P (Million Live!) / LoveLiver / Shihainin
hackerman at
@qriousec
&
@ProjectSEKAIctf
traveling around the world (mostly to 🇯🇵)
Tiếng Việt / English / 日本語
范阮玉邊
4 years ago I pwned a real world software for the first time - it was Counter-Strike 1.6.
By modding CS, I know how to write code, how to hook, how to reverse engineer softwares, and how to exploit.
If not for CS, I might have been something else.
As you may know,
@the_secret_club
recently posted videos about Source Engine games RCE. I was also ignored by Valve for a year. Here's the demonstration of my report. RCE can be achieved by connecting to a malicious server, then the chain will be completed when game is restarted.
Yay, I was awarded a $9,000 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
This is the Source Dedicated Server RCE I mentioned before, and
@valvesoftware
is fixing it. Hope it will be resolved quickly so I can post a write-up.
Yay, I was awarded a $7,500 bounty on
@Hacker0x01
!
Finally they fixed my CS:GO RCE-through-game-invite exploitation chain 🙏
Now time for retesting, hope the patch is good.
I also hope that this lame chain will be disclosed soon.
#TogetherWeHitHarder
Collision: Bien Pham (
@bienpnn
) of Qrious Security successfully targeted Ubuntu Desktop, but the exploit was previously known. They still earn $15,000 and 1.5 Master of Pwn points.
#P2OVancouver
#Pwn2Own
Next week I'll be participating in
#Pwn2Own
Austin, remotely.
With the increased number of submissions, I think that we will have a lot of duplicates, since the bugs that I found are relatively easy to spot.
Hope my entries will go first 🙏🙏🙏
Today I successfully built a full exploitation chain that can attack source dedicated server (I cannot say which games are affected). This can attack official servers too. Details will be published if Valve will resolve the report. Truly one of the biggest achievement of my life.
how do i feel after getting something at p2o?
i feel happy. and i don't feel that i'm special or something like that.
everyday i see people making more achievements than me, and while i feel inferior, it motivates me to try harder.
hope someday i can be as good as others.
hi
@CounterStrike
, I reported quite a number of security bugs for CS:GO and other source engine games in the past, can i have CS2 access so I can try to find bugs with it?
My first
#Pwn2Own
ended with 3 success, 1 stupid failure and 1 duplicate. If also with my teammate, a total of 6 success, 1 failure and 1 duplicate. Not a bad start I guess. Next time I'll be back stronger, and hopefully I can participate in the Desktop edition :) GL to others!
linux kernel introduced kmalloc-cg-* in 5.14. allocations using GFP_KERNEL_ACCOUNT will go in there. no wonder i cant use msg_msg spray on 5.17 while on Ubuntu 21.10 (5.13) i still can use it.
all those pwn2own dramas 🍿🍿🍿
as a contestant on site, i know some more dramas but our team agreed not publishing it (for now)
actually it is not uncommon for vendor to be scared of being pwned, just that some choose very sus way to handle it lol
I have some “informative” RCE that can attack CS:GO community servers that run with certain configuration (and I believe a lot of custom servers are affected)
should I just publish them and maybe get banned from their program 🤔 I haven’t verified if they fixed tho
[POC2022] An appetite for Linux. Here to welcome:
Bien Pham(
@bienpnn
), "Exploiting cross table object reference in Linux Netfilter table module'
#POC2022
i often feel bored and don’t want to do anything.
it’s like i lack motivation, but not exactly, since my family is my motivation.
yet i can’t bring myself to work on a new thing.
meanwhile i look at great achiv. by others, and feel inferior.
really don’t know how to overcome it.
i want to go trip -> i need money -> need to pwn things -> burnout -> need healing -> want to go trip -> ...
i should actually be more active in kernelCTF or whatever could make more money...
Got $2000 by pwning CS:GO in
@allesctf
🥳
Really appreciate that ALLES! Team allowed late submission for this challenge.
Meanwhile
@CSGO
team still hasn't fixed and paid bounties for my RCE reports...
#allesctf
#csgo
#rce
#ctf
#pwn
I'm going to be a part of Sea () Information Security Team in a few weeks. I hope the decision to switch my career path will make my future successful. Really excited to meet amazing people there.
researching a new target, especially js engine is like running into a wall 😭 how do i keep my motivation to overcome the first phase without much progress for a while already...
"I like Half-Life, but I'm too noob to play through it alone - luckily, there's a game that allows me to play through Half-Life with my friends.
Since it's an old game, only text and voice chatting are available, so I tried to introduce sticker chatting to the game. Please come
In our 1st
#Pwn2Own
#AfterDark
entry this evening,
@Synacktiv
used an improper certificate validation and a stack-based buffer overflow to compromise the NETGEAR router via the WAN interface. They earn $20,000 and 2 critical Master of Pwn points.
#P2OAustin
i have been doing random things related to x86 assembly for 10 years & binary exploitation for 5 years (not gonna lie)
yet i still don’t know how did i learn to do these things 💀
my goal this year is to try to find something in closed source software
i've been too lazy to invest time in reverse engineering things in the past few years
originally i was a re player, not pwn player...
my main working os is windows, and i use vscode standard text editor. i see ppl look down on windows (as a dev env) and standard text editor users a lot, does that make ppl look cooler? yeah i know we cant use vscode in terminal but vscode server is there for you anw…
On my
#Pwn2Own
attempt on WAN interface of Netgear, I got the root shell, but after the time runs out :) I only figured out the solution when it's only 1 minute remaining. If I'm smart enough to use wildcard matching then this would not happen.
I can't imagine living outside Asia, cuz I still want to go back to Vietnam every month, travel to Japan for concerts, and ofc because I'm too used to the convenience of Singapore already... even if I was forced to relocate, I'd soon come back imo
After waking up I look at the scoreboard.
I'm at rank 3 VN.
Then I turn off Eligible option.
I realized I'm rank 4 VN.
The guy who hasn't ticked Eligible is indeed Eligible.
Bye Greece~
#ACSC