wei Profile
wei

@XiaoWei___

Followers
2,352
Following
69
Media
2
Statuses
21

virtualization and webbrowser security researcher

People's Republic of China
Joined July 2018
Don't wanna be here? Send us removal request.
Explore trending content on Musk Viewer
@XiaoWei___
wei
3 months
MSRC fixed a RCE bug in TCPIP module. I found the bug several months ago. Its score is 9.8 and exploitation is more likely. Please apply the patch immediately.
Tweet media one
24
199
837
@XiaoWei___
wei
5 years
This bug can not only leak info but also lead to vm escape. I used it in tianfu cup 2018.
0
21
81
@XiaoWei___
wei
6 months
msrc confirmed a critical rce bug in WIP I reported last month.The bug could be triggered through network and affects default install(no additional service need to enable)and is more likely exploitable.
Tweet media one
3
3
78
@XiaoWei___
wei
5 months
@guhe120 Yuki shared some attack surface in his blackhat presentation. I followed his step and found an out of bound write bug in the wifi driver.
6
6
46
@XiaoWei___
wei
3 months
@IIlIIlIIIII @daveaitel The bug triggers before fw handling the packet.
2
4
32
@XiaoWei___
wei
3 months
Glad to progress with my friends.I got #2 this time.Thanks msrc and my friends.
@msftsecresponse
Security Response
3 months
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers by discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s
Tweet media one
3
23
86
3
0
21
@XiaoWei___
wei
3 months
@foxtrot_0x4fult Considering its harm, I will not disclose more details in the short term.
2
2
21
@XiaoWei___
wei
4 years
@Synacktiv @soaphornseuo @BrunoPujos @OnlyTheDuck @ekoparty I have this bug for several years. It is a good bug.I have a very stable exploit for it.
0
1
8
@XiaoWei___
wei
4 months
@f4rmpoet @vanhoefm well done.But this bug could be triggered after association and before handshake have finished.On the moment data packet is not encrypted.This means that there is no need for attacker to join the network.attacker just do a deauth attack first and then trigger the bug.
1
1
6
@XiaoWei___
wei
5 years
@thezdi @abdhariri @fluoroacetate @abdhariri @fluoroacetate It seems that the bug can not be triggered with default configuration in vmware workstation. There are a usb hub devive and a hid device with default config. In my debugging,they don't support bulk endpoints. Did i do anything wrong?
0
0
3
@XiaoWei___
wei
5 years
@_nafod haha,I have made a ckeck.If host have a bluetooth and it's turned on,then virtual bluetooth will be a default device.
0
0
3
@XiaoWei___
wei
5 years
@_nafod It seems that virtual bluetooth is not a deafault device.
1
0
2
@XiaoWei___
wei
6 months
@realBrightiup @Jioun_dai 期待卓总出一个rjb
0
0
1
@XiaoWei___
wei
4 months
@encrypted_past @guhe120 It' a bug in nwifi.sys.
1
0
1
@XiaoWei___
wei
3 months
@vv474172261 congratulations!
0
0
1
@XiaoWei___
wei
6 months
0
0
1