@_gcali profile picture
Giuseppe Calì @_gcali

I like to take apart stuff to understand how it works. When I'm lucky, it even turns on afterwards. Pwn2Own Tokyo '26

Joined June 2025
  • Tweets 33
  • Following 164
  • Followers 326
2 Photos and videos
Pinned Tweet
Giuseppe Calì@_gcali
Jan 23
Setting up your Pwn2Own target in a capsule hotel and spending the night before the attempt debugging the exploit for fun and profit
3
14
286
19,781
babe wake up, new side quest dropped
1
9
811
Giuseppe Calì retweeted
c1bero@c1bero
Jun 8
If you want to see how one incorrectly placed exclamation mark in the Linux kernel's nftables subsystem can lead to a local privilege escalation, have a look at my blog post. It covers a technical analysis of the bug I found and how it can be exploited blog.exodusintel.com/2026/06…
12
21
2,664
Giuseppe Calì retweeted
Paolo Stagno (VoidSec)@Void_Sec
May 21
I originally prepared this bug for Pwn2Own Berlin. A few days before the contest, a CVE got assigned. So, here is my technical analysis and exploitation strategy for CVE-2026-40369: a 12-byte kernel increment, exploitable both as an LPE and SBX. voidsec.com/cve-2026-40369-b…

CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox - VoidSec

Technical analysis of CVE-2026-40369, a 12-byte Windows kernel write reachable from browser sandboxes via NtQuerySystemInformation, leading to SYSTEM.

voidsec.com
1
61
207
16,000
My infinite gratitude goes to everyone who went out of their way to help me with this. Not the outcome I had hoped for, but hey, at least I failed at something incredibly difficult (and learned a ton in the process). 🙃
TrendAI Zero Day Initiative
@thezdi
May 16
Unfortunately, Giuseppe Calì of Summoning Team (@SummoningTeam) could not get their exploit of VMware ESXi working within the time allotted. #Pwn2Own #P2OBerlin
2
1
54
4,342
Giuseppe Calì retweeted
Thach Nguyen Hoang 🇻🇳@hi_im_d4rkn3ss
May 16
i did it again 🙏🙏
TrendAI Zero Day Initiative
@thezdi
May 16
Mind blown alert 🤯! Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG (@starlabs_sg) used a Memory Corruption bug to exploit VMware ESXi with the Cross-tenant Code Execution add-on, earning a sweeeeeet $200,000 and 20 Master of Pwn points. Full win let's go! #Pwn2Own #P2OBerlin
17
20
443
21,976
Giuseppe Calì retweeted
Orange Tsai 🍊
@orange_8361
May 14
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
TrendAI Zero Day Initiative
@thezdi
May 14
Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
112
366
2,567
211,742
I'm thrilled to announce I have achieved a new level of eyebags trying to make this Pwn2Own participation happen
31
1,468
Giuseppe Calì retweeted
Paolo Stagno (VoidSec)@Void_Sec
May 12
Bug count != exploitable bug. Finding != chaining. LLMs are exceptional at pattern recognition on known bug classes. They are not reasoning about novel failure modes in complex multi-component systems. The hard bugs still require humans. voidsec.com/ai-vulnerability…

AI Vulnerability Research and the Fuzzer Era Déjà Vu: Why the Numbers Are Only Half the Story -...

AI-assisted vulnerability research is the fuzzer era all over again. Same spike, same plateau. Here is why bug counts are only half the story.

voidsec.com
4
20
77
8,756
Giuseppe Calì retweeted
Josh@boredpentester
May 11
Pretty sure the vendor reports before the competition starts are likely actively hurting the competitors that have flown out just to have their bounty halved as the issues are now considered 'known'. Equally, you can't just sit on a full chain. Far from the ideal situation...
1
2
3
1,349
Giuseppe Calì retweeted
h0mbre@h0mbre_
26 Jun 2024
think i found a bug. which means it’s time to take a break and enjoy the possibility before looking more closely and finding out there’s a check in an upstream code path I missed
7
18
207
19,939
Giuseppe Calì retweeted
SinSinology
@SinSinology
Jan 30
🪲 Registration is Open NOW! (@reconmtl) recon.cx/2026/en/training.ht…
16
78
13,273
If you like VPN exploits as much as us, you're going to love this course Zeroshi is bringing to @_ringzer0! Marco will walk students into opening up edge devices for research, mapping their attack surface, finding vulns and building full exploit chains. ringzer0.training/countermea…

Vulnerability Research and Exploitation on Edge Devices: Memory Corruption Edition

Participants will research and exploit vulnerabilities on a real-world embedded edge device in Fortune 500 environments, advancing from restrictive shells to fuzzing, crash triage, root-cause...

ringzer0.training
3
9
57
6,890
He might even have a couple one minus one days for students to work on, aside from what's already listed in the syllabus. 😉
2
2,014
It was a real pleasure to bring a few vulns to Tokyo and take part in #Pwn2Own Automotive! Many thanks to ZDI for organising the contest and giving me an excuse to finally visit Japan x)
TrendAI Zero Day Initiative
@thezdi
Jan 21
Confirmed! @_gcali and 8cf53a459714977f6bb11ee2d90416bf1675fa0e2451d80cf55a06d0b6ac2 of Team Zeroshi exploited five bugs against the Phoenix Contact CHARX SEC-3150, securing a Round 2 win for $20,000 USD and 4 Master of Pwn points. #Pwn2Own #P2OAuto
2
34
4,607
Earlier this year I spent some time digging into Synology and QNAP NAS devices and reported the following items to ZDI: ZDI-CAN-28486 ZDI-CAN-28553 ZDI-CAN-28554 ZDI-CAN-28485 I'll post more details on gcali.io as soon as the disclosure process allows it 👋
6
1,931
Load more