows Kernel with Corentin Bayet
6
11
3,271
cbayet retweeted
21 May 2025
Slides and video of our talk at @offensive_con are already online !
Thanks to @Binary_Gecko for the amazing event
reversetactics.com/publicati…
13
30
6,983
18 May 2025
Had a blast at @offensive_con and #Pwn2Own ! Going to sleep now, but not for long...
18 May 2025
And that's a wrap for @offensive_con and #Pwn2Own ! We had the best time there and were so glad to reunite with the finest researchers out there. See you next year !
2
1
19
1,257
cbayet retweeted
17 May 2025
Sweet! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics barely needed a second to demonstrate his exploit against VMware ESXi. He heads off to the disclosure room to provide the details of his work. #Pwn2Own #P2OBerlin
8
87
9,577
cbayet retweeted
16 May 2025
It's time for @offensive_con and #Pwn2Own ! Come meet us there and and attend our sessions:
📅 Fri, May 16 @ 18:45 — Our talk “Journey to Freedom” about escaping VirtualBox during Pwn2Own 2024
📅 Sat, May 17 @ 14:00 — Watch our live VMware ESXi escape attempt ar #Pwn2Own
2
8
2,269
28 Apr 2025
So proud to speak for the first time @offensive_con ! Excited to be there and meet the finest researchers 🍻
28 Apr 2025
Our talk "Journey to Freedom" about our Pwn2Own 2024 VirtualBox escape is coming to @offensive_con ! We will dive deeper into the technical challenges and obstacles we faced. @OnlyTheDuck will break down the key research phases and the exploit's most critical components.
1
16
1,829
4 Apr 2025
Still a few seats available for our next session at @reconmtl !
4 Apr 2025
📢 We're excited to announce our complete training catalog is now live at reversetactics.com/trainings… !
Next up: "Bug Hunting In Hypervisors" at @reconmtl Register here: recon.cx/2025/trainingBugHun…
2
2
2,569