zhiniang peng
@edwardzpeng
Followers
5,946
Following
90
Media
23
Statuses
83
Explore trending content on Musk Viewer
DEAR MYLOVE LINGORM
• 1228164 Tweets
Edmundo
• 219163 Tweets
#Narin
• 209037 Tweets
CHARLOTTE X TIKTOKLIVE99
• 154093 Tweets
#光る君へ
• 98892 Tweets
プロジェクトKV
• 49306 Tweets
Zapatero
• 45294 Tweets
#ブラックペアン
• 29496 Tweets
İdam
• 27993 Tweets
ポルノグラフィティ
• 23961 Tweets
Kostic
• 21610 Tweets
#だれかtoなかい
• 16115 Tweets
KIII
• 15770 Tweets
源氏物語
• 13398 Tweets
AESPA DAESANG ON TMA
• 12550 Tweets
ماهر الجازي
• 10462 Tweets
Here is our slides for Zer0con 2024, Escaping the Sandbox (Chrome and Adobe Pdf Reader) on Windows
1
116
368
Exploiting an Elevation of Privilege bug in Windows (Our writeup and POC of CVE-2020-1362
@atQ4n
)
3
163
329
Sharing our writeup for Jumpserver Preauth RCE Exploit Chain
6
78
259
Here is my writeup and POC for a new attack on
#Shadowsocks
. MITM Attacker can modify traffic in real time like there is no encryption at all.
5
71
197
Here are our writeups and POC for CVE-2020-0753, CVE-2020-0754 and six unfixed Window DOS Vulnerabilities
@afang5472
5
87
178
Pre-auth RCE on multiple Xiaomi Routers found by Gaia and me.
1
86
164
Preauth RCE on NVIDIA Triton Server, the current security state of AI infrastructure is fragile
0
56
163
I spent some time uploading our conference talks from the past few years. Hope you can find something useful from them:
2
36
149
After 2 weeks communication, microsoft now realized that 50 of my bugs are EOP now. But They also found an excuse to merge more than half of them. They are in different server. It's crazy to merge them and try to minimize the bounty. How stupid I am still hunting on Windows Bugs.
8
12
83
As a vulnerability researcher, you will always experience the "the lyricism of logic", "the joy of statistics" and "the beauty of coincidence". Sometimes you feel like a scientist, engineer, detective or artist.😬
2
3
67
Happy to rank
#6
this year. Too busy this year, hope I can have more time to play the game next year. Thanks
@msftsecresponse
for the great program and Congratulations to all the researchers list on, especially
@guhe120
2
0
59
Yesterday was my last day at Qihoo, It was really a privilege to work with so many excellent researchers in Qihoo for the last 2 years and 10 months. The journey of my security research is temporarily over now :( . I will start a new adventure soon :) .
4
0
57
My slides for
#cansecwest
2019<Danger of using fully homomorphic encryption a look at microsoft seal> 来自
@SlideShare
3
15
45
Excited to see our research got 2
@PwnieAwards
nominations this year.
Congrats! And thanks for grabbing snapshots of all the nominees so we can share them here as well 😅
4
5
41
1
2
42
[Zer0Con2024⬛️🟨Speaker
#2
]
👨👦
@edwardzpeng
& R4nger & Q4n - Escaping the Sandbox (Chrome and Adobe PDF reader) on Windows
#Zer0Con2024
0
2
24
2
3
41
The Log4j2 RCE is extremly hot in china. Why twttier is so quiet about it? Act now and deal with it.
4
0
36
See you in Seoul
[POC2023] - SPEAKER UPDATE2⃣
💁♂️
@wh1tc
@edwardzpeng
OLE object are still dangerous today - Exploiting Microsoft Office
#POC2023
0
3
42
0
3
38
Feeling happy and lucky that I am still listed in the MSRC top 10 this year🤣
Congratulations to our MSRC 2022 Most Valuable Researchers! Thank you to all the researchers who have helped secure our customers. Check out our blog for the full list:
#cybersecurity
#securityresearch
1
30
94
1
0
37
our jumpserver preauth RCE is nominated for Pwnie Award this year
🚨We are very pleased to announce the nominees for the 2024 Pwnie Awards! Be sure to tag your friends and catch us at Def Con! 🚨
🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇🥳🏇
9
77
210
0
2
33
We will talk about Exchange in
#Zer0Con2022
[Zer0Con2022] line-up
We are currently exploiting - Chrome, Windows, MacOS, iOS, Android, Hyper V, Exchange Server
And more to come aboard!
Check out for more:
#Zer0Con2022
2
7
46
0
5
32
0
8
30
Static Detection of File Access Control Vulnerabilities on Windows System
1
7
32
Two different bugs happened in different RPC call, different function, different class, but with similar pattern Merged by MSRC. I am not satisfied with the reason at all.
2
7
31
See you at
#TheSAS2024
🧙♂️ Join us at
#TheSAS2024
to learn more about the automated discovery of Windows RPC/COM vulnerabilities. Dr. Zhiniang Peng's (
@edwardzpeng
) talk will walk us through the intricate workings of RPC/COM fuzzing, and provide a tool to streamline the testing and monitoring of
0
1
18
1
5
36
I didn't expect that I'm still in top 10 this year😅. Congrats to all reserachers on the list, and thanks to
@msftsecresponse
Congratulations to our MSRC 2023 Most Valuable Researchers! Thank you to all the researchers who have helped secure our customers. 👏🎉
Check out our blog for the full list:
3
24
103
4
1
31
See you in Singapore
#offbyone
conference
A big welcome to Dr. Zhiniang Peng (
@edwardzpeng
), Fangming Gu (
@afang5472
) and R4NGER to our panel of speakers. 👏 👏 👏
They will be presenting on: XALPC - A System-Wide RPC Fuzzer and Monitor for Automatic Vulnerability. Read their exciting abstract:
2
5
23
0
1
28
2 Preauth RCE we reported on Nvidia Triton Inference Server patched this month, The current security state of AI infrastructure is fragile.
1
0
28
Another JumpServer vulnerability reported by us has been fixed. It can lead to password reset of default admin user (pre-auth). It's not a low severity bug, patch it.
1
5
27
I spent some time this week studying some talk of a recent top conference in cybersecurity (I won’t mention its name), which was a lot of nonsense.🤖
1
0
26
Happy and lucky to rank
#2
this year. Congrats to all guys on the list from Qihoo 360 and SCUT. 😁
Congratulations to our 2020 MSRC Most Valuable Security Researchers! We are thrilled to see so many researchers contributing to the security of millions of customers and the broader ecosystem. Check out our blog for the full list:
#ResearcherRecognition
0
29
58
1
2
23
Publishing my talk in
#PacSec2019
with slides and Speech. It's a survey of security problems in zero-knowledge proof cryptocurrency. I also propose ZKP applications for hackers to evade supervision. 来自
@SlideShare
1
7
19
A wonderful journey this year in MSRC bounty program. Great thanks to engineers from
@msftsecresponse
and
@SylvieInBeta
@ja_wreck
for your help.
$13.7 million in bounty rewards since July 2019. Thank you to all the researchers from across the globe who have helped keep our customers secure.
1
3
19
4
0
18
Securing open source is tough. We found a serious vulnerability in
#OpenStack
's default setting, but it stayed unresolved for long time due to its related with another open source community😟😟😟
2
0
17
@SlideShare
Full speech text can be found here: (It's very time consuming for non-english speaker to prepare such a talk, hope it useful for you).
0
3
14
Publishing our slides for [Financial Cryptography 2020], smilar attack works on other
#cryptocurrency
(EOS NEO ONT). Really sorry that I can't attend the conference due to
#coronavirus
0
3
8
Wow!
We're revealing details of an obscure debugging feature in the Apple A12-A16 SoC’s that bypasses all of the hard-to-hack hardware-based memory protections on new iPhones. Its not used by the firmware and we don't know how the attackers found out about it.
26
268
981
0
0
3
@soaj1664ashar
@msftsecresponse
I am just lucky to find a good attack surface. Your continuous output is very impressive👍
1
0
3
Securing open source is tough. We found a serious vulnerability in
#OpenStack
's default setting, but it stayed unresolved for long time due to its related with another open source community😟😟😟
2
0
17
0
0
3
Verifying myself: I am zhiniang_peng on . pf64vOlukkOhmXOmxdzk36Cxgo6itvffQQ79 /
0
0
2
@tiraniddo
@epakskape
Seems there is no bounty for hardlink bugs for about half a year ago. Beacuse it not works in insider preview. But it still works on the latest windows 10 1909. Is this a strategy for Microsoft to save money?
1
0
1