Bien 🇻🇳
@bienpnn
Followers
3,805
Following
414
Media
185
Statuses
1,275
P (Million Live!) / LoveLiver / Shihainin hackerman at @qriousec & @ProjectSEKAIctf traveling around the world (mostly to 🇯🇵) Tiếng Việt / English / 日本語 范阮玉邊
Vietnam
Joined March 2012
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Florida
• 253157 Tweets
Bivol
• 123908 Tweets
Oregon
• 81369 Tweets
#AEWWrestleDream
• 67129 Tweets
Nico
• 65508 Tweets
Hiro
• 55009 Tweets
Ohio State
• 44735 Tweets
Howard
• 41870 Tweets
Tennessee
• 39577 Tweets
Dennis Quaid
• 36403 Tweets
#ブンブンジャー
• 30102 Tweets
Valencia
• 27236 Tweets
ワコール
• 25639 Tweets
#MostRequestedLive
• 25201 Tweets
#UFCVegas98
• 24697 Tweets
GALA EN PAPIS
• 20748 Tweets
Kentucky
• 19360 Tweets
いろはちゃん
• 16169 Tweets
まゆちゃん
• 15463 Tweets
Saint Dr MSG Insan
• 13515 Tweets
イッテQ
• 13446 Tweets
Ole Miss
• 13156 Tweets
ヴァレン
• 12124 Tweets
Buckeyes
• 11495 Tweets
マッドレックス様
• 10959 Tweets
Ryan Day
• 10854 Tweets
4 years ago I pwned a real world software for the first time - it was Counter-Strike 1.6.
By modding CS, I know how to write code, how to hook, how to reverse engineer softwares, and how to exploit.
If not for CS, I might have been something else.
9
18
378
PoC for CVE-2023-31248.
This was used to exploit Ubuntu Desktop at Pwn2Own Vancouver 2023.
4
108
339
a weeb just open a calculator but got a prize!?!?!?!
16
19
323
As you may know,
@the_secret_club
recently posted videos about Source Engine games RCE. I was also ignored by Valve for a year. Here's the demonstration of my report. RCE can be achieved by connecting to a malicious server, then the chain will be completed when game is restarted.
7
62
292
some nice stuff...
the exploit stability is low atm, but i still have a lot of time to improve
now come back to lulnix bug hunting first...
1
15
201
My Pwn2Own VirtualBox bugs were fixed: CVE-2023-21987 and CVE-2023-21991
Blog post from our trainee comes soon
1
18
135
This is the slides of my talk at POC2022
1
32
117
Yay, I was awarded a $9,000 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
This is the Source Dedicated Server RCE I mentioned before, and
@valvesoftware
is fixing it. Hope it will be resolved quickly so I can post a write-up.
5
12
97
Yay, I was awarded a $7,500 bounty on
@Hacker0x01
!
Finally they fixed my CS:GO RCE-through-game-invite exploitation chain 🙏
Now time for retesting, hope the patch is good.
I also hope that this lame chain will be disclosed soon.
#TogetherWeHitHarder
0
5
92
local guy get root shell on ubuntu using a simple trick 🫣
Collision: Bien Pham (
@bienpnn
) of Qrious Security successfully targeted Ubuntu Desktop, but the exploit was previously known. They still earn $15,000 and 1.5 Master of Pwn points.
#P2OVancouver
#Pwn2Own
0
4
24
3
2
80
My writeup for some challenges in UIUCTF 2023
1
18
77
"Critical this, critical that, just pay them the same flat amount" - a company that makes billions dollars each year.
5
7
74
Another Source Engine RCE! Yay, I was awarded a $2,500 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
3
3
69
Today I successfully built a full exploitation chain that can attack source dedicated server (I cannot say which games are affected). This can attack official servers too. Details will be published if Valve will resolve the report. Truly one of the biggest achievement of my life.
3
7
68
how do i feel after getting something at p2o?
i feel happy. and i don't feel that i'm special or something like that.
everyday i see people making more achievements than me, and while i feel inferior, it motivates me to try harder.
hope someday i can be as good as others.
0
0
62
hi
@CounterStrike
, I reported quite a number of security bugs for CS:GO and other source engine games in the past, can i have CS2 access so I can try to find bugs with it?
3
3
60
i confidently say my exploit works 100% of the time then it proceed to bsod
2nd attempt was a success!
We're now looking into the details and verifying everything.
0
0
5
4
2
60
my girlfriend casually found an IDOR on her university website without any prior knowledge on web pentesting LOL
4
1
56
My writeup for
@allesctf
2021 🔥 Counter Strike: Squirrel Offensive.
(blogpost)
(markdown version and script)
1
11
58
My first
#Pwn2Own
ended with 3 success, 1 stupid failure and 1 duplicate. If also with my teammate, a total of 6 success, 1 failure and 1 duplicate. Not a bad start I guess. Next time I'll be back stronger, and hopefully I can participate in the Desktop edition :) GL to others!
4
0
57
linux kernel introduced kmalloc-cg-* in 5.14. allocations using GFP_KERNEL_ACCOUNT will go in there. no wonder i cant use msg_msg spray on 5.17 while on Ubuntu 21.10 (5.13) i still can use it.
0
7
58
all those pwn2own dramas 🍿🍿🍿
as a contestant on site, i know some more dramas but our team agreed not publishing it (for now)
actually it is not uncommon for vendor to be scared of being pwned, just that some choose very sus way to handle it lol
2
3
55
Source Engine Exploitation: (Un)restricted file upload strikes again
0
9
53
My writeup for some challenges of ACSC 2023
Yes, I'm an all-round player but on beginner level 😅
1
4
52
I have some “informative” RCE that can attack CS:GO community servers that run with certain configuration (and I believe a lot of custom servers are affected)
should I just publish them and maybe get banned from their program 🤔 I haven’t verified if they fixed tho
6
1
51
wish i could be as strong as these guys, beautiful exploit
Here's a quick demonstration of the
#Microsoft
Teams 0-click exploit demonstrated by
@starlabs_sg
during
#Pwn2Own
last week.
1
47
146
0
1
48
Really honored to be chosen as a speaker at
#POC2022
. This is my first time presenting at such a big conference. See you guys in Korea!
7
1
49
i often feel bored and don’t want to do anything.
it’s like i lack motivation, but not exactly, since my family is my motivation.
yet i can’t bring myself to work on a new thing.
meanwhile i look at great achiv. by others, and feel inferior.
really don’t know how to overcome it.
11
0
49
i want to go trip -> i need money -> need to pwn things -> burnout -> need healing -> want to go trip -> ...
i should actually be more active in kernelCTF or whatever could make more money...
1
0
43
I'm going to be a part of Sea () Information Security Team in a few weeks. I hope the decision to switch my career path will make my future successful. Really excited to meet amazing people there.
6
0
45
Valve readjusted the bounty amount for critical reports to 7500, according to the policy. Nice.
0
2
35
Check out this super cool exploitation chain from Gbps :)
0
12
35
researching a new target, especially js engine is like running into a wall 😭 how do i keep my motivation to overcome the first phase without much progress for a while already...
0
1
31
Come play Project Sekai CTF this weekend! This challenge is authored by me. Hope you will enjoy the CTF!
"I like Half-Life, but I'm too noob to play through it alone - luckily, there's a game that allows me to play through Half-Life with my friends.
Since it's an old game, only text and voice chatting are available, so I tried to introduce sticker chatting to the game. Please come
0
8
35
1
0
31
I built a cpp pwn framework for personal use cuz i'm bored
I'm questioning my existence now
1
1
28
@CaptainMarsh_
@the_secret_club
RCE stands for remote code execution. Imagine one day you connect to a server then got your computer hacked.
2
1
29
Yes, this is exactly the bug that I used :) fuck me.
In our 1st
#Pwn2Own
#AfterDark
entry this evening,
@Synacktiv
used an improper certificate validation and a stack-based buffer overflow to compromise the NETGEAR router via the WAN interface. They earn $20,000 and 2 critical Master of Pwn points.
#P2OAustin
4
46
210
1
0
28
i have been doing random things related to x86 assembly for 10 years & binary exploitation for 5 years (not gonna lie)
yet i still don’t know how did i learn to do these things 💀
0
0
27
famous bug bounty hunter got mad bcuz others pointed out mistakes in his statement lmaooooooo
4
0
24
as an expert in c/c++ i can confirm this is 100% true
"The gets() function is sometimes considered unsafe. However, in the provided code example below, the gets() function is used safely." - John Connor
16
15
311
1
0
26
btw i just post random shits on my twitter to pretend i’m a security something so feel free to unfollow if you are into boug bunty tips
4
0
26
my goal this year is to try to find something in closed source software
i've been too lazy to invest time in reverse engineering things in the past few years
originally i was a re player, not pwn player...
1
1
23
everytime i post something security related i get more followers
but i want more weeb friends😭
8
0
22
actually i should have had an entry for this p2o but my registration email got to the spam box of ZDI
8
0
23
my main working os is windows, and i use vscode standard text editor. i see ppl look down on windows (as a dev env) and standard text editor users a lot, does that make ppl look cooler? yeah i know we cant use vscode in terminal but vscode server is there for you anw…
0
1
22
I can't imagine living outside Asia, cuz I still want to go back to Vietnam every month, travel to Japan for concerts, and ofc because I'm too used to the convenience of Singapore already... even if I was forced to relocate, I'd soon come back imo
1
0
20
got a photo with Pile-san 😭
the performance was so lit, even though it got delayed multiple times because of heavy rain 😭
0
0
20
too strong wow, i dont even have system using my vbox pwn xd
1
1
20